Subject of ProcessingThe Data Controller processes personal, identifying data (e.g., first name, last name, company name, address, phone number, e-mail, bank and payment data) - hereinafter “personal data” o or also “data” disclosed by you when concluding contracts for the services of the Data Controller.
Purpose of ProcessingYour personal data are processed as follows.A) WIthout your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
- conclude contracts for the services of the Data Controller; fulfill pre-contractual, contractual and tax obligations arising from existing relationships with You;
- Fulfill obligations required by law, regulations, EU legislation or an order of the Authority (such as anti-money laundering matters);
- exercise the rights of the Data Controller, such as the right to defense in court;
- send you by e-mail, mail and/or sms and/or phone contact, commercial and/or promotional communications from third parties (e.g., business partners, insurance companies, other Card Protection Plan Group companies).
Mode of processingThe processing of your personal data will be carried out through the operations indicated in Article 4 of the Privacy Code and Article 4 n.2 of the GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Your personal data is subject to both paper and electronic and/or automated processingThe Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no more than 10 years after the termination of the relationship for Service Purposes and for no more than 2 years from the collection of data for Marketing Purposes.
Access to dataYour data may be made accessible for the
purposes set out in Article 2.A and 2.B:
- To employees and collaborators of the Data Controller or of Lualtek S.r.l. in Italy and abroad, in their capacity as persons in charge and /or internal data processors and/or system administrators;
- To third party companies or other entities (including but not limited to, banks, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as
Data disclosureWithout the need for express consent (pursuant to Art. 24 lett. a), b), d) of the Privacy Code and Art. 6 lett. b) and c) of GDPR), the Data Controller may disclose your data for the purposes of Art. 2.A) to Supervisory Bodies (such as IVASS), Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom disclosure is mandatory by law for the fulfilment of said purposes. These subjects will process the data as autonomous data controllers. Your data will not be disseminated
Data transferPersonal data is stored on servers located in Comiso (RG) – Italy, within the European Union.
It is in any case understood that the Data Controller, should it become necessary, will have the right to move the servers outside the EU. In this case, the Data Controller assures as of now that the data transfer outside the EU will be carried out in accordance with the applicable legal provisions, subject to the conclusion of the standard contractual clauses provided by the European Commission.
Nature of data provision and consequences of refusal to respondThe provision of data for the purposes of Article 2.A) is mandatory. In their absence, we will not be able to guarantee you the services of Art. 2.A).On the other hand, the provision of data for the purposes of Article 2.B) is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material related to the Services offered by the Data Controller. You will, however, continue to be entitled to the Services referred to in Article 2.A).
Rights of the data subjectAs the data subject, you have the rights set forth in Art. 7 of the Privacy Code and Art. 15 of GDPR, namely the rights to:
- Obtain confirmation of the existence of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
- Obtain indication of: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the data controller, data processors and the designated representative under Article 5, subsection 2 of the Privacy Code and Article 3, subsection 1 of the GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated of who may become aware of them as designated representative in the territory of the State, managers of agents;
- Obtain: a) the updating, rectification or, when interested, the integration of data; b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) certification that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
- Oppose, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning you, even if
pertinent to the purpose of collection; b) to the processing of personal data concerning you, for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator via e-mail and/or traditional marketing methods via telephone and/or paper mail. It should be noted that the data subject’s right to object, set out in point b) above, for direct marketing purposes through automated modalities also extends to traditional ones, and that, in any case, the possibility for the data subject to exercise the right to object even partially remains unaffected. Therefore, the data subject may decide to receive communications only by traditional means or only by automated means or neither type of communication.
Where applicable, the subject also has the rights under Articles 16-21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, and right to object), as well as the right to lodge a complaint to the Data Protection Authority.
Ways of exercising rightsYou may at any time exercise your rights by sending:
- a registered letter with return receipt to Lualtek Srl – Via Attilio Regolo, 26 – 97013 Comiso (RG);
- an e-mail to firstname.lastname@example.org.