In compliance with the REGULATION (EU) 2016/679(General Data Protection Regulation) we provide the necessary information regarding the processing of your personal data. This notice is provided pursuant to art. 13 GDRP.
1. SUBJECTS OF THE PROCESSING
Data controller pursuant to Articles 4 and 24 of the Regulation (EU) 2016/679 is WESTHOUSE ITALIA SRL, with legal headquarter in Centro Direzionale Milanofiori, Viale Milanofiori Strada 4 – Palazzo A5 – 2 piano 20090 Assago, Italy in person of its legal representative pro tempore.
The Company proceeded to appoint a Data Protection Officer (RPD|DPO), pursuant to articles 37 and 39 of the Reg.UE 2016/679. Contact detail: firstname.lastname@example.org
2. CATEGORIES OF PROCESSED DATA
Data Controller will process the following of personal data:
Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person – art. 4, c. 1, n. 1 GDPR.
3. PURPOSES OF THE PROCESSING
Data Controller will process data for the following purposes:
a) Administrative and accounting porpuses: related to the performance of the contract – organisational, administrative, accounting, financial activities. Legal basis for the processing is art.6 par1 lett b) contract, pre-contract;
b) direct marketing upon consent and until opposition for: carrying out market research (e.g. customer satisfaction analysis), sending news and promotions, advertisement, direct sell. These processing will be carried out through e-mails, SMS, app notifications, whatsapp, traditional mailing, phone calls. To compare and possibly improve the results of communications, Data Controller uses systems for sending newsletters and promotional communications with reports. Thanks to the reports, the Data Controller will be able to know, for example: the number of readers, openings, unique “clickers” and clicks; the devices and operating systems used to read the communication; the detail on the activity of individual users; the details of the emails sent, e-mails delivered or not, of those forwarded. All these data are used for the purpose of comparing, and possibly improving, the results of communications. Legal basis for the processing of personal data is art.6 par.1 lett.a), consent.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS
Your personal data may be shared with third parties that will process the data as Data Processors (art.28 of GDPR), as persons authorized by Data Controller o Data Processor (art.29 of GDPR) or autonomous Data Controller. Precisely, data will be processed in a way that guarantee the security and the confidentiality through both paper and digital tools and shall be communicated with the following third parties: subject that provide the service and the assistance of the IT system and telecommunications network including electronic mail; subject for the assistance and consulence; banks; review body; public authorities to fulfil legal and regulatory obligations if requested. The list of the Data processors appointed pursuant article 28 od Reg.UE 2016/679 is available contacting Data Controller or Data Protection Officer (see point 1 of this Information Notice).
5. DATA TRANSFER TO THIRD COUNTRIES AND/OR INTERNATIONAL ORGANIZATION
Your data will not be disseminated and may be communicated to companies contractually linked to Westhouse Italia srl, in Countries within the European Union.
6. DATA RETENTION OR RELATED CRITERIA
According to the provisions set forth in art. 5 par. 1 lett. e) of the Regulation EU 2016/679, collected personal data shall be kept in a form which permits identification of Data Subjects for no longer than necessary for the purposes for which the personal data are processed. In particular:
– as far as the purpose indicated in point 3.a) is concerned – administrative activities – for all the duration of the contract and after then, for a period of 10 years or different if this different period is required by law.
– as far as the purpose indicated in point 3.b) is concerned – marketing –you data will process until the revocation of the consent. You can express this right at any time. In this case, it will be record the date from which Data Controller will no longer carry out marketing activities on you.
7. NATURE OF UNDERWRITING AND REFUSAL
The provision of personal data is mandatory for the purpose indicated in point a). Failure to provide the data determine the impossibility to process the data for the purpose a), that means also for instance the impossibility for Data Controller to fulfill the legal obligations to which the Data Controller is obliged.
The provision of the data for the purpose b) is optional. Failure to provide the data will make it impossible to send direct marketing communications from Data Controller, but will not prejudice the processing of data for the purposes indicated in point a).
8. DATA SUBJECT RIGHTS
You may freely exercise your rights at any time under Reg. EU 2016/679 –GDPR, Sections 15, 16, 17, 18, 19, 20, 21, 22 by contacting the Data Controller or the Data Protection Officer (see point 1 of the Information Notice).
You have the right, at any time, to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to personal data, verify their accuracy or request their rectification or erasure. You have also the right to object to such processing as well as the right to your data portability. In exercising your right to data portability, the Data Controller may provide your personal data in a structured, commonly used and machine-readable format, except article 20, paragraphs 3 and 4 of Reg. UE 2016/679. In case in which the legal basis is the consent, you have the right to revoke your expressed consent at any time. In order not to receive commercial and promotional communications through automated means (e.g.e-mail), you can write an e-mail at any time at the following address email@example.com, with the subject “automated unsubscription” or use our system for automatic unsubscription and you will no longer be disturbed. In order not to receive commercial and promotional communications through traditional means (phone calls or paper), you can write an e-mail at any time at the following address firstname.lastname@example.org with the subject “traditional unsubscription” and you will no longer be disturbed. ). Without prejudice to any other administrative or judicial remedy, in case you consider your data processing in contrast with Reg. UE 2016/679, pursuant to article 15 lett. f) of Reg. UE 2016/679, you have the right to lodge a complaint with a supervisory authority (www.garanteprivacy.it )
Update date: February 2nd 2020