PROF SRL, with registered office in VIA CAO DE VILLA, 6/A – 31020 FALZE’ DI PIAVE – SERNAGLIA DELLA BATTAGLIA – TV, Italy, Italian tax code and VAT number 03134570260, in the person of its legal representative, as data controller (hereinafter, “Controller”), informs you, pursuant to articles 13 and 14 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) and in compliance with Italian Legislative Decree no. 196/03 (hereinafter, “Privacy Code” as amended by Italian Legislative Decree no. 101/18), that your data will be processed in the following manner and for the following purposes:
1) Subject matter of the processing
Given the services and products offered by our organization, the Controller processes personally identifiable information and not special personal data (e.g. name, surname, tax code, email, telephone number (hereinafter, “biographical data” or “data”) disclosed by you when requesting services from our organization and / or when defining any contractual arrangements and / or promotional initiatives and for the purposes listed below. For some services it may be necessary to process special data, i.e. personal data that may be used to identify racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, religious, philosophical, political or labour associations or organisations, as well as personal data disclosing information on health and sex life (hereinafter referred to as “special data”). Judicial data may be required for certain legislative requirements.
2) Purpose of the data processing and legal basis
Your personal data are processed:
A) Without your express consent, as they derive from legal and / or contractual obligations or refer to legitimate interests (Privacy Code and art. 6 of GDPR), and for the following purposes:
- To manage and maintain the services requested by the data subject and to contact him/her in order to organise the services requested;
- To fulfil pre-contractual, contractual and fiscal obligations arising from relationships existing with you;
- To fulfil obligations provided for by law, regulations, Community legislation or any order from an Authority, including for accounting and tax purposes;
- To prevent or detect fraudulent activities or harmful abuses and / or for the purposes provided for by current legislation regarding anti-money laundering;
- Any mandatory obligations resulting from the requirements of organisational and management models based on specific recognised standards (e.g. ISO, UNI standards, etc.) required by law and / or from specific contractual requirements requested by the data subject and / or made explicit as a service requirement;
- To exercise the Controller’s rights, for example the right of defence before the courts;
- To enable us to contact the data subject for information relating to the services requested and their management;
- To allow the data subject to register with the services and to allow us to send him/her useful information according to the services requested;
- For legitimate interest relating to commercial communications updating the data subject on the initiatives of our organization.
With respect to the data collected by the website
- To allow registration on the website;
- To allow us to answer questions asked via the contact form;
- To manage and maintain the website;
- To prevent or detect fraudulent activities or harmful abuses of the website; For purposes relating to operation and maintenance, any third party services employed by it may collect System Logs, i.e. files that record interactions and may also contain Personal Data, such as the User’s IP address;
- For legitimate interest relating to communications (including of a commercial nature) updating the data subject on the initiatives of our organization and / or arising from applicable legislative and regulatory requirements.
B) Only with your specific and separate consent (art. 7 of GDPR and pursuant to Italian Legislative Decree no. 196/03), for the following Purposes:
B.1 Processing of data required to improve services and not necessary for the performance of the operations referred to in point 2A, but aimed at improving the services requested, and in any case always obtained directly from the data subject. Fulfilment of requirements necessary for development of the processes and services required by the management systems and organizational models implemented, but not mandatory and not related to specific standards. Data will be used to speed up the subsequent requests for services to our organization.
B.2 For marketing and / or commercial purposes: To send you via email newsletters, commercial communications and / or advertising material on products or services offered by the organization. We inform you that if you are already our customer, we may send you commercial communications relating to services and products similar to those you have already used, unless you disagree (Privacy Code). To send information, promotional, advertising and marketing material.
For other purposes, it will be the controller’s responsibility to define any special policies and related needs for consent and / or additions to the processing.
This policy does not include any processing by other parties which may be reached by possible links on the website and for which you must refer to the specific policy.
3) Methods and duration of the processing
The processing of your personal data is carried out by means of the operations referred to in Italian Legislative Decree no. 196/03 and in art. 4 no. 2) of GDPR, namely: collection, recording, organization, storage, consultation, processing, alteration, selection, retrieval, alignment, use, combination, blocking, communication, erasure and destruction of data. Your personal data is processed on paper, electronically and automatically.
The Controller shall process your personal data for the time necessary to fulfil the above purposes and in any case for no longer than 10 years from the termination of the relationship for the Purposes referred to in point 2.A (unless otherwise required by law). For the purposes referred to in point 2B, however, data will be processed until withdrawal of consent or after 5 years from the interruption of the relationships / communications with the data subject from whom the data was first collected.
Profiling: no data profiling is carried out.
4) Access to data
You may have access to your data at any time by making a simple request to the addresses listed in this policy.
