Privacy Statement

Owner and manager of the processing of personal data

Infonet Solutions S.r.l., with registered office in Via Einaudi 23 – 35010 Pieve di Curtarolo (PD), VAT number 00149520280 (hereinafter, “Infonet Solutions” or the “Owner”), as Data Controller, informs you pursuant to of the art. 13 Legislative Decree 30.06.2003 n. 196 (“Privacy Code”) and art. 13 of EU Regulation 2016/679 (“GDPR”) that the personal data communicated by you will be processed in accordance with the provisions of the applicable legislation on the protection of personal data.

Responsible for the protection of personal data (RPD)

Infonet Solutions S.r.l. has appointed a Personal Data Protection Officer (DPO) who can be contacted at the following dedicated address: dpo@infonetsolutions.it.

Type of personal data

Infonet Solutions S.r.l. will ask for the following categories of personal data: common personal, personal and contact data: by way of example name, surname, company name, personal and / or tax data, address, telephone, e-mail, bank and payment details of the customer / supplier and his operational references (name, surname, contact details).

Personal data will be acquired and used as part of the provision of the services provided and processed by the owner in accordance with the GDPR and the national legislation (Privacy Code) and subsequent amendments, including the provisions issued by the Supervisory Authority (Guarantor for the protection of personal data).

Object and methods of processing

“Processing” of personal data, pursuant to art. 4 of the Privacy Code and art. 4 of the GDPR, must be understood as any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage , the processing, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or other form of making available, comparison or interconnection, limitation, cancellation or the destruction.

Such personal data may be processed and will be processed manually (“traditional”) and / or with the support of IT or telematic means (“automated”):

• “Traditional” methods (eg: paper archives, phone calls, SMS, e-mails from personnel authorized by the Data Controller).
• “Automated” methods (eg: CRM, web-based marketing tools).

The data will, in any case, be processed according to the principles of correctness, loyalty and transparency provided for by the legislation on the protection of personal data and protecting the confidentiality of the subject to whom the data refers through suitable security measures, for example, preventing the access to data to unauthorized subjects (except in cases where the communication of data is mandatory by law).

Purpose and legal basis of the processing

The Data Controller will process personal data in the performance of its IT service company activity, for the purposes and participation connected to the initiatives managed by Infonet Solutions. The data will be processed with or without consent and specifically:

Without express consent

•  implementation of legal obligations (by way of example and not limited to, in the fiscal and accounting fields), regulations, national or community legislation or by an order of public, judicial authorities, etc. to which the Data Controller is required to adhere to;
• fulfillment of contractual and pre-contractual obligations deriving from a possible contractual relationship (including complying with the IT system maintenance service for client companies) such as: accounting, banking, insurance, financial, credit protection obligations; for the compilation of personal data lists, bookkeeping, invoicing, making communications both by paper and electronic means, tax compliance, organizational management of the requested services and stipulation of contracts, scheduling of appointments, order fulfillment, deliveries, fulfilments bureaucracy relating to the required services;
• exercise the rights of the Owner, with particular reference to the protection of defense rights in the context of litigation.
• legitimate interest of the data controller to allow registration for initiatives or events also for marketing purposes as well as the use of any audio-photographic material for the same purposes.

The Data Controller announces that any non-communication or incorrect communication of one of the above information; it may cause the Data Controller to be unable to conclude the contract and / or fulfill its contractual obligations.

 With express consent:

• sending commercial and / or promotional communications relating to products and services similar to those covered by the contractual relationship, – sending by e-mail, post, text message, telephone calls, newsletters, commercial and / or promotional communications or advertising material on products or services provided by our company or for detecting the degree of satisfaction with their quality;
• profiling, in particular for the creation of your commercial profile and / or for the analysis of your commercial preferences also by crossing such personal data with other information collected through the website.

The treatment will be initiated by the Data Controller only with his free and specific consent. The provision of data is optional with regard to the aforementioned purposes, and any refusal to processing does not compromise the continuation of the relationship or the adequacy of the processing itself.

We inform you that the data can be processed using both traditional and automated methods (as specified in the paragraph “processing methods”). Consent is understood to be given for all the methods indicated in the paragraph “processing methods”.

Recipients of Personal Data

For the pursuit of the purposes referred to in the paragraph Purpose of the processing of this Information, your personal data may be made accessible, for the purposes mentioned above, as well as to the Data Controller and the R.P.D to:

• employees and collaborators of the Data Controller expressly authorized to process, under the direct authority of the Data Controller and solely in execution of the instructions given by the latter.
• to external subjects for proper management of the relationship such as (non-exhaustive list): banks, credit institutions, judicial and administrative authorities, consultants and freelancers, freight forwarders, transporters, etc.
• to third parties for the purposes related to co-marketing events and campaigns, of a commercial information nature, with technological partners, to the publication of photos and events.

The communication of personal data by the Data Controller will take place only towards those figures who have a relationship with the Data Controller as independent data controllers or data processors as well as to their employees and collaborators.

Transfer of data

The data are processed within the European Union and are not subject to transfer abroad. However, should it be necessary to transfer data to countries located outside the European Union for specific needs related to the location of the Company’s servers and coordination of group activities, the Data Controller undertakes to guarantee adequate levels of protection and safeguarding of the data. personal, in compliance with applicable laws, including the stipulation of standard contractual clauses. In any case, personal data will not be visible to other users, but only to people trained and authorized by the Data Controller.

Retention period of Personal Data

The personal data processed for the aforementioned purposes will be kept, in compliance with the applicable legislation for the protection of personal data, for the period necessary for the fulfillment of the purposes of the processing (“conservation limitation principle”, Article 5 , GDPR) or according to the deadlines set by law.

Specifically for the letters referred to in point 5 (“purpose and legal basis”), the data retention period is to be considered valid as the one that elapses between the issue of consent and the possible termination of the contract or following a request for cancellation from part of the interested party.

The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically. Personal data will be kept, for the indicated period, in order to use them for participation in new projects.

Rights of interested parties

Pursuant to art. 15 – 21 of the GDPR, in relation to the personal data communicated, the customer has the right to:

• receive confirmation of the existence of personal data and access their content in an intelligible form; receive information on the purposes of the processing, on the categories of personal data in question, on the recipients to whom the personal data have been or will be communicated, on the data retention period (access rights);
• obtain the updating, modification and / or correction of personal data (right of rectification);
• request the cancellation of personal data no longer necessary with respect to the purposes for which they were collected or processed, those for which you have revoked your consent to the processing, those processed illegally; the deletion of data may also be requested in the event that the customer has opposed the processing, or in the event that the cancellation derives from a legal obligation (right to be forgotten);
• obtain the limitation of the processing of data whose accuracy has been contested, which have been unlawfully processed, of the data necessary for the ascertainment, exercise or defense of a right in court and, moreover, in the event to object to the processing (right to limitation);
• oppose the processing of personal data concerning the customer (right of opposition);
• revoke the consent given, without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
• to lodge a complaint with the Supervisory Authority in case of violation of the rules on the protection of personal data: to exercise this right, the customer may contact the Guarantor for the Protection of Personal Data;
• receive a copy of the data, in a structured format, commonly used and readable by an automatic device, and request that such data be transmitted to another Data Controller (right to data portability).

To exercise your rights and to revoke your consent, the customer can send an email to privacy@infonetsolutions.it . For more information relating to personal data, you can contact the Data Protection Officer of Infonet Solutions, at the following address dpo@infonetsolutions.it.

Changes to the information

Infonet Solutions may make changes to the information in order to implement changes in national and / or community legislation or to adapt to technological innovations. Any changes will be communicated to the customer immediately.