INFORMATION FOR NEWSLETTER SUBSCRIBERS
According to the Article 13 of EU Regulation no. 2016/679 (Later called “GDPR”) We would like to inform you that the processing of personal data will be carried out with the appropriate methods and procedures in order to guarantee the respect for human rights and fundamental freedoms, as well as the individual dignity, with particular reference to privacy and safety, to personal identity and to the personal data protection right.
We recall that “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (article 4 of GDPR)
- Subject of the processing and data source
The data processed by Sefin S.p.A. are collected directly from the person concerned and they are referred to personal details (name and surname) and ID data (email address).
- Legal basis for the processing
The legal basis for the processing lies in the data subject’s explicit and clear consent (ex article 6.1, point A of the GDPR).
- Purpose of the processing
Personal data and any changes you will notify to Sefin S.p.A. are collected and processed for only the purpose of sending you commercial/promotional stuff through the newsletter.
- Methods of data processing
The processing is limited to the following operations and modalities: - Collection of data from the data subject, by filling out a form online; - Recording and processing data on a IT system; - Database organization in a mainly automated way, through business applications and digitized personal data archive; - Sharing your personal data with third parties, duly authorized by the Controller.
The processing of personal data will be made adopting appropriate instruments to ensure privacy, integrity and availability, in accordance with appropriate technical and organizational security measures required by GDPR.
The processing is carried out by electronic and/or automated systems, and it will include all the operations or set of operations provided on the article 4 of GDPR, due to the processing of personal data, including the communication to the person in charge of data processing. Personal data won’t be diffused, but it will be or might be communicated to public or private subjects that operate for the purpose described above.
- Data Retention
The Controller will process your personal data for the time required to fulfill the purposes written above and however for no more than two years after collection.
- Access to data processing
Personal data will be made accessible, for the purpose at point 4: - To employees / collaborators as authorized to the processing, prior to suitable appointment; - To the third parties, identified as being responsible of processing by the Controller. Your data won’t be communicated to not-authorized third parties. Your data won’t be diffused in any way.
To this end, the processing is carried out with the use of security’s measures suitable to prevent the access to data from not-authorized third parties, and to ensure confidentiality.
- Data transfer
Data management and conservation will be performed on server inside de EU, property of the Controller or of third parties duly appointed as Responsible of processing. Personal data won’t be transferred outside the European Union.
- Nature of data contribution and consequences of refusal to reply
Data contribution for the purpose written above is mandatory. Without it, it won’t be possible to go ahead sending commercial and/or promotional stuff through the newsletter.
- Rights of the data subject
According to the GDPR’s provisions, the data subject shall have the following rights in respect of the Controller: - To obtain confirmation as to whether or not data related to him or her are being processed, and where that is the case, to obtain access to the personal data and the following information (Article 15, Right of access); - To obtain the rectification of inaccurate personal data concerning him or her without undue delay (Article 16, Right to rectification); - To obtain the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay, if certain conditions exist (Article 17, Right to be forgotten); - To obtain restriction of processing in certain cases (Article 18, Right to restriction of processing); - To receive the personal data concerning him or her carried out, and to transmit that data to another Controller, without obstacles from the first controller, assuming certain cases (Article 20, Right to data portability); - To object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him or her (Article 21, Right to object); - To receive notice of the personal data breach suffered by the Controller without undue delay (Article 34); - To revoke the consent given, at any time (Article 7, Conditions for consent).
Where applicable, the data subject shall have also the rights under articles 16-21 of the GDPR (Right to Rectification, Right to be forgotten, Right to restriction of processing, Right to data portability, Right to object), as well as the Right to compliant to the Guarantor Authority.
- How to exercise your rights
- The Controller
The Controller is Sefin S.p.A., p.iva 04919090151 Viale Zara, 10 20124 Milano - Italy.
The list of managers and collaborators authorized to the processing is available at the place of the Controller above-mentioned.
- Updating of this disclosure
This disclosure may be modified. Any substantial change will be transmitted to the data subject through notice or publication on Sefin website.
Data Protection Officer (DPO)
Referent: Stéphane Jean-Michel Barbosa
Viale Edoardo Jenner, 38 20159 – Milano (MI)
Cod.fiscale/Vat number: 11157810158