5) Data communication
Your data may be made accessible and / or disclosed for the purposes referred to in art. 2.A) and 2.B):
Without prejudice to communications and disclosures made in execution of legal obligations, the Controller may disclose your data in Italy and / or abroad (as reported in the following points) to:
- The Controller’s employees and collaborators, in their capacity as persons in charge and / or processors and / or system administrators;
- Technicians and / or collaborators for administrative, fiscal and accounting management and / or to fulfil specific legal obligations or those for which external suppliers have been identified;
- Our network of agents; factoring companies; credit institutions; debt collection companies; credit insurance companies; commercial information companies for the services requested; professionals and consultants; companies operating in the transport sector; technicians and collaborators in charge of providing the services / products requested, oversight bodies and judicial authorities, as well as to all other parties to whom communication is mandatory by law for the fulfilment of the aforementioned purposes. Legal entities entrusted with the services referred to in this policy;
- Companies or other legal entities, qualified and appointed pursuant to art. 28 of Regulation no. 679/16, for support activities including: management and development of communications, management and development of business processes and projects, systems for communication, promotion and the storage of personal data. Access may be granted to third parties and associated companies providing services deemed necessary and / or useful by the controller for the management of business activities and support processes related to or requested by you. Suppliers include companies that maintain IT systems; credit institutions, professional practices, companies providing services on IT systems / platforms that the Controller considers useful to use, companies performing outsourced activities on behalf of the Controller in their capacity as external data processors;
- It may be necessary to disclose data to recipients for legislative obligations and / or for obligations arising from the organizational structures of the Controller involving the presence of independent parties who may become recipients of data in order to meet the legislative obligations arising from the role covered. These recipients may include oversight bodies, third party inspectors, people who carry out audits on our organization, persons and / or entities performing controls at our organization.
6) Transfer of the data
Personal data will be managed and stored on servers located within the European Union belonging to the Controller and / or to third party companies duly appointed as Data Processors. Our internal servers are currently located in Europe. Your data will not be transferred outside the European Union. However, the Controller reserves the right where necessary to move the location of servers to non-EU countries. In this event, the Controller guarantees that transfer of the data to non-EU countries will comply with the applicable legal provisions, entering into specific agreements where necessary to guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for by the European Commission. Some mailing or storage services use cloud platforms which may have servers in non-EU countries, but data are only stored temporarily for the requested service.
7) Mandatory or optional nature of providing data and consequences of refusal to respond
Providing data for the purposes referred to in art. 2.A) is mandatory. Without these data, we could not guarantee the services referred to in point 2.A). Providing data for the purposes referred to in point 2.B) is optional.
You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive any commercial communications and advertising material relating to the Services offered by the Controller. In any case, you will continue to be entitled to the Services referred to in art. 2.A).
8) Rights of the data subject
As a data subject, you have the rights specified in Italian Legislative Decree no. 196/03 and art. 15-22 of GDPR, namely the following:
A) To obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
B) To obtain information on: the origin of personal data; purposes and methods of processing; the logic applied in the case of processing carried out with the help of electronic means; the identity of the controller, processors and representative appointed under the Privacy Code and art. 3, paragraph 1, of GDPR; and the parties or categories of parties to which personal data may be disclosed or that may learn about them as appointed representative in the territory of the State, processors or persons in charge;
C) To obtain: the updating, rectification or, when in your interest, integration of data; the erasure, anonymization or blocking of data processed unlawfully, including data whose storage is unnecessary for the purposes for which the data were collected or subsequently processed; certification that the operations referred to in art. 8.A) and B) have been notified, including with regard to their content, to those to whom the data were communicated or disclosed, unless this proves impossible or involves a manifestly disproportionate effort compared with the protected right;
D) To object, in whole or in part: for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection; to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by email and / or through traditional marketing methods by telephone and / or mail. Please note that the data subject’s right to object, as set out in point B) above, for direct marketing purposes by means of automated methods also extends to traditional methods and that, in any case, the possibility for the data subject to exercise his/her right to object even only in part remains unaffected. The data subject may therefore decide to receive only communications by traditional means or only automated communications or neither of the two types of communication.
Where applicable, the data subject also has the rights under articles 16-21 of GDPR (right to rectification, right to be forgotten, right to restriction, right to portability of data, right to object), as well as the right to lodge a complaint with the Data Protection Supervisor.
9) How to exercise your rights
You may exercise your rights at any time by sending:
- A registered letter with acknowledgement of receipt addressed to: PROF SRL, with registered office in VIA CAO DE VILLA, 6/A – 31020 FALZE’ DI PIAVE- SERNAGLIA DELLA BATTAGLIA – TV, Italy
- An e-mail to firstname.lastname@example.org or a certified email (PEC) to email@example.com
The Controller’s services are not intended for children under 14 years of age and the Controller does not intentionally collect personal information relating to children. In the event that information on children is unintentionally recorded, the Controller will delete it without delay at the user’s request. If it should become necessary to process data concerning children, specific consent and authorization will be requested from the person exercising parental authority and / or the holder of parental responsibility (as provided for by art. 8 of Regulation no. 679/16).
11) Controller, processor and persons in charge
The Controller is PROF SRL, in the person of its legal representative pro tempore. The data controller can be found at the above addresses The updated list of data processors and persons in charge of data processing is kept at the head office of the Controller.
12) Data Protection Officer
The Data Protection Officer (D.P.O.) does not apply to our organization.
13) Changes to this Policy
This Policy is subject to changes. We therefore recommend that you check this Policy regularly and refer to the latest version.