Policy in accordance with articles 13 of eu regulation 679/2016 on personal data processing for marketing purposes

INNOVERY S.p.A. (hereinafter referred to as the “Data Controller” or “Company”) considers the protection of your personal data to be of utmost importance. We ensure that the processing of personal data, carried out through any means, whether automated or manual, complies with the rights recognized by EU Regulation No. 679/2016 (GDPR), as well as Legislative Decree No. 196/2003 (Privacy Code), as amended and supplemented by Legislative Decree No. 101/2018 and any other applicable national and/or community legislation.

According to the GDPR Regulation, before processing Personal Data, it is necessary to inform the individual to whom such Personal Data belongs (“Data Subject”) about the purposes and methods of processing. The purpose of this document is therefore to provide, in a simple and clear manner, all the information that will be useful to enable you to communicate your Personal Data to the Controller in a conscious and informed manner and, at any time, request and obtain clarifications and/or rectifications and exercise your rights.

DATA PROCESSING AND CONTACTS CONTROLLER

Innovery S.p.a., in the person of its legal representative pro tempore, with registered office in Strada 4, Pal. A6, snc c/o Centro Direzionale Milanofiori 20057 – Assago (MI), Tax Code and VAT number 02556430987, PEC: amministrazione@cert.innovery.it, E-MAIL: privacy@innovery.net

INTERESTED PARTIES

Potential Customers and Customers (natural persons or, in the case of legal persons, their business contacts).

PURPOSES OF THE PROCESSING

Personal data are processed only with your specific and distinct consent (Art. 23 and 130 Privacy Code and Art. 7 GDPR) for the following Marketing purposes:

send you, by traditional or automated means, by e-mail, post and/or sms and/or telephone contacts, newsletters, social networks, apps or other means, commercial communications and/or advertising material on products or services offered by the Controller and satisfaction surveys on the quality of services;

send you by traditional or automated means, via e-mail, post and/or sms and/or telephone contacts, newsletter, social, app or other means, commercial and/or promotional communications from third parties (e.g. business partners and other companies of the Group);

Please note that if you are already our Customer, we may still send you commercial communications relating to the Controller’s services and products similar to those you have already used, unless you express your disapproval (Art. 130 aragraph 4 of the Privacy Code – Marketing Purposes of similar products/services).

LEGAL BASIS OF THE PROCESSING

The legal basis for the purposes set out in the previous paragraph is the consent that you have provided explicitly and freely, as communicated to you in advance in accordance with Article 6, paragraph 1, letter a) of the GDPR. The provision of data and consent is optional. The consent given for the processing for marketing purposes can be revoked at any time in accordance with Article 7, paragraph 3 of the GDPR, subject to the lawfulness of the processing carried out before revocation. The failure to provide consent only results in the impossibility to proceed with the sending of promotional material and contacting you for marketing purposes.

CATEGORIES OF PERSONAL DATA SUBJECT TO PROCESSING

The term personal data refers to the definition contained in Article 4 of the GDPR. The Controller processes personal data of COMMON NATURE including mainly identification and personal data (e.g. first name, surname, address of domicile or residence, identity document, place and date of birth, tax code), contact data (e.g. telephone, e-mail, PEC), profession and areas of interest, collected with the consent of the data subjects to receive communication regarding promotional, commercial, and advertising activities related to solutions, products, services, events, initiatives, or partnerships of the Data Controller.

PROCESSING METHODS

Personal data will be processed in non-automated form, on paper, or by automated, computerised or telematic methods, in compliance with Article 5 of the GDPR as follows:

lawfully, fairly and transparently with regards to the Data Subject;
so as to ensure the integrity, confidentiality and availability of personal data;
collected and recorded for specified, explicit and legitimate purposes, and subsequently processed in terms compatible with these purposes;

adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
exact and, if necessary, updated;
processed in a manner that ensures an adequate level of security;
stored in a form which permits identification of the data subject for a period of time not exceeding the fulfilment of the purposes for which they are processed.

PERSONAL DATA RETENTION PERIOD

Personal data are processed for the time necessary to fulfil the purposes set out in this privacy policy, and specifically until all activities specified in the contractual agreements are completed.

The retention of Personal Data is carried out in accordance with the applicable legal regulations for the period directly related and necessary for the above-mentioned purposes, and in any case no longer than 2 years for the data collection for marketing purposes.

PERSONAL DATA COMMUNICATION

The data may be disclosed to third parties only with your explicit consent. Without the need for explicit consent, the Data Controller may communicate your data to companies within the Innovery Group and to those third parties to whom communication is required by law, such as Judicial Authorities or the Tax Agency. These third parties will process the data as independent data controllers or data processors.

The full list of Data Processors is available by submitting a written request to the Data Controller.

RIGHTS OF THE INTERESTED PARTIES

In addition to the right of revocation in accordance with Article 7 paragraph 3 of the GDPR, as a Data Subject, you are guaranteed all the rights specified in Art. 15 – 20 GDPR, including the right to access, rectification and deletion of data, the right to restriction and objection to processing, the right to withdraw consent to processing (without prejudice to the lawfulness of processing based on consent obtained before the revocation), as well as the right to lodge a complaint with the personal data Protection Authority if you consider that processing concerning you violates the GDPR or the Italian law.

The aforementioned rights can be exercised by sending a written communication via email to the following PEC address: amministrazione@cert.innovery.it; privacy@innovery.net.