ART. 1 - Data Controller and Data Protection Officer
The Data Controller, i.e., the entity that establishes the manner and purpose of the processing of your personal data, is TOUCH AND CONTACT S.R.L., with registered office in 000131 - ROME, Via Adriano Olivetti n.24, Tax Code and VAT number 15372121002. The Owner is available for any information concerning the processing of your personal data at the following address: email@example.com.
The appointed D.P.O. (Data Protection Officer) is Antonella Barbon, Esq. based in Treviso Viale Monte Grappa n. 27 contactable at the following address: email: firstname.lastname@example.org. email@example.com.
ART. 2 - Categories of data processed, purposes of processing and nature of data provision
The personal data processed are as follows:
- Navigation data: The computer systems and software procedures used to operate the App acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the App, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the App to check its proper functioning, to identify anomalies and/or abuse, and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the App or third parties. Data related to the PC -Telephone - Tablet - or other device used for browsing will also be collected. This processing is based on art. 6, par. 1, letter b, of the Regulation being the processing necessary for the performance of a contract to which the data subject is a party or the execution of pre-contractual measures taken at his or her request. The provision of personal data for these purposes is optional, but failure to do so would make it impossible to activate or provide the services requested by the user.
Data provided for service delivery: personal data voluntarily provided by the user for the use of the Application's functionalities (e.g. for registration, management of contracted products/services) such as first and last name, contact data (e-mail address, cell phone), data inherent to the use of services/products managed through the Application. Data may be provided to TAC by the customer (company holding the contractual relationship with the data subject). In addition, within his account the user will be able to enter, if applicable, a personal photo, the company he works for, fax, address, website, VAT, SDI, C.F. and personal social link. This data will be processed to:
The processing of these personal data is necessary for the purposes of Provision of the requested services. This processing is based on Article 6(1)(b) of the Regulation, the processing being necessary for the performance of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the same. Providing personal data for these purposes is optional, but failure to do so would make it impossible to activate or provide the services requested by the user.
- recognize the user during the login phase;
- provide the user with the requested services and allow him/her to manage the products/services he/she uses;
- to provide the user with useful information on the use and optimization of the service.
Further Purposes: promotional, commercial and marketing: if the interested party has not objected in advance, the e-mail address may be used to send promotional communications, pursuant to Article 130, paragraph 4, of Legislative Decree 196/03, also for the purpose of direct sales of products or services similar to those already purchased by the user/customer. The legal basis is the legitimate interest of the Data Controller as provided for by the Regulations and the Privacy Code. Communications may be suspended at any time by using the unsubscription channels provided in each communication received (opt-out).
In addition TAC may process personal data for the following purposes:
- Purposes connected with obligations provided for by laws, regulations or Community legislation, by provisions/requests of authorities empowered to do so by law and/or by supervisory and control bodies. TAC may process personal data in order to fulfill its obligations. The provision of personal data for this purpose is compulsory, as failure to do so will make it impossible for the Data Controller to fulfill specific legal obligations.
- Defense of rights in the course of judicial, administrative or extrajudicial proceedings: the user's personal data may be processed in order to defend his or her rights or take action or even make claims against the user or third parties. The prerequisite for processing is the legitimate interest of the Data Controller in protecting its rights.
ART. 3 - Retention Period
Personal data will be kept for different times depending on the purpose for which they were collected: - provision of services: we will keep the data for the time strictly necessary to achieve the purposes. In any case, since it is processing carried out for the provision of services, “TAC” will make use of the faculty, allowed by the legislation (art. 2946, Civil Code), to keep the personal data necessary to protect its interests, for the time provided for by law; - promotional, commercial and marketing: as a general rule, until the objection of the interested party and/or the withdrawal of consent by the user. More information regarding the data retention period and the criteria used to determine this period may be requested by sending a written request to the Data Controller at the contact details indicated in this policy. This is without prejudice, in any case, to the possibility for “TAC” to retain personal data for the period of time provided for and permitted by Italian law to protect its interests (Art. 2947, paragraphs 1 and 3, Civil Code). In case of account closure by the User, it is clarified that personal data will generally no longer be visible to third parties in our Services within 24 hours of the intervening request for deactivation for whatever cause has been determined, while the information of the closed account will be deleted within 30 days of its closure for security reasons. In any case, “TAC” reserves the right to retain users' personal information even after account closure if reasonably necessary to fulfill legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, and enforce the License Agreement. Any information that was retained after account closure will be depersonalized. Information shared with third parties (e.g., via email, messages, etc.) will remain visible subsequent to account closure or deletion of information from the user's profile. It should be noted that “TAC” does not control the data that other users may have copied from the Services offered.
ART. 4 - Categories of data recipients
For the aforementioned purposes, the user's personal data and collected by “TAC” may be known to:
- employees and internal consultants, as part of their work duties, who act as authorized subjects for processing and in this sense instructed by the Data Controller;
- external consultants and third parties (suppliers of technical, technological services, credit and banking institutions, suppliers of services instrumental to the management/maintenance of the Application, as well as to third party call center companies, marketing companies and advertising and market research services. The aforementioned categories of subjects act as managers appointed by “TAC”.
ART. 5 - Method of processing
The data processing is carried out through paper, computer and telematic support by specially appointed internal subjects. The data are stored in electronic and, residually, paper archives with full assurance of the minimum security measures provided by the legislator.
ART. 6 - Transfer of data abroad
The user's personal data collected by TAC will be processed mainly in Italy and in any case in states that are part of the European Union, however some processing activities may be carried out in countries outside the EU however guaranteeing the necessary standards of security, protection and data protection as required by national and supranational regulations, such as the adoption of Standard Contractual Clauses approved by the European Commission.
ART. 7 - The Rights of the Data Subject
Pursuant to the Regulations, data subjects may exercise the following rights towards the Data Controllers:
- request and obtain information regarding the existence of their data with the Data Controller as well as regarding the processing of personal data carried out by the same, as well as obtain access to the same;
- request and obtain receipt in a structured, commonly used and machine-readable format of one's own data provided to the Data Controller, if the processing is based on consent or on a contract and is carried out by automated means, as well as, where technically possible, the transfer of such data to another data controller;
- request and obtain the amendment and/or correction of data that are inaccurate or incomplete;
- request and obtain the deletion of one's own data if it is not necessary - or no longer necessary - for the above purposes, or if there are other prerequisites provided by law (see Article 17 of the Regulations);
- request and obtain the restriction of the processing of its data if the data subject contests its accuracy or in the further assumptions provided for in Article 18 of the Regulation;
- object to the further processing of its data in the cases expressly defined in Article 2) above.
Such requests may be addressed to “TAC'' by sending a request to firstname.lastname@example.org. Requests transmitted by e-mail or other channels that do not allow the identification of the requester, must be accompanied by a copy of the requestor's identity document for the purpose of verifying the requestor's identity. In accordance with current legislation, in addition to the above rights, the data subject also has the right to lodge a complaint with the competent supervisory authority, which in Italy is the Data Protection Authority, Piazza di Monte Citorio n. 121 00186 ROMA, Fax: (+39) 06.69677.3785, email@example.com, firstname.lastname@example.org.
ART. 8 - Cookies
ART. 9 - Amendments and updates