Advisory note on the processing of personal data
We wish to inform you that your personal data (hereinafter the “Data”) will be processed in compliance with Regulation (EU) 2016/679 concerning the protection of natural persons with regard to the process of personal data (hereinafter the “General Data Protection Regulation”) and with Italian Legislative Decree no. 196/2003 (hereinafter the “Privacy Code”).
Pursuant to article 13 of the General Data Protection Regulation and the Privacy Code (informational), the Data Controller is C.A.B. S.p.A., with registered offices in Via Campana no. 233, Pozzuoli (NA), Italy, Tax Code and Vat no. IT05152530639, fax: (+39) 081 526 5873, certified email address: email@example.com; the contact email address for the Data Protection Manager (hereinafter the “DPM”) is: firstname.lastname@example.org. Your data will be processed in accordance with the principles of legitimacy, correctness and transparency, and your data will be collected to an extent relevant and sufficient and strictly limited to the processing purposes as explicitly and legitimately determined previously.
1. Purposes of processing
The Data Controller declares that your personal data will be processed for the following purposes:
- without requiring your explicit consent, your data will be processed to provide the service requested from and agreed with C.A.B. S.p.A. through the terms and conditions (hereinafter the “Service”);
- for marketing purposes:
- sending newsletters, commercial communications and/or publicity material on the products and services offered by the Data Controller and on courses organised by the Data Controller, via email, post and/or SMS and/or telephone contact;
- determining the level of client satisfaction with the quality of the services;
- sending commercial communications via email, post and/or SMS and/or telephone contact.
2. Legal basis for the processing
Supplying your data for the purposes referred to in point 1(a) above is mandatory; hence, without your data we are unable to guarantee the Service that you requested.
Giving your consent to your data being processed for the purposes referred to in point 1(b) above is, though, optional and may be freely revoked at any time. Should you decide not to give your consent, or to revoke it, we remind you that you will not receive any newsletters, commercial communications or publicity material regarding the services offered by the Data Controller, except in response to any specific and distinct request that you might make. You will, however, continue to have the right to the Service as referred to in point 1(a) above
3. Duration of the processing and storage
The Data Controller will process your data for the time strictly necessary to fulfil the purposes for which the data was collected, or for the duration of the service which is the subject of the contract, and subject to renewal.
The data you provide for the purposes referred to in point 1(a) above will, though, be stored for a further period of 10 years from the date of the last service supplied (which may vary in the event of particular EU regulations or directives which require a different period of conservation) in order to fulfil legal and regulatory obligations. Data acquired for the purposes referred to in point 1(b) above will be processed until you withdraw your consent
4. Means of processing
Your data will be processed using the operational means indicated in article 4(2) of the General Data Protection Regulation and in article 4 of the Privacy Code and processing specifically includes: the collection, recording, organisation, structuring, storage, consultation, viewing, adaptation or alteration, selection, extraction, comparison, use, interconnection, blocking, disclosure by transmission, dissemination or other means of making data available, restriction, erasure and destruction of the data.
Data will be stored on electronic media as well as paper using the measures deemed most appropriate by the Data Controller to ensure the adequate security of your data.
5. Communication of your data
Data may be disclosed to third parties or other subjects (including, purely by way of example, to suppliers of information services, credit institutions, professional firms, consultants) who perform outsourcing activities on behalf of the Data Controller in their capacity as external Data Processors.
A list of specially appointed external Data Processors who may process your data is available from the Data Controller.
Without requiring your explicit consent (article 6(b) and (c) of the General Data Protection Regulation and article 24(a), (b) and (d) of the Privacy Code), the Data Controller may communicate your data for the purposes referred to in point 1(a) above, as regards their respective and specific areas of responsibility, to accreditation bodies, certification bodies, government ministries, institutions, associations and, in general, to any public or private body for which such communication is mandatory by law or by virtue of bilateral agreements to accomplish the aforementioned purposes. These subjects will process your data in their capacities as autonomous Data Controllers.
6. Rights of the data subject
Ai sensi degli artt. 15-21 del Regolamento generale sulla protezione dei dati e dell’art. 7 del Codice della Privacy, potrà esercitare in qualsiasi momento i diritti di accesso, rettifica o cancellazione (c.d. “diritto all’oblio”), di limitazione del trattamento, nonché alla portabilità dei Suoi dati inviando un’apposita richiesta all’indirizzo del RPD: email@example.com.
Pursuant to article 7 of the General Data Protection Regulation, consent for the aforementioned marketing purposes as referred to in point 1(b) above, may be freely revoked at any time by sending an email to the DPM at the address indicated in point 6, above.
The Data Controller hereby informs you that you have the right to lodge a complaint with the Supervisory Authority which, for the Italian territory, is the Italian Data Protection Authority [Garante per la protezione dei dati personali] in accordance with the methods provided for and described at www.garanteprivacy.it.