Privacy Policy
Privacy Policy
PRIVACY DISCLOSURE – Regulation EU 679/2016
INTRODUCTION VitroScreen srl, with headquarters at 103 Via Mosè Bianchi, 20149 Milan , – Italy, Tax Code and VAT No. 13454040158 (hereinafter the “Controller”), in the capacity of Data Controller, informs you pursuant to art. 13 of Regulation EU no. 2016/679 (hereinafter the “GDPR”) that your data will be processed with the following modalities and for the following purposes:1) Subject of the processing
The Controller processes personal, identifying and non-sensitive data (in particular, name, surname, tax code, VAT number, e-mail address, telephone number – hereinafter “personal data” or even “data”) communicated during registration on the website of the Controller and/or when subscribing to the newsletter service offered by the Controller or directly during trade fairs and/or by e-mail and/or by telephone for requests on our products.2) Purpose of the processing
Personal data are processed: 2A) Without your express consent (art. 6 letters b, e of the GDPR), for the following purposes:- To manage and maintain the services requested by the data subject and to find the data subject for the organisation of the services requested.
- To fulfil the precontractual, contractual and tax obligations arising from existing relations with you.
- To fulfil the obligations laid down by the law, a regulation, community legislation or by an order of the Authority, including for Accounting, Fiscal aspects.
- To prevent or discover fraudulent activities or harmful abuses and/or for the purposes provided for by the current anti-money laundering legislation.
- Mandatory obligations deriving from the requirements of the organisational and management models based on specific recognised standards required by law and/or specific contractual requirements requested by the data subject and/or specified as a service requirement.
- To exercise the rights of the Controller, for example the right to defence in court.
- To find the data subject to provide information relevant to the services requested and their management.
- For sending information useful to the data subject according to the services requested.
- For the legitimate interest of the data controller, to send newsletters, trade communications and/or advertising material on products or services offered by the Controller. If the data subject is already our customer, we may send them trade communications relating to services and products of the Controller similar to those already purchased, subject to withdrawal of consent or objection (art. 21 GDPR).
- To allow the download of technical and/or information material on our products and/or to respond to requests for information.
- For needs connected to the operation and maintenance of the website.
3) Modality of the processing
The processing of your personal data is performed by means of the operations indicated in art. 4, no. 2) of the GDPR and more precisely: collection, registration, organisation, retention, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Your personal data are subjected to both paper and electronic and automated processing. The Controller will process the personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Purposes of Service and no later than 2 years from the collection of data for Marketing Purposes.4) Access to data
Your data may be made accessible for the purposes referred to in art. 2.A):- To employees and collaborators of the Controller, in their capacity as persons in charge of processing and/or internal data processors and/or system administrators;
- To external companies for support activities in the study of the feasibility of the customer’s project, for technical management activities, for the storage of personal data, etc. or to third parties (for example, provider for the management and maintenance of the website, professional offices, etc.) that carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
5) Data communication
Without the express consent of the data subject (art. 6 letters a), b), c) of the GDPR), the Data Controller may communicate the personal data for the purposes referred to in art. 2.A) to the Supervisory Bodies, Judicial Authorities and to all other persons to whom the communication is mandatory by law for the accomplishment of said purposes. The data will not be disseminated.6) Data transfer
The management and storage of personal data will be carried out on servers located within the European Union and run by the Data Controller and/or third-party companies duly appointed as Data Processors. Currently our servers are located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, where necessary, will have the right to move the server location to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.7) Nature of the provision of data and consequences of refusal to respond
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we cannot guarantee the purposes of art. 2.A). You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material concerning the Services offered by the Data Controller. In any case, you will continue to be entitled to the Services referred to in art. 2.A).8) Rights of the data subject
In your capacity as the data subject, you have the rights referred to in art. 15 of the GDPR and precisely the right to: 8.A) Obtain confirmation as to whether or not personal data concerning you exist, regardless of whether they have already been recorded, and communication of such data in intelligible form; 8.B) Obtain specification:- Of the source of the personal data;
- Of the purposes and modalities of the processing;
- Of the logic applied to the processing, if the latter is carried out with the help of electronic means;
- Of the identification data concerning the Data Controller, Data Processors and the designated representative pursuant to art. 3, paragraph 1 of the GDPR; and of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing;
- The update, rectification or, where interested therein, integration of the data;
- The erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
- Certification to the effect that the operations as per articles 8 A) and B) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
- On legitimate grounds, to the processing of personal data concerning you even though they are relevant to the purpose of the collection;
- To the processing of personal data concerning you, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys through the use of automated call systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or post. It should be noted that the right of opposition of the data subject, set out in point B) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even only partially. Therefore, the data subject can decide to receive only communication using traditional methods or only automated communication or none of the two types of communication;
- Where applicable, you also have the rights referred to in articles 16-21 of the GDPR (Right of rectification, right to be forgotten, right of limitation of processing, right to data portability, right of objection), as well as the right to make a complaint to the Authority.
9) Mechanism to exercise rights
You can at any time exercise your rights by sending: A registered letter with return receipt to the following address: VitroScreen srl, with headquarters at 103 Via Mosè Bianchi 103, 20149 Milan – Italy A Certified E-mail to the address: vitroscreen@pec.retesi.it10) Data Controller, Data Processors and Persons in charge of the processing
The Data Controller is VitroScreen Srl, with headquarters at 103 Via Mosè Bianchi, 20149 Milan – Italy. The updated list of Data Processors and persons in charge of the processing is kept at the Data Controller’s headquarters.11) Changes to this Disclosure
This Disclosure may change. It is therefore advisable to regularly check this Disclosure and refer to the latest version.