This information is provided by SEC Newgate S.p.A. (“Company“) in compliance with EU Regulation no. 679/2016 on the protection of personal data (“GDPR“) and with Legislative Decree no. 196 of 30 June 2003, containing the Personal Data Protection Code.
The Company intends to guarantee the maximum transparency of its operations, also in the processing of personal data that it acquires for the fulfilment of its contractual obligations towards users, customers, suppliers and, in general, towards all its stakeholders.
This policy explains the Company’s privacy practices and describes the types of personal information that the Company collects.
This privacy is applicable only to the Company Site and not to other websites that may be consulted by the user via links. The Company has no responsibility for the websites that can be accessed through links in the Site.
1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The Data Controller is SEC Newgate S.p.A., with registered office in Via Ferrante Aporti 6/8, Milan (MI) and head offices in Via Ferrante Aporti, 6/8 20125 Milan and 14 Greville Street London EC1N 8SB. The company can be contacted by sending an e-mail to: firstname.lastname@example.org .
2. NATURE OF THE DATA AND PURPOSE OF THE PROCESSING
The Company shall process the following personal data for the purposes indicated below:
- Identity and contact data: the optional, explicit, and voluntary sending of e-mails to the addresses indicated on the Site entails the subsequent acquisition of the user’s address, necessary to respond to requests, as well as any other personal data included in the message. In this case, the data acquired will be processed exclusively for the purpose of responding to users’ requests and managing relations with users. Users may be contacted by e-mail, telephone, or other communication systems by one of our operators. This Personal Data will be kept for the period necessary to respond to user’ request, not exceeding 12 months, except for Personal Data related to a possible contractual relationship, which will be kept no longer than 10 years.
- Navigation data: The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses and/or the domain names of the computers and terminals used by users, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
The data used for the sole purpose of obtaining anonymous statistical information on the use of the Site are kept for the time necessary to carry out the activities of analysis and comparative statistical processing, not exceeding XXX] months.
The personal data will not be communicated to other subjects, nor will they be disclosed to third parties except for statistical purposes, in respect of anonymity.
4. SCOPE OF DATA COMMUNICATION
For the performance of activities directly connected with or instrumental to the provision and distribution of the services offered through the Site, the personal data collected and processed may be communicated to third parties who operate on behalf of the Company as data processors pursuant to Article 28 of the GDPR.
Personal data will be processed exclusively by authorized personnel who have been given specific instructions on how to process them. Finally, we remind you that personal data will not be disclosed, except in the cases described above and/or provided for by law.
5. TRANSFER OF PERSONAL DATA OUTSIDE THE EU
For some of the purposes indicated in paragraph 2, the user’s personal data may be transferred outside the EU, also through inclusion in databases shared and managed by third parties, whether or not within the perimeter of control of the Company. The management of the database and the processing of such data are bound to the purposes for which they were collected and are carried out in full compliance with the privacy and security standards set out in the applicable data protection laws. In every instance when the user’s personal data is transferred internationally outside of EU territory, the Company will take all contractual measures necessary and suitable to ensure an adequate level of protection of their personal data, under the contents of this notice on the processing of personal data, including the Standard Contractual Clauses approved by the European Commission.
6. NATURE OF PROVISION AND CONSEQUENCES OF NON-COMMUNICATION
Except for navigation data, the user is free to provide the personal data. Failure to provide such data will make it impossible for the Company to provide adequate feedback.
7. PROCESSING MEANS
Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, illicit or incorrect use and unauthorized access.
8. RIGHTS OF THE INTERESTED PARTIES
The user may – as an interested party – exercise, at any time, the following rights:
- Right of access (art. 15 of the GDPR) – You have the right to obtain confirmation about the existence or not of a processing concerning your personal data as well as the right to receive any information relating to the same processing
- Right to rectification (Art. 16 of the GDPR) – You have the right to obtain the rectification of your personal data, if they are incomplete or inaccurate
- Right t erasure (Art. 17 of the GDPR) – in certain circumstances, you have the right to obtain the erasure of your personal data in our archives
- Right to restriction of processing (Article 18 of the GDPR) – upon the occurrence of certain conditions, you have the right to obtain the limitation of the processing of your personal data
- Right to data portability (Art. 20 of the GDPR) – You have the right to obtain the transfer of your personal data to a different data controller as well as the right to obtain in a structured format, commonly used and readable by automatic device, the data concerning you
- Right to object (article 21 of the GDPR) – You have the right to formulate a request to object to the processing of your personal data in which to give evidence of the reasons justifying the opposition; the Data Controller reserves the right to evaluate this request, which may not be accepted if there are compelling legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms
- Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR) – in the event that you believe that the processing that concerns you violates the legislation on the protection of personal data, you can lodge a complaint with the supervisory authority of the member state in which you usually live, work or the place where the alleged violation occurred
- Right to an effective judicial remedy (art. 79 of the GDPR).