This information is provided by SEC Newgate S.p.A. (“Company“) in compliance with EU Regulation no. 679/2016 on the protection of personal data (“GDPR“) and with Legislative Decree no. 196 of 30 June 2003, containing the Personal Data Protection Code.
The Company intends to guarantee the maximum transparency of its operations towards users and customers.
This policy, which is provided pursuant to article 13 of the GDPR, explains the Company’s privacy practices in relation to the personal information voluntarily provided by user filling in the form available on the website www.secnewgate.com (hereinafter the “Site”) in the “contact us” section and to download the chosen document.
This privacy is applicable only to the Company Site and not to other websites that may be consulted by the user via links. The Company has no responsibility for the websites that can be accessed through links in the Site.
1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The Data Controller is SEC Newgate S.p.A., with registered office in Via Ferrante Aporti 6/8, Milan (MI) and head offices in Via Ferrante Aporti, 6/8 20125 Milan and 14 Greville Street London EC1N 8SB. The Company can be contacted by sending an e-mail to: firstname.lastname@example.org.
2. NATURE OF THE DATA, PURPOSE OF THE PROCESSING AND STORAGE PERIOD
The Company shall process the identity and contact data of the user; the optional, explicit, and voluntary sending of e-mails to the addresses indicated on the Site entails the subsequent acquisition of the user’s name and e-mail address (as well as any other personal data included in the message or otherwise provided by the user), necessary to respond to requests or to download the chosen document. In this case, the data acquired will be processed for the purpose of:
- responding to users’ requests and managing relations with users;
- initiating download of chosen document and
- obtaining anonymous statistical information.
Users may be contacted by e-mail, telephone, or other communication systems by one of our operators. This Personal Data will be kept for the period necessary to respond to user’ request, not exceeding 12 months, except for Personal Data related to a possible contractual relationship, which will be kept no longer than 10 years.
In addition to the purpose stated above, the personal information of the user may be processed by the Company to inform him on an event. In this case the personal data are processed for the purposes of the legitimate interests pursued by the Company, represented by the need to be able to send its stakeholders occasional information on ongoing projects, activities and initiatives organized during the year, in the interest of the recipients themselves. In any case, if the data subject no longer wishes to receive communications from Company, he/she may always ask to be removed from the mailing list either by using the “unsubscribe” function present in every communication sent by Company or by making a request to email@example.com. The data provided will only be stored for as long as the service is active and, in any case, no longer than 24 months after the last interaction with the recipient, without prejudice to the right to object to further processing.
The personal data will not be communicated to other subjects, nor will they be disclosed to third parties except for statistical purposes, in respect of anonymity.
4. SCOPE OF DATA COMMUNICATION
For the performance of activities directly connected with or instrumental to the provision and distribution of the services offered through the Site, the personal data collected and processed may be communicated to third parties who operate on behalf of the Company as data processors pursuant to Article 28 of the GDPR.
Personal data will be processed exclusively by authorized personnel who have been given specific instructions on how to process them. Finally, we remind you that personal data will not be disclosed, except in the cases described above and/or provided for by law.
5. TRANSFER OF PERSONAL DATA OUTSIDE THE EEA
The user’s personal data may be transferred outside the European Economic Area (“EEA”), also through inclusion in databases shared and managed by third parties, whether or not within the perimeter of control of the Company. The management of the database and the processing of such data are bound to the purposes for which they were collected and are carried out in full compliance with the privacy and security standards set out in the applicable data protection laws. In every instance when the user’s personal data is transferred internationally outside of EEA territory, the Company will take all contractual measures necessary and suitable to ensure an adequate level of protection of their personal data, under the contents of this notice on the processing of personal data.
6. NATURE OF PROVISION AND CONSEQUENCES OF NON-COMMUNICATION
The user is free to provide the personal data. Failure to provide such data will make it impossible for the Company to provide adequate feedback or to download the chosen document.
7. PROCESSING MEANS
Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
8. RIGHTS OF THE INTERESTED PARTIES
The user may – as an interested party – exercise, at any time, the following rights:
- Right of access (art. 15 of the GDPR) – You have the right to obtain confirmation about the existence or not of a processing concerning your personal data as well as the right to receive any information relating to the same processing
- Right to rectification (Art. 16 of the GDPR) – You have the right to obtain the rectification of your personal data, if they are incomplete or inaccurate
- Right to erasure (Art. 17 of the GDPR) – in certain circumstances, you have the right to obtain the erasure of your personal data in our archives
- Right to restriction of processing (Article 18 of the GDPR) – upon the occurrence of certain conditions, you have the right to obtain the limitation of the processing of your personal data
- Right to data portability (Art. 20 of the GDPR) – You have the right to obtain the transfer of your personal data to a different data controller as well as the right to obtain in a structured format, commonly used and readable by automatic device, the data concerning you
- Right to object (article 21 of the GDPR) – You have the right to formulate a request to object to the processing of your personal data in which to give evidence of the reasons justifying the opposition; the Data Controller reserves the right to evaluate this request, which may not be accepted if there are compelling legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms
- Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR) – in the event that you believe that the processing that concerns you violates the legislation on the protection of personal data, you can lodge a complaint with the supervisory authority of the member state in which you usually live, work or the place where the alleged violation occurred
- Right to an effective judicial remedy (art. 79 of the GDPR).