PRIVACY POLICY

 

This Privacy Policy is provided in order to inform you about the processing of your personal data carried out by Comprof Milano S.R.L., for which the company data is provided below. Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the “GDPR”), as well as Legislative Decree no. 196 of 30 June 2003, we provide you with the following information.

 

DATA CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller – as defined in Article 4, paragraph 1, point 7) of the GDPR – is “Comprof Milano S.R.L.“, a company with its registered office in Naples (NA) at 1 Piazza S. M. Angeli A Pizzofalcone, VAT Number and Tax Code: 07479001211, email address: info@comprofmilano.it (hereinafter referred to as the “Data Controller”).

 

INTRODUCTORY INFORMATION

For a better understanding of the information shared herein, please consult the following definitions from the provisions of the GDPR. Pursuant to Article 4, paragraph 1 of the GDPR:

“personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“data controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

“data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;

“consent of the data subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

CATEGORIES OF DATA PROCESSED

The following categories of personal data may be processed by way of this website (hereinafter referred to as the “Website”):

  1. common personal data: this category encompasses personal information including, but not limited to, your first name, last name, date of birth, residential address and tax code, as well as contact information including your landline and/or mobile phone number and email address.
  2. your IP address;
  3. data collected using cookies, subject to your consent, without revealing your specific identity, as detailed in the Cookie Policy found at the following link https://www.iubenda.com/privacy-policy/31040001/cookie-policy
  4. further information you choose to provide by filling out the relevant forms to receive customer service/information about the services/products offered by the Data Controller.

 

PURPOSES OF PROCESSING AND LEGAL BASES

The personal data you provide is processed by the Data Controller for the purposes and according to the legal bases laid out below:

  1. PURPOSE: browsing the Website
  • LEGAL BASIS FOR PROCESSING: for this purpose, the legal basis is found in Article 6, paragraph 1(f) of the GDPR, according to which the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party;

 

  1. PURPOSE: IT systems management
  • LEGAL BASIS FOR PROCESSING: for this purpose, the legal basis is found in Article 6, paragraph 1(f) of the GDPR, according to which the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party;

 

  1. PURPOSE: if requested, to be contacted by the Data Controller in order to process requests made by data subjects via this Website and via Web Chat, if any
  • LEGAL BASIS FOR PROCESSING: for this purpose, the legal basis is found in Article 6, paragraph 1(a) of the GDPR, according to which the data subject has given consent to the processing of his or her personal data for one or more specific purposes or Article 6, paragraph 1(b) of the GDPR (if applicable), according to which processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

 

  1. PURPOSE: defence of rights in the context of action brought against the Data Controller and preliminary and/or related activities
  • LEGAL BASIS FOR PROCESSING: for this purpose, the legal basis is found in Article 6, paragraph 1(f) of the GDPR, according to which the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party;

 

  1. PURPOSE: compliance with obligations imposed by laws or regulations
  • LEGAL BASIS FOR PROCESSING: for this purpose, the legal basis is found in Article 6, paragraph 1(c) of the GDPR, according to which processing is necessary for compliance with a legal obligation to which the Data Controller is subject;

 

  1. PURPOSE: compliance with tax and accounting obligations
  • LEGAL BASIS FOR PROCESSING: for this purpose, the legal basis is found in Article 6, paragraph 1(c) of the GDPR, according to which processing is necessary for compliance with a legal obligation to which the Data Controller is subject;

 

  1. PURPOSE: if requested, sending advertising, informational, promotional and/or commercial materials via email (including newsletters) concerning the services/products offered by the Data Controller
  • LEGAL BASIS FOR PROCESSING: for this purpose, the legal basis is found in Article 6, paragraph 1(a) of the GDPR, according to which the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

 

The provision of personal data is optional for the processing purposes laid out in the preceding points (c) and (g) of this Privacy Policy. However, should you fail to do so, you will not be able to obtain the requested service (for example, the receipt of commercial information; the fulfilment of requests; the receipt of the newsletter).

In any case, you have the right to withdraw your consent, as laid out in Article 7, paragraph 3 of the GDPR, if said consent constitutes the legal basis for processing.

