PURSUANT TO ART. 13-14 OF THE (EU) REGULATION N.2016/679 (“GDPR”)
PURSUANT TO ART. 13-14 OF THE (EU) REGULATION N.2016/679 (“GDPR”)
Furthermore, with this update, we inform you of the recent operation involving Retelit Digital Services S.p.A. (hereinafter “Retelit“) in the acquisition of 100% of the share capital of Partners Associates S.p.A. (parent company of PA Group) and which led, among other things, to the integration of the related corporate structures and the extension of the services offered in terms of infrastructure, platforms, and ICT services in general.
More information on the corporate structure of Retelit Group, whose parent company is Retelit S.p.A. and to which now PA Group belongs, are available at the following this link.
In this context, it should be noted that, as regards the processing of your data, the companies of the Retelit Group may in future act as joint controllers of the processing; in this case, you will certainly and promptly be provided with specific information, with which relay contents of any joint controllership agreement between the companies involved.
Joint controllership agreement
With reference to the purposes indicated below, the PA Group companies act as joint controllers; therefore, they have defined a joint controllership agreement pursuant to and for the purposes of art. 26 of the GDPR, agreeing on the division of obligations and responsibilities regarding data processing. The full text of the agreement is available at the headquarters of Partners Associates S.p.A. in Via Spilimbergo n. 66 – 33037 Pasian di Prato (UD), and can be viewed and made available on written request. The essential content relating to this agreement is available, in any case, at the following link.
The contact details of the Companies are shown below:
The Customer may in any case contact the Companies, for any request regarding personal data, by sending: (a) a registered letter with return receipt to Partners Associates S.p.A., Viale Tricesimo 103 – 33100 Udine, or (b) an email to the address email@example.com.
The updated list of any data processors is available upon written request at Partners Associates S.p.A. HQ in Via Spilimbergo 66 – 33037, Pasian di Prato (UD).
Data Protection Officer
The company’s Data Protection is identified in the company ONEMORE S.R.L., Via Carnia n. 1, Rodeano Alto, Rive D’Arcano (UD), whose contact details are as follows:
Purpose and legal basis of the processing. Legitimate interests pursued
Data will be processed:
a) to fulfil the legal obligations to which the Joint Data Controllers are subject, including the tax, accounting, administrative obligations connected with the provision of services or sale of their products;
b) for and in the context of the execution of the contracts of which the Customer is a party or for the implementation of pre-contractual measures adopted at the request of the same;
c) for the assessment, exercise or defence of a right of the joint Controllers, also in court;
d) for the communication of data between the Joint Controllers, as well as between parent companies, subsidiaries or associates, for administrative-accounting purposes, or connected to activities of an organizational, administrative, financial and accounting nature;
e) for sending commercial communications on products and services similar to those already purchased (so-called “soft spam”), without prejudice to the right of the data subject to object at any time;
f) for the conduct of promotional initiatives and the sending of commercial communications, by the Joint Controllers, regarding their own and third party products and services – including the other companies of the Retelit Group – operating in the digital services, infrastructure and ICT sectors, through e-mail, newsletter, sms, mms, fax or similar and/or by means of the postal service or telephone calls with an operator;
g) to carry out profiling activities in order to guide the promotional offer and customize the marketing activities referred to in letter f) above.
h) for the communication of Data to third parties operating in the digital services, infrastructure and ICT sectors – including the other companies of the Retelit Group – for promotional initiatives and the transmission of commercial communications, by the latter, on its products and services.
The processing of data for the purposes under a) and b) does not require the consent of the Customer as it is necessary to fulfil legal obligations or for the execution of contracts of which the Customer is a part or for the implementation of pre-contractual measures adopted on request of the same, pursuant to art. 6, c. 1, lett. b) and c) of the GDPR.
The processing of Data for the purposes under c), d) and e) does not require the consent of the Customer as it is necessary for the pursuit of the legitimate interest of the joint Controllers, pursuant to art. 6, c. 1, lett. f) of the GDPR.
