Owner and manager of the processing of the personal data
The Data Controller of personal data (hereinafter the Data Controller) is Eight Twenty Srl, with registered office in Viale Gemona del Friuli 20, 00188 – Rome (RM), registered in the register of companies in Rome with the number REA 1235555, CF, P VAT no. 10493101009. 10493101009.
RESPONSIBLE FOR THE PROTECTION OF PERSONAL DATA (DPO)
The Data Controller has appointed a Personal Data Protection Officer (DPO) who can be contacted at the following e-mail address: firstname.lastname@example.org.
OBJECT AND METHODS OF TREATMENT
The processing of Personal Data for the purposes of this information is to be understood as any operation or set of operations applied to Personal Data, such as the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
The Data Controller will process the personal data of the interested parties communicated or collected (hereinafter “Personal Data”). Specifically, the following Personal Data may be processed:
• Contact details: name, surname, email address, telephone number, the content of communication messages and other Personal Data that may be provided during communications between the Data Controller and the interested parties. The processing of this Personal Data is necessary to provide feedback to the communications received or requests made.
PURPOSE AND LEGAL BASIS OF THE PROCESSING
The Data Controller collects and processes Personal Data for the following purposes:
1. purposes strictly connected to the management of requests for information and / or assistance made by the interested parties;
2. purposes related to the fulfillment of obligations under EU and national regulations, the protection of public order, the detection and prosecution of crimes;
3. purposes of commercial promotion and / or sale by the Owner also through the use of remote communication techniques.
The consensual provision of Personal Data for the purposes referred to in points 1 and 2 above, connected to a request from the interested parties or provided for by a specific regulatory provision, is mandatory and, failing that, the Data Controller will be unable to provide the interested parties with the services and the information requested and / or send the interested parties feedback to the questions they submitted.
The Data Controller will carry out processing operations of Personal Data, for the purposes of pursuing the purpose indicated in point 3, only after obtaining the express consent from the interested parties, which is not binding for the purpose of carrying out the activities between the parties.
RECIPIENTS OF PERSONAL DATA
For the pursuit of the aforementioned purposes, the Data Controller communicates Personal Data to the third parties identified below.
a) employees, consultants, collaborators, temporary workers and / or any other natural person who carries out their business on the basis of the instructions received from the Data Controller;
b) subjects (both physical and legal) who carry out tasks of a technical or organizational nature functional to its activities on behalf of the Data Controller;
c) bodies, public and private authorities and supervisory and control bodies;
The subjects belonging to the above categories will process the Personal Data as:
- Autonomous data controllers;
- Responsible for the treatment;
- Persons authorized to process.
The Data Controller will give adequate instructions to the Managers and Authorized Persons for processing, designated by formal appointment, aimed at adopting adequate security measures, in order to guarantee the confidentiality, security and integrity of the Personal Data.
TRANSFER OF PERSONAL DATA
The Data Controller does not transmit Personal Data to companies, entities or international organizations having offices in countries located outside the territory of the European Union.
RETENTION PERIOD OF PERSONAL DATA
The Data Controller keeps the Personal Data acquired in its systems in a form that allows identification of the Data Subjects for a period of time strictly necessary for the pursuit of the purposes for which they are processed and in any case for a maximum time of 10 years.
RIGHTS OF INTERESTED PARTIES
Pursuant to art. 15–21 of the GDPR, in relation to Personal Data, the interested party has the right to:
- access and request a copy;
- request cancellation;
- request its modification;
- obtain the limitation of the processing;
- oppose the processing carried out on the basis of the legitimate interest of the Data Controller;
- receive in a structured format, commonly used and readable by an automatic device and to transmit such Personal Data without hindrance to another data controller, where technically feasible;
- lodge a complaint with a supervisory authority.
If the treatment is based on consent, pursuant to art. 7 of the GDPR, the interested party may revoke any consent given at any time, without prejudice to the lawfulness of the processing performed before the revocation.
If the interested party wishes to have more information on the processing of his Personal Data, or to exercise the rights indicated above, the same can send a specific request through the following methods:
- registered letter with return receipt addressed to Eight Twenty Srl, Viale Gemona del Friuli, 20 – 00188 – Rome (RM);
- by contacting the Personal Data Protection Officer at email@example.com.
UPDATE OF THE INFORMATION
This information is updated in May 2021.