Owner of the Treatment
Omologo S.r.l, with registered office in Via Archimede,11A35030Rubano (PD), CF and VAT no. 03983650288 (hereinafter referred to as “Data Controller” or “Homologator”), in its capacity as Data Controller, informs pursuant to articles 13 and 14 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) that the Data of natural persons resident in the European Union (hereinafter, “Client” or “Interested Party”), of which the company has come into possession during the performance of its activity, will be processed in the following ways and for the following purposes.
Object of the Treatment
The Data Controller processes personal data (e.g. name, surname, tax code, email, telephone number, etc., “personal data” or even “data”) acquired also verbally or communicated by the Interested Party during the registration to the website and/or when subscribing to the newsletter service of the Data Controller or when executing a contract to which the Interested Party is a party.
Legal basis and Purpose of the Processing
Personal data are processed:
A) without the express consent of the interested party (art. 6 letter B and F of the GDPR), to achieve the corporate purpose of the Owner, in particular:
fulfil pre-contractual, contractual and fiscal obligations arising from existing relationships with the Client;
fulfil the obligations provided for by law, by a regulation, by Community legislation or by an order of the Authority;
allow the subscription to the newsletter service provided by the Owner and to any further Services requested;
exercise the rights of the Owner.
B) subject to the specific consent of the interested party (art. 6 letter A of GDPR), by means of a specific and separate Information Notice for the purposes indicated therein.
Please note that the Homologator’s customers may be sent commercial communications relating to services and products of the Owner similar to those that the Customer has already used, unless express dissent of the interested party.
Methods of Treatment
The processing of the Client’s personal data is carried out by means of the operations indicated in art. 4 n. 2 of GDPR and precisely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subject to both paper and electronic processing.
The Owner will process the personal data for the time necessary to fulfill the purposes set forth in art. 3 of this policy and in any case for no longer than 10 years after the termination of the relationship with the Customer. The data collected and not subject to conservation determined by law will be kept for no longer than 2 years from the termination of the relationship with the interested party.
The data will also be processed in compliance with the principle of confidentiality and security, in particular, all technical, computer, organizational and procedural security measures will be taken so that the adequate level of data protection indicated in art. 32 of the GDPR is guaranteed.
Access to Data
The Customer’s data may be made accessible for the purposes set out in art. 3.A) and 3.B) of this information notice:
to employees and collaborators of the Owner, in their capacity as internal data processors and/or system administrators;
to third parties (for example, providers for the management and maintenance of the website, suppliers, credit institutions, professional firms, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
Data Communication
Without the Client’s express consent (art. 6 letter b) and c) of GDPR), the Data Controller may communicate the data for the purposes referred to in art. 3.A) of this information notice to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom the communication is obligatory by law or necessary for the fulfilment of the said purposes.
Data Transfer
The management and storage of personal data will take place on servers of the Data Controller located within the European Union and/or third party companies appointed and duly appointed as Data Processors. Currently the servers are located in Italy. The data will not be transferred outside the European Union. It remains in any case understood that the Owner, if necessary, will have the right to move the location of the servers in Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller assures from now on that the transfer of the data outside the EU will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
Nature of the provision of Data and consequences of refusal to respond
The provision of data for the purposes referred to in art. 3.A) of this information notice is mandatory. Failure to provide the data will make it impossible for the Homologator to follow up the existing relationship with the interested party.
Rights of the interested party
As the interested party, the Client has the rights under Articles 15 – 21 of GDPR and precisely the rights of:
to obtain confirmation of the existence or not of personal data concerning him/her, even if not yet recorded, and their communication in an intelligible form;
to obtain the indication:
the origin of the personal data;
the purposes and methods of processing;
the logic applied in case of processing carried out with the aid of electronic instruments;
the identification data concerning data controller, data processors and the designated representative;
the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing;
III. obtain:
updating, rectification or, when interested therein, integration of the data;
the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
oppose, in whole or in part:
for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of collection;
to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys, by means of automated calling systems without the intervention of an operator by means of email and/or traditional marketing methods by telephone and/or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for the purposes of direct marketing by automated means extends to traditional methods and that in any case the interested party may exercise the right of opposition even only in part. Therefore, the interested party may decide to receive only communications by traditional means or only automated communications or neither of the two.
Where applicable, the Client therefore has the rights set out in Articles 15-21 of GDPR, i.e. the right of access, the right to rectification, the right to be forgotten, the right to limit processing, the right to data portability, the right to object, as well as the right to complain to a Control Authority.
Procedures for the exercise of rights
The Customer may at any time exercise his rights by sending:
– a registered letter with return receipt to Omologo S.r.l., Via Archimede, 11A35030Rubano (PD);
– an e-mail to the address info@omologo.com
– a PEC at indirizzoomologosrl@pec.it
Minors
The Cardholder’s Services are not intended for minors under 18 years of age and the Cardholder does not intentionally collect personal information referring to minors. In the event that information on minors is involuntarily recorded, the Owner will delete it in a timely manner, at the request of the person concerned.
Owner, manager and persons in charge
The Data Controller Omologo S.r.l.in the name of its legal representative.
The updated list of data processors and persons in charge of processing is kept at the headquarters of the Data Controller.
Changes to this Information Notice
This Policy is subject to change. We therefore recommend that you also check this Policy regularly on our website and refer to the most current version.