The processing of data for the purposes under f), g) and h) requires the consent of the customer pursuant to art. 6, c. 1, lett. a).
With reference to the activities referred to in letter h), it should also be noted that, in accordance with the provisions of the Personal Data Protection Authority, further information on the processing will be provided to you by third parties to whom the Data may be communicated, should those third parties not be individually identified and should all elements relating to their processing activities not be already provided herein. In this context, as regards the processing of Data by Retelit and the other companies of Retelit Group, please refer to the information available on the website www.retelit.it/en/home.
Provision of data and consequences in case of non-provision
The provision of data for the purposes under a) and b) constitutes, respectively, a legal and contractual obligation. The provision of Data for the purposes c) and d) is instead optional but necessary for the pursuit of the legitimate interests of the Joint Data Controllers indicated above. In all these cases, failure to provide the Data will make it impossible for the Joint Data Controllers to establish or continue having commercial relations with the Customer. The provision of Data for the purposes under f), g) and h) is optional and their failure to provide it will make it impossible for the Joint Data Controllers to carry out activities instrumental to pursue the purposes in question, without any consequence for the establishment or the execution of the contract with the Customer.
Recipients or categories of recipients
The Data may be made accessible, brought to the knowledge of or communicated to the following subjects, who, depending on each case, may be appointed by the Companies as data processors or persons authorized to process them, or they will act as independent controller:
In any case, Data will not be disclosed.
Data will be stored for a maximum period equal to the statute of limitation applicable to the rights which can be exercised by or towards the Joint Controllers, as applicable from time to time. In case of treatment for marketing purposes, Data will be kept for a maximum period of 24 months. In case of treatment for profiling purposes, Data will be kept for a maximum period of 12 months.
Transfer of Data to third countries
Data will not be disclosed outside the European Union. In the event that the data is communicated or transferred outside the European Union, the Joint Data Controllers will comply with the conditions set out in articles 45 and following of the GDPR for such communication or transfer.
Access rights, cancellation, limitation, and portability
The data subjects are recognized the rights referred to in articles 7, c. 3, and from 15 to 20 of the GDPR. By way of example, each data subject may therefore:
a) obtain confirmation that his/her personal data is being processed;
b) if a treatment is in progress, obtain access to his/her personal data and information relating to the treatment and request a copy of his/her personal data;
c) obtain the correction of inaccurate personal data and the integration of incomplete personal data;
d) obtain, under the conditions foreseen by art. 17 of the GDPR, the erasure of his/her personal data;
e) obtain, in the cases provided for by art. 18 of the GDPR, the limitation of the processing;
f) receive his/her personal data in a structured format, commonly used and machine-readable and request their transmission to another data controller, if technically feasible.
Right to object to the processing carried out for legitimate interest
Each data subject has the right to object at any time to the processing of his/her personal data carried out for the pursuit of a legitimate interest of the Joint Data Controllers. In the event of opposition, your personal data will no longer be processed, provided that there are no legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or defence of a right in court.
Right to object and withdraw consent in relation to the processing carried out for marketing purposes
Each data subject may revoke the consent given to the processing of his/her Data for the purposes f), g) and h) at any time, or oppose to their processing, by sending an email to firstname.lastname@example.org or by clicking on the appropriate link inside each e-mail message.
The opposition to the treatment exercised through these methods also extends to the sending of commercial communications by means of the postal service or telephone calls with an operator, without prejudice regarding the possibility of exercising this right in part, opposing, for example, only to the treatment carried out through automated communication systems.
Right to withdraw consent
If consent is required for the processing of personal data, each data subject may also revoke the consent already given at any time, without prejudice to the lawfulness of the treatment based on the consent given before the revocation. Consent can be revoked by writing an email to email@example.com.
Right to lodge a complaint with the Authority
Each data subject may lodge a complaint with the Data Protection Authority if he/she believes that his/her rights held under the GDPR have been violated, according to the procedures indicated on the Data Protection Authority website at www.garanteprivacy.it/home_en.
Last update: May 20th 2020