1. Data subject to processing.
2. Purposes, legal basis and processing methods.
3. Compulsory or optional provision of data.
4. Data access and disclosure.
5. Identification details of the Data Controller and rights of the Data Subject.
This statement addresses the way that personal data of users of the Website www.icaspa.com will be processed.
Since the Website operates and is hosted within the Italian territory, the information and data regarding users will be processed by Industria Chimica Adriatica S.p.A., which has its registered office in Civitanova Marche (Italy), Via Sandro Pertini n.52 – zona Industriale A, VAT No. 00909430431, in the person of its pro-tempore legal representative (hereinafter "ICA"), pursuant to Legislative Decree No. 196 of 30 June 2003 as amended and supplemented, as well as EU Regulation No. 2016/679 (hereinafter the "GDPR").
1. Data subject to processing
As the Data Controller, ICA informs the Website users that the only data that will be processed (processing meaning any operation or set of operations performed on personal data, such as collecting, recording, organizing, structuring, retaining, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or any other form of making the data available, aligning or interconnecting, limiting, removing or destroying the data) is common personal information (name, company name, address, telephone, email address), which is disclosed when making a request for information and/or when entering into agreements for goods and services offered by the Controller, or acquired from third parties or through commercial activities.
2. Purposes, legal basis and processing methods.
The data collected shall only be used for the purposes specified below and to update users on ICA and general news, promotions, competitions and initiatives.
ICA shall use the data collected:
- even without the express consent of the Data Subject, in accordance with Article 6(b) of the GDPR:
a) to implement sale agreements or agreements for the provision of services (provision of goods or services);
b) to fulfill the pre-contractual, contractual and tax obligations resulting from the relationships entered into;
c) to comply with any legal requirements, standards and regulations;
- only after gaining specific and distinct consent, pursuant to Article 7 of the GDPR:
a) for direct marketing activities, including sending newsletters;
b) for market research or other research to improve its products or services;
c) to recruit staff.
Legitimate interests of the Controller may, however, provide lawful grounds for processing in the cases referred to in points d), e) and f), where personal data is collected at fairs, conferences, events, training courses, seminars and/or other professional contacts, without prejudice to the right to immediately object to processing for said purposes. In such cases, the purpose of growing the business, implementing its respective products and services and seeking staff shall be deemed legitimate interests of ICA to justify the processing.
The data collected may be processed electronically or on paper and shall in any case be protected through appropriate security systems that are kept constantly up-to-date and stored in a safe and controlled environment.
Data shall be processed for the time necessary to fulfill the purposes mentioned above and, in any case, for no longer than ten years from the termination of the contractual relationship and/or provision of services i.e. from the collection of data for the purposes referred to in points d), e) and f).
3. Compulsory or optional provision of data.
The provision of data is optional, except where the information collected is required to be used to execute a contract or service requested by the user. In such case, the refusal to provide data shall make it impossible for ICA to implement the request.
ICA may also make data processing mandatory for sending newsletters to allow the Data Subject to participate in particular sales initiatives.
4. Data access and disclosure.
The personal data entered by the user shall be known and used by ICA employees for the sole purpose of implementing the purposes referred to in paragraph 2.
The data may be disclosed to other parent companies, subsidiaries or affiliated companies of ICA and belonging to the same Group of companies established in Italy, in the EU or in countries outside the EU, provided that, in the case of the latter, the law of the country of destination or transit ensures an adequate level of data protection and is subject to an adequacy decision by the European Commission in accordance with Article 45 of the GDPR or, failing that, provided that there are sufficient safeguards to ensure the rights of the Data Subjects and effective means of protection pursuant to Article 46 and 47 of the GDPR.
The data may be disclosed to providers of electronic communications services, banks, financial intermediaries, credit institutions and other funding bodies, managers of centralized IT systems (risk, fraud prevention centers, etc.), insurance companies, consultants and freelancers providing consultancy to ICA and assistance in debt recovery and dispute management, companies that perform packaging, shipping and delivery services or that organize the sending of emails and sales information, in their capacity as external data managers. An up-to-date list of data managers is held at the Data Controller's registered office.
5. Identification details of the Data Controller and rights of the Data Subject.
The Controller of the data collected is Industria Chimica Adriatica S.p.A., with its registered office in via Sandro Pertini, 52 – 62012 Civitanova Marche (Italy), to whom the Data Subject can write by registered mail with acknowledgment of receipt or by e-mail privacy@icaspa.com to exercise his/her rights under Article 7 of Italian Legislative Decree 196/2003 and Articles 15 et seq. of the GDPR, i.e.:
a) to obtain information as to the existence of his/her personal information; the origin of the personal data; the purpose and methods of the processing and logic applied in the case of processing using electronic tools; the identification details of the Data Controller, entities or categories of entities to whom the personal data may be disclosed or who may become aware thereof;
b) to update, rectify or supplement the data; delete, limit, transform into an anonymous form or block data processed unlawfully, as well as data which is not required to be retained for the purpose for which the data was collected or subsequently processed; to certify that the requested action has been made known – also with regard to the content – to those to whom the data was disclosed or disseminated, unless this requirement proves impossible or requires resources that are manifestly disproportionate to the protected right;
c) to receive the personal data concerning him/her in a structured, commonly-used and machine-readable format, as well as the right to transmit this data to another controller without hindrance from the first controller, where the processing is based on consent or on an agreement and is performed by automated means;
d) to object to the processing of his/her personal data, even if it is relevant for the purpose of the collection, or to object to the processing of his/her personal data for the purpose of sending advertising materials, direct selling, carrying out market research or sending commercial communications.
In any case, the Data Subject shall have the right to submit a complaint with the relevant supervisory body (Privacy Authority).
1/29/2019 4:38:40 PM