“Personal data” is any information that relates to an identified or identifiable living individual (the subject to whom the aforementioned data refers to is referred to as ‘data subject’). Personal data is distinguished in “identifiers” (for example: name, surname, date and place of birth, home address, social security number, VAT or other tax code, phone numbers, email addresses, bank references, chamber of commerce company registration report), “special categories”(racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data relating to the health, life or sexual orientation of the person) and data relating to criminal convictions and offenses.
‘Processing of personal data’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Our company processes, in compliance with the current legislation, your personal “identification” data only, which will be collected, directly or indirectly, in an analogical or digital way, by our employees and/or collaborators, for the purposes referred to in the articles below.
The data mentioned above may be provided directly by you or, in some cases, may also be acquired by third parties (e.g. public and private credit assessment databases) in the initial phase of the contract and to follow up on specific requests (deferred payments, leasing requests, credit insurance etc.).
In any case, the above mentioneddata is used to follow up on your requests and is processed only if in case it shall be necessary.
The personal data you will provide shall be processed exclusively for the purposes and according to the modalities set out by law (principle of lawfulness), in compliance with ethical and moral values (principle of fairness), allowing you to access the information and the communications regarding their processing at any time (principle of transparency). Furthermore, the data will be processed only for the purposes listed in this policy (purpose limitation) and ensuring appropriate security and confidentiality (integrity and confidentiality); data shall be adequate, relevant and limited to what is necessary in relation to the aforementioned purposes (data minimisation), accurate and, where necessary, kept up to date (accuracy) and kept for no longer than is necessary for the aforementioned purposes (storage limitation).
We also wish to inform you that we use analogical (paper) and digital (IT and telematic) tools, and adopt all the appropriate technical and organizational measures to guarantee the security, integrity and protection of the personal data you wish communicate to us.
The data controller is “Demas S.r.l.”, with registered offices atCirconvallazione Orientale n. 4692 – Rome (RM), VAT 00935301002 – Phone +39 06.417905 – E-mail address: firstname.lastname@example.org.
The Data Controller has appointed a Data Protection Officer (DPO), who can always be reached at the following address: Demas S.r.l., Personal Data Protection Officer – Circonvallazione Orientale n. 4692 – 00175, Rome (RM) or by e-mail at the following address: email@example.com.
Your personal data will be processed:
We inform you that for all the processing purposes indicated in letters a), b), c), d) and e) of the previous article, no explicit consent is required. Failure to provide your personal data may make it impossible to proceed with the execution of contractual obligations. On the contrary, regarding the hypotheses referred to in letters f) and g), you are free to refuse your consent for the processing of your personal data for the indicated purposes, bearing in mind that in case of denial you will not receive newsletters from us and/or by our commercial partners, communications regarding promotional campaigns, demonstrations, events and prize contests that may be offered. Also with reference to article 7 letter h) you are free to refuse your consent bearing in mind that, in this case, it will not be possible to send you communications and/or commercial information adhering to your tastes and/or preferences and/or needs; however, it will be possible to issue the fidelity card, if requested by you. The legal basis for the processing of personal data highlighted in the previous article is:
Your data will be accessible, for the aforementioned purposes, to the employees and collaborators of the Data Controller that are designated and responsible for the processing, in accordance with their functions and the instructions they have received from the Data Controller and exclusively for the purposes indicated in this policy and in compliance with the current legislation. They could also be made accessible to professionals and third-party companies (by way of example: commercial agents, credit institutions, companies offering postal services, couriers, leasing companies, professional firms, consultants, insurance companies for insurance products, companies, technicians and professionals in charge of the maintenance, the update and the management of softwares, suppliers for the traceability of particular types of medical equipment, suppliers for carrying out audits, board of statutory auditors named “Collegio sindacale”, Auditor named “Revisori dei conti”, Supervisory board named “Organismo di Vigilanza”, Data Protection Officer, etc.), who carry out outsourced activities on behalf of the Data Controller in their role as external data processors, always in accordance with the purposes of the processing itself.
Personal data may also be disclosed to commercial partners of our company for marketing purposes, if you have given consent to do so.
The list of data processors is available at the headquarters of the data controller.
Your data will always be processed for the time that is necessary to fulfill the purposes for which it was collected. In particular, for the purposes referred to in art. 7 lett. a), b), c), d) and e), your data will be kept for the time allowed by the Italian law (art. 2946 italian civil code e s.s.) and, in any case, no later than ten years from your last commercial transaction. For the purposes referred to in art. 7 lett. f) and g), your personal data will be processed until the revocation of your consent, or for twenty-four months from the date of registration. For the purposes referred to in art. 7 lett. h), your personal data will be processed until the revocation of your consent, or for twelve months from the date of registration. Sono sempre fatti salvi i casi in cui i dati dovessero risultare necessari per l’accertamento, l’esercizio o la difesa dei diritti del Titolare, anche in sede giudiziaria, che ne potrebbe giustificare il prolungamento sino al raggiungimento dello scopo. The cases in which the data are necessary for the assessment, exercise or defense of the rights of the Controller, even in court, which could justify the extension until the purpose is achieved, are always reserved.
We also inform you that any conferment of personal data of third parties represents a processing of personal data for which you are considered as an independent Data Controller and, therefore, you take all the obligations and responsibilities provided by the G.D.P.R. 679/2016 and by the Italian Legislative Decree 196/2003 (the Personal Data Protection Code) and and subsequent amendments and additions. In this regard, you guarantee to Demas S.r.l. that you have acquired the data provided in full compliance with current national and European law provisions. Therefore, you grant the widest indemnity against us, with respect to any dispute, claim, request for compensation for damage from treatment, etc. that should reach us, from any third party, due to the provision of the data indicated by you in violation of the applicable rules on the protection of personal data.
Your personal data is processedin our main office and in our operationalheadquarters. The aforementioned data can be transferred within the European Union, always in compliance with the limits and with the observance of the obligations set by EU Regulation 679/2016.
Your personal data is not subject to disclosure or to any fully automated decision-making process. No profiling process is performed by us, unless expressly authorized by you pursuant to art. 7 letter h).
With the occasion, if you decide to visit us in our stores, we wish to inform you that video surveillance systems are installed inside the stores for the purpose of protecting company assets. The processing of the data acquired through the aforementioned systems is based on the assumptions of necessity, legitimacy, proportionality and purpose.
We also inform you that:
the person in charge for the video surveillance is the Data Controller;
the cameras do not film the toilets;
only the Data Controllerand the Workers’ Safety Manager will have access to the registrations;
the recordings will be kept for a period of twenty-four hours (except in cases of special needs during the holidays or in the case of a specific investigative request by the Authorities), at the end of this period, the system automatically deletes them, by overwriting;
the images will not be divulgatedexternally in any way
We inform you that you have the right to:
To exercise your rights you can send a request by registered letter with return receipt to the address of the Data Controller or by e-mail at firstname.lastname@example.org