CX Centax S.r.l. (C.F & P.IVA 02294000167) headquartered in 8, via Pignolo, Bergamo (BG), (from this point onwards “CX Centax” or the “Owner”), in its capacity as Data Controller, provides to the website users the policy, under art. 13 of the European Regulation 2016/679 (“GDPR”), on the aims and modalities of personal data processing.
- Object of the treatment
The Owner processes: the data provided by the User, identifiers and contact data (by way of non-exhaustive example: name, surname, postal address, e-mail address, phone number).
- Aims of the treatment
The data will be processed, in a lawful way and according to correctness, for the following aims:
- Contact the User, in order to satisfy their eventual requests expressed through the data collection form available on the website (Article 6, letter b), GDPR);
- Fulfil the legal and fiscal requirements to which the Owner is subject to (Article 6, letter c), GDPR);
- For the pursuit of legitimate interest that the Owner has recognized to exist on the basis of an evaluation of interests that has been executed (Article 6, letter f), GDPR);
- In the eventuality that it’s necessary to ensure, exercise or defend a right during judicial proceedings;
- Send the Customer promotional communications, via e-mail, in order to advertise products and/or services similar to ones previously purchased, guaranteeing the right of opt-out to the Customer, in any moment, to the sending of such communications;
- Granted explicit consent, for Marketing purposes (Article 6, letter a), GDPR) and in particular, to inform the User with ordinary letters, phone calls, e-mail, SMS, MMS, notifications and newsletters of the initiatives and offers by CX Centax.
- Obligation or less than data conferral.
Data conferral is a necessary requisite to use the requested services. The conferral of the data and the consent for marketing purposes (letter f of the previous point) is optional; however, the lack of consent to the treatment causes for the User impossibility of receiving commercial communications related the products and services of CX Centax.
It is also reminded that such consent can be revoked in any moment.
- Modality of treatment
The treatment of personal data is made through the steps provided in article 4 n. 2) GDPR, in detail: collection, recording, organization, conservation, consultation, elaboration, editing, selection, extraction, comparison, usage, interconnection, blocking, communication, deletion and destruction of data. Personal data is subjected to both paper-based and electronic treatment and/or automated.
- Data storage
The personal data that is collected for the purposes indicated in this information notice will be stored for the time that is strictly necessary in order to fulfil the aims for which it has been collected and in accordance with the relevant regulations in force; until the revocation of the consent for marketing purposes. Afterwards, the data will be deleted or anonymised.
- Access to data and communication of data
The personal data of the User are accessible to: i) the employes and/or collaborators of the Owner in their capacity as persons authorised and/or system administrators; ii) service providers that do outsourcing activities for the Owner in their capacity as external managers of the treatment and/or submanagers executing activities connected, instrumental or of support to those of the Owner, for example: management and maintenance of the contents of the website, customer assistance, customer care services, etc.
The complete list of the Data processors is available in the contact details given under number 9.
Furthermore, the Owner is allowed to communicate User data to third parties (Public Bodies, Police Forces or other public or private entities), exclusively for the purposes of fulfilling obligations of contractual and legal nature, and/or deriving from Community legislation.
- Data transfer
There are no data transfers in Extra EU Countries or international organizations. If such transfers are to take place, to protect the data of the User, the Owner will adopt the adequate safeguards laid down by GDPR, among them the adequate decisions and standard contractual clauses approved by the European Commission.
- Rights of the data subject
In conformity with what is required by articles from 15 to 21 of GDPR, the User can in any moment exercise the rights indicated therein, and in particular:
- Right to access (article 15, GDPR),
- Right to rectify (article 16, GDPR),
- Right to deletion (article 17, GDPR),
- Right to limitation of the treatment (article 18, GDPR),
- Right to portability (article 20, GDPR),
- Right to opposition (article 21, GDPR).
For all the aforementioned cases, if necessary, CX Centax will notify the third parties to which the data has been communicated to of the eventual exercise of any right by part of the User, except in specific cases (eg. when such fulfilment is impossible to enact or requires the usage of means manifestly disproportionate to the protected right).
- How to exercise the rights
The User can in any moment modify and revoke the manifested consents, and exercise the rights indicated in the previous point, forwarding the request to the Owner at the address email@example.com or calling the number +39 035 416211, otherwise contacting the designated PDO at the address firstname.lastname@example.org.
For the treatment of this notice, the User has, furthermore, the right of lodging a complaint to the local Data Protection Authority (Garante per la Protezione dei Dati Personali – www.garanteprivacy.it).