isNumeric DMCC, registered office at Mazaya Business Avenue, AA1, Dubai (UAE), (herein after referred to as “Data Controller”), in its capacity as Data Controller, hereby informs you, in terms of article 13 of Legislative Decree nr. 196 dated 30/6/2003 (herein after referred to as “Privacy Law”) and article 13 of the EU Regulation nr. 2016/679 (here after referred to as “GDPR”) that your data will be processed in the following manner and for the following purposes:
1.OBJECT OF TREATMENT
The Data Controller processes personal identification data (eg. the name, surname, company name, address, telephone number, e-mail address, bank and payment details – herein after referred to as, “personal data” or “data”) provided by yourself upon the conclusion of the contract(s) entered into with the Data Controller.
2.PERSONAL DATA COLLECTED
The personal data collected is related primarily to:
- identification data (company or entity name, registered office address, fax number, e-mail, fiscal data, etc.)
- data concerning the business activity (orders, solvency, bank data, accounting and tax information, etc.). This data is provided by you directly or can be collected from independent third party data controllers (e.g. from business information companies or registers, lists or public data banks containing data relative to financial solvency, etc.).
3.PURPOSE OF THE PROCESSING OF DATA
Your personal data is processed without your express consent (article 24(a), (b), (c) Privacy Law and article 6(b), (e) GDPR), for the following Purposes of Service:
- performing in terms of the contract(s) entered into with yourself and execution of related commitments;
- fulfilment of pre-contractual, contractual and fiscal obligations resulting from existing relations with yourself;
- organizational and commercial management of the contract (e.g. relations with agents, representatives and contractors for the organization of activities to be carried out as requested by the client);
- protection of contractual rights;
- internal statistical analysis;
- marketing activities by sending promotional and advertising material related to products or services similar to those under the current business relationship;
- information about client solvency;
- fulfilment of the obligations established by law, regulation, community legislation or by any order of a competent Authority (such as anti-money laundering);
- exercise of the rights of the Data Controller, for example the right to defend himself in court.
4.NATURE OF THE PROVISION OF DATA
The provision of data for the purposes referred to in paragraph 3 (above) is mandatory. In absence of provision of such data, we will not be able to guarantee the Services subject to the contract.
5. METHOD OF TREATMENT
The processing of your personal data is carried out by means of the operations indicated in article 4 of the Privacy Law and article 4(2) of the GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is processed either on paper or electronically and/or in an automated manner and entered in the relevant databases.
The Data Controller will process the personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of service. The criteria for determining the retention period have been defined taking the following into account:
- national regulatory provisions – in the absence of which, regional regulatory sources where considered;
- opinions of technical bodies;
- case law;
- doctrinal contributions.
The analogue criterion has been applied to a variety of situations, in the absence of specific regulatory requirements.
The prescription time for bringing legal action constituted a further element of consideration to the categories of passable acts, which could provide a greater probability of involvement in litigation proceedings.
For more information regarding the storage of data, you can send an email to the GDPR reference person within the company in the manner described in chapter 10.
6. ACCESS TO DATA
Your data may be made accessible, for the purposes referred to in paragraph 3, to:
- employees and collaborators of the Data Controller in their capacity as persons duly appointed and/or internal managers of data processing and/or system administrators;
- third-party companies or other subjects (indicatively, credit institutions, professional firms, consultants, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data controllers.
7. SCOPE OF COMMUNICATION AND DISSEMINATION OF DATA
Without the need for express consent (in terms of to article 24(a), (b), (d) of the Privacy Law and article 6 (b) and (c) of the GDPR), the Data Controller may communicate your data, for the purposes referred to in paragraph 3 (above), to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom such communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers.
Diffusion of personal data is not provided for.
8. TRANSFER OF DATA
Personal data in electronic format is stored on servers located in our server room inside our facility in Noceto (PR); provision could also be made for backup copies of the data stored at some qualified partners selected according to the qualities recognized by the market, based in EU territory. There shall be no data transfer to non-EU countries. Personal data in paper format is kept at the company’s registered office, ensuring an adequate level of protection.
9. RIGHTS OF INTERESTED PARTIES
In you capacity as an interested party, you shall have the rights set forth in article 7 of the Privacy Law and article 15-20 of the GDPR, in specific:
- obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and its communication in an intelligible form;
- obtain the indication of: a) the origin of personal data; b) the purposes and methods of the processing; c) the logic applied in case of treatment carried out with the aid of electronic instruments; d) the identification details of the Data Controller, the data processors and the designated representative in terms of article 5(2) of the Privacy Law and article 3(1) of the GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of such data in their capacity as designated representative in the territory of the State, data processors or others duly appointed;
- obtain: a) updating, rectification or, when applicable, integration of data; b) the cancellation, transformation into anonymous form or blocking of data which is being unlawfully processed, including data of which the retention is unnecessary for the purposes for which it was collected or subsequently processed; c) written confirmation that the operations referred to in (a) and (b) above have been brought to the attention, also as regards their content, to those to whom the data have been communicated or disseminated, except in the case where such fulfilment proves impossible or involves using means which are manifestly disproportionate to the protection of the right;
- to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning yourself, even if the processing of your data is pertinent to the purpose of the collection; b) to the processing of personal data concerning yourself for the purpose of sending advertising or direct sales material or for carrying out market research or marketing communication;
- Complete cancellation of all personal data managed by isNumeric DMCC for contractual purposes as indicated in terms of article 17 of the GDPR;
- Limitation to the processing of personal data as indicated in article 18 of the GDPR;
- Possibility of transferring data to another subject indicated by the interested party in terms of article 20 of the GDPR;
- Complaint to the Guarantor for the protection of personal data.
10. MEANS OF EXERCISING OF RIGHTS
You can exercise your rights at any time by sending:
- a registered letter to isNumeric DMCC – registered office at Mazaya Business Avenue, AA1, Dubai (UAE);
- an e-mail to email@example.com .
11. DATA CONTROLLER, DATA PROCESSORS, AND DULY APPOINTED PERSONS
The Data Controller is isNumeric DMCC. – Registered office at Mazaya Business Avenue, AA1, Dubai, UAE. The reference person of the Team dedicated to the Privacy aspects can be contacted at the e-mail address firstname.lastname@example.org.
The updated list of data processors and duly appointed persons is kept at the registered office of the Data Controller.