 

PROCESSING METHODS AND DATA RETENTION

We hereby inform you that your data is processed in accordance with the GDPR and the current regulations on the processing of personal data. We hereby inform you that the processing referred to above is based on the principles laid out in Article 5 of the GDPR, especially the principles of fairness, lawfulness, transparency and protection of the confidentiality and rights of the data subject.

Your personal data will be processed by way of paper, IT and telematic tools, using appropriate methods to ensure its security and confidentiality in accordance with the provisions of Article 32 of the GDPR.

Your personal data will be retained by the Data Controller for the period strictly necessary to achieve the purposes for which it was collected, and in any case in compliance with the principle of data minimisation laid out in Article 5, paragraph 1(c) of the GDPR, as well as with the obligations stipulated by law. In any case, it should be noted that once the retention period established by the Data Controller and/or the current legislation has elapsed, the data will be subject to deletion. However, in any case, the Data Controller will have the right to retain personal data for specific accounting/fiscal purposes, as part of the accounting records described in Article 2220 of the Italian Civil Code.

 

COMMUNICATION OF YOUR PERSONAL DATA

We hereby inform you that your personal data is not subject to dissemination, i.e. the disclosure of such data to unspecified parties, in any form, including by making it available or offering it for consultation. However, the Data Controller may be required to disclose said personal data, in compliance with legislative provisions, where requested by public authorities, judicial authorities, supervisory and control bodies, information and security bodies, or other public bodies and/or authorities for the purposes of defence and national security, and the prevention and detection or suppression of crimes. In order to achieve the purposes described in the preceding “PURPOSES OF PROCESSING AND LEGAL BASES” section, the Data Controller may need to communicate your personal data to the following categories of entities:

  1. natural persons authorised by the Data Controller to process personal data pursuant to Article 29 of the GDPR as part of their work duties;
  2. entities who have been appointed as data processors by the Data Controller, pursuant to Article 28 of the GDPR, including, but not limited to, entities who provide services for the management of digital and non-digital communication systems; employment consultants; consultants in legal, financial and accounting matters, etc. Easy Web Srl, headquartered in Naples at 18 Via Saverio Gatto, 80131, has been appointed as the agency in charge of web management and communications.

 

TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANISATION

We hereby inform you that some of the entities mentioned in the “COMMUNICATION OF YOUR PERSONAL DATA” paragraph may be located outside the European Union (EU) or the European Economic Area (EEA), in countries that do not guarantee an adequate level of protection of personal data according to the standards established by the GDPR. In this event, Comprof Milano S.R.L., will take the necessary precautions for a lawful data transfer (namely by way of the Standard Contractual Clauses approved by the European Commission). You can request information about the international transfer of your personal data at any time by contacting us using the contact details below.

 

RIGHTS OF THE DATA SUBEJCT

Pursuant to Article 7, paragraph 3 of the GDPR, we hereby inform you that you may withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent given prior to withdrawal. By sending a request directly to the Data Controller’s registered office indicated above or to the following email address: info@comprofmilano.it, you can exercise the following rights at any time, pursuant to articles 15 to 22 of the GDPR:

  1. the right to request confirmation as to whether or not your personal data is being processed;
  2. the right to obtain information regarding the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom your personal data has been or will be disclosed and, when possible, the retention period; c. the right to obtain rectification and erasure of your personal data;
  3. the right to obtain the restriction of the processing of your data; e. the right to data portability, i.e. to receive your personal data from the Data Controller, in a structured, commonly used and machine-readable format, and to transmit it to another data controller without hindrance;
  4. the right to object to the processing at any time, including processing for direct marketing purposes; g. the right to object to automated individual decision-making;
  5. the right to request that the Data Controller provide access to and rectification or erasure of your data, to obtain restriction of data processing, or to object to data processing, as well as the right to data portability;
  6. the right to withdraw your consent at any time without affecting the lawfulness of processing based on the consent given prior to withdrawal;
  7. the right to lodge a complaint with a supervisory authority.

 

Finally, we hereby inform you that the Data Controller may request additional information in order to confirm the identity of the data subject.