1. Object of the Data Processing
The Data Controller processes personal, identifying and non-particular/sensitive data (hereinafter, "Personal Data" or also "Data"), communicated by You during your navigation on the website www.en.promositalia.camcom.it (hereinafter, "Site"). In particular:
2. Purposes and legal bases of the processing
Your Personal Data are processed for the following purposes and legal bases:
without Your prior consent for:
the performance of the contract and/or the fulfilment of pre-contractual commitments, in particular to:
- manage and maintain the Site;
- reply to requests sent via the contacts on the Site;
- allow You to navigate the Site.
the fulfilment by the Controller of legal obligations, such as:
- compliance with the obligations provided for by laws, regulations or national and Community legislation or imposed by the competent Authorities.
the pursuit of a legitimate interest of the Controller, in particular:
- preventing or discovering fraudulent activities or abuses harmful to the Site, as well as exercising the rights of the Owner in court and the management of litigation: the Owner's interest corresponds to the general legitimate, real and current interest not to suffer damages as a result of the unlawful conduct of others, as well as to the constitutionally guaranteed right of action (art. 24 of the Italian Constitution) and, as such, is socially recognised as prevailing over the interests of the individual concerned;
- to manage and maintain the Site: the interest of the Data Controller relates to the general interest of a company in guaranteeing business operations, also through the operation of the Site, and possible improvements in the service offered.
with Your prior consent to
- send You informative and promotional communications and newsletters by e-mail.
3. Processing methods
The processing of Your Personal Data is carried out, both in paper and electronic form, by means of the operations of collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Your personal data is processed electronically and, if necessary, automatically. Your personal data is protected in such a way as to minimise the risk of destruction, loss (including accidental loss), unauthorised access/use or use incompatible with the original purpose of collection. This is achieved by the technical and organisational
4. Data Retention
The Data Controller processes browsing Data to the extent strictly necessary and proportionate to ensure network and information security, i.e. the ability of a network or an information system to resist, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered by or accessible through such networks and systems.
- provided by filling in contact forms or writing to e-mail addresses on the Site will be processed for the time necessary to process the request sent and stored for a maximum of 60 days;
- provided by registering with the Site will continue to be processed until the User cancels the profile;
- will be processed for sending information and promotional communications and newsletters until consent is revoked;
- will be processed for the so-called soft spam activity for a maximum of 24 months from the last commercial contact with the User.
5. Provision of Data
The provision of Data is, in general, necessary to allow You to navigate on the Site. If You decide not to provide the Data, we will not be able to guarantee Your navigation. The provision of Personal Data for marketing purposes is optional and failure to provide it will not prevent You from continuing to browse and access the services. The provision of data for filling in forms is obligatory in the cases indicated as such and optional in the others. Failure to complete the mandatory fields will prevent You from continuing with the action taken.
6. Access to Data
Your Data may be made accessible for the above purposes to:
- employees and/or collaborators of the Data Controller, in their capacity as data processors and/or internal data controllers and/or system administrators;
- third parties (e.g. IT suppliers, etc.) who perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
7. Transfer of Data
The Data Controller may transfer the Data outside the European Union. To this end, in accordance with privacy legislation, the Data Controller assesses the impact of data transfers and adopts, if applicable, the most appropriate safeguards (for example, adequacy decisions or standard contractual clauses).
8. Rights of the interested party
The Data Controller informs You that, as a data subject, if the limitations provided for by law do not apply, You have the right to
- obtain confirmation of the existence or otherwise of Your personal data, even if not yet recorded, and that such data be made available to You in an intelligible form;
- obtain an indication and, where appropriate, a copy of: a) the origin and category of Your personal data; b) the logic applied in the event of processing carried out with the aid of electronic instruments; c) the purposes and methods of processing; d) the identity of the data controller and data processors; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it, in particular if it is received from third countries or international organisations; e) where possible, the period of storage of the data or the criteria used to determine this period;
- obtain, without undue delay, the updating and rectification of inaccurate data or, where interested therein, the integration of incomplete data;
- obtain the cancellation, transformation into anonymous form or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in the event of withdrawal of the consent on which the processing is based and if there is no other legal basis, d) if You have opposed the processing and there is no overriding legitimate reason to continue processing; e) in the event of compliance with a legal obligation; f) in the case of data relating to minors. The Data Controller may refuse erasure only in the case of: a) exercise of the right to freedom of expression and information; b) performance of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in a court of law;
- obtain the restriction of processing in the event of: a) contestation of the accuracy of personal data; b) unlawful processing by the Data Controller to prevent their deletion; c) exercise of a right of Yours in a court of law; d) verification of whether the legitimate reasons of the Data Controller prevail over those of the data subject;
- receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and readable format the personal data concerning You in order to transmit them to another data controller or - if technically feasible - to obtain direct transmission by the Data Controller to another data controller;
- to oppose, in whole or in part, for legitimate reasons, the processing of Your personal data, even if pertinent to the purpose of collection;
- to lodge a complaint with the Guarantor Authority for the Protection of Personal Data.
In the above cases, where necessary, the Data Controller will inform the third parties to whom Your personal data are communicated of the possible exercise of Your rights, except in specific cases (e.g. when this proves impossible or involves the use of means manifestly disproportionate to the protected right).
9. How to exercise Your rights
You may exercise these rights at any time
10. Data Controller, Data Protection Officer and Data Processor
The data controller is Agenzia italiana per l'internazionalizzazione - Promos Italia S.c.r.l., with registered office in Milan, Via Meravigli n. 9/B - 20123, Tax Code and VAT number 10322390963.
The Data Controller has also appointed a Personal Data Protection Manager who can be contacted by sending an email to firstname.lastname@example.org.
The updated list of data processors, persons in charge of processing and system administrators is kept at the Data Controller's head office.
Milan, 22 October 2021.
Promos Italia S.c.r.l.