INFORMATION FOR THE PROCESSING OF PERSONAL DATA
(D. Lgs. 196/2003 - Cod. Privacy, D. Lgs. 679/2016, Art. 13 Reg. UE 2016/679 - GDPR)
JONA, with registered office in Via Bogino 8/b-10123 Torino (TO), P. IVA 05568070014 (hereinafter, "owner"), as the holder of the treatment, informs in accordance with art. 13 D. Lgs. 30.6.2003 N. 196 (hereinafter, "Privacy Code") and of art. 13 EU Regulation No 2016/679 (hereinafter "GDPR") that personal data will be processed in the following manner and for the purposes of:
1. Subject of treatment
The owner treats personal data, identifiers (e.g., name, surname, company, address, telephone, e-mail, bank and payment references) – hereinafter, "personal data" or "data") communicated at the conclusion of contracts For the owner's services and sales.
2. Purpose of the treatment
Personal data are processed:
A) without express consent (art. 24 Lett. A), b), c) Privacy code and art. 6 lit. b), and) GDPR), for the following service purposes:
-conclude contracts for the holder's services and sales;
-Fulfil the pre-contractual, contractual and fiscal obligations arising from
Relationships in being;
-fulfil the obligations laid down by law, by a regulation, by the
Community legislation or by an order of authority (e.g. in the field of anti-money laundering);
-Exercising the rights of the proprietor, for example the right of defence in court;
B) only after specific and distinct consent (Artt. 23 and 130 Privacy code and art. 7 GDPR), for the following Marketing purposes:
-Send by e-mail, mail and/or SMS and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the owner and recognition of the degree of satisfaction on the quality of services;
-Send by e-mail, mail and/or SMS and/or telephone contacts commercial and/or promotional communications of third parties.
We note that if you are already our customers, we can send commercial communications related to services and products of the owner similar to those he has already used, except dissent (art. 130 c. 4 Privacy code).
3. Method of Treatment
The processing of personal data is carried out by means of the operations indicated in art. 4 Privacy code and art. 4 No. 2) GDPR, namely: collection, registration, organization, preservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Personal data are subject to both paper and electronic and/or automated processing.
The owner will treat the personal data for the time necessary to fulfill the above purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of service and for no more than 2 years from the collection of data for Marketing purposes.
4. Access to Data
The data may be made accessible for the purposes set out in art. 2. A) and 2. B):
-to employees and collaborators of the proprietor;
-third-party companies or other entities (by way of indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) which carry out outsourcing activities on behalf of the holder, in their quality of External management of the treatment.
5. Data communication
Without the necessity of an express consent (ex art. 24 Lett. A), b), d) Privacy code and art. 6 lit. b) and C), the holder may disclose the data for the purposes set out in art. 2. (a) supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, as well as those subjects to whom the communication is mandatory by law for carrying out the said purposes. These subjects will treat the data in their capacity as autonomous holders of the treatment.
The data will not be disseminated.
6. Data transfer
Personal data is stored on servers located within the European Union. It is in any case understood that the holder, if necessary, will have the right to move the servers also extra-EU. In this case, the holder shall ensure that the transfer of the extra-EU data will be in conformity with the applicable legal provisions, subject to the stipulations of the standard contractual clauses laid down by the European Commission.
7. Nature of the conferral of data and consequences of refusal to respond
The conferral of data for the purposes set out in art. 2. A) is mandatory. In their absence, we will not be able to guarantee the services of art. 2. A).
The conferral of data for the purposes set out in art. 2. B) is optional instead. It can therefore decide not to confer any data or to deny subsequently the possibility of processing already supplied information: In this case, it will not receive newsletters, commercial communications and advertising material relating to the services offered by the proprietor. It will still be entitled to the services referred to in art. 2. A).
8. Rights of the person concerned
In the quality of the person concerned, he has the rights under art. 7 Privacy code and art. 15 GDPR and precisely the rights to:
I. To obtain confirmation of the existence or otherwise of personal data concerning it even if not yet registered, and their communication in intelligible form;
II. Obtaining the indication:
A) of the origin of the personal data;
b) of the purposes and modalities of treatment;
c) of the logic applied in the case of treatment carried out with the aid of electronic instruments;
d) The identifying details of the holder, the persons responsible and the representative designated pursuant to art. 5, paragraph 2 Privacy code and art. 3, paragraph 1, GDPR;
e) of the subjects or categories of persons to whom personal data may be communicated or which may be known to them as a designated representative in the territory of the State, of persons responsible or in charge;
A) The updating, rectification or, when interested, the integration of data;
(b) The cancellation, the processing anonymously or the blocking of the data processed in violation of the law, including those whose preservation is not necessary in relation to the purposes for which the data has been collected or subsequently processed;
(c) The attestation that the transactions referred to in (a) and (b)) have been brought to the attention, including with regard to their content, of those to whom the data have been communicated or disseminated, except where such fulfilment proves to be impossible or entails A use of
Manifestly disproportionate means in respect of the protected right;
IV. Oppose, in whole or in part: a) for legitimate reasons for the processing of personal data concerning it, albeit relevant to the purpose of the collection; (b) The processing of personal data relating to it for the purposes of sending advertising material or direct sales or for the completion of market research or commercial communication, through the use of automated call systems without the intervention of a operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. It is stated that the right of opposition of the person concerned, as set out in point B above), for direct marketing purposes by automated means extends to the traditional ones and that however it remains safe the possibility
For the person concerned to exercise the right of opposition even in part. Therefore, the person concerned may decide to receive only communications by traditional means or only automated communications or none of the two types of communication.
Where applicable, it also has the rights set out in the arts. 16-21 GDPR (right of adjustment, right to oblivion, right of limitation of treatment, right to data portability, right of opposition), and the right to claim to the guarantor Authority.
9. Mode of exercise of rights
You can exercise your rights at any time by sending:
- a registered letter a.r. in JONA - Via Bogino, 8 / b - 10123 Turin (TO) Italy;
- an e-mail to the address email@example.com
10. Owner, manager and appointee
The owner of the treatment is JONA with registered office in Via Bogino, 8/b 10123 Torino (TO).
The updated list of persons responsible for processing is kept at the registered office of the data controller.