COLLECTION AND PROCESSING OF PERSONAL INFORMATION IN ACCORDANCE WITH OUR WEBSITE
GREENPROJECT ITALIA SRL, located in Via Massari,42 - Resana 31023 TV as the legal address, (“Data Controller”), acts as the “Data Controller”, informs you (Data Subject) that in accordance with the Article 13 and 14 of the European Regulation n. 2016/679 (EU GDPR) will be collecting your personal information for the purposes and through the means described in this sections.
1. Collection of Personal Information
The Data Controller processes and holds Personally identifiable information (for example, name, last name, business name, address, phone number, e-mail, bank details and payments) – communicated by you to us, to provide you with the services connected with the data controller.
2. Why do we collect your Personal Information?
Your personal data is processed:
Without any given consent by the data subject (art 6 lit. b), e) GDPR), for the following purposes:
– for the conclusion of a contract:
– for the performance of a contract to which the data subject is part of or in order to take steps at the request of the data subject prior to entering into a contract;
– to comply with a legal obligation to which the controller is subject to;
– to exercise the rights of the Data Controller, for example the right to counsel;
If given consent by the data subject (art. 7 GDPR) to the processing of his/her personal data for the following Marketing purposes:
– to send emails, sms, phone calls, newsletters, commercial communications and/or advertising material on products or services offered from the Data controller and to detect the level of customer satisfaction.
3. How do we collect your Personal Information?
The processing means any operation or set of operations which is performed on personal information (art. 4 n. 2) GDPR such as: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Your personal data may be processed both on paper or digital format and/or by automated means.
The data controller will process personal information for the time necessary to fulfill the purposes listed above, however not more than 10 years after the termination of the relationship for service purposes and not more than 2 years for marketing purposes.
4. Who has access to your Personal Information
Personal Information can be made accessible for the following purposes (art. 2.A) and 2.B):
- to employees, approved partners and corporates of the Data Controller, in Italy and abroad, in their capacity of appointee and/or internal supervisors and/or system administrators;
- to third party companies or other subjects (for example, credit institutions, professional firms, consultants, insurance companies) for their outsourcing activity on behalf of the Data Controller, as external supervisor data controllers.
5. With whom do we share your Personal Information?
Without any given consent by the data subject (art 6 lit. b) and c) GDPR), the Data Controller can share your data with (art.2.A) Supervisory boards, juridical authority, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law, in order to accomplish their purposes.
These entities will process the personal information as Independent Data Controllers.
Your personal data will not be shared in any other way.
6. Where do we store your Personal Information?
The Personal information we collect from you will be stored in servers located inside the European Union. However, if considered necessary, the Data Controller has the faculty to transfer the servers outside the EU. In any case, the Data Controller ensures that the transaction of the data outside the EU will happen in compliance with the applicable legislations, upon prior agreement on the standard contract clauses envisaged by the European Commission.
7. The purposes of the processing and consequently the rejection to answer
The Personal Information for the purpose described in art.2.A) are mandatory, because without them we, the Controller, would not be able to provide our Services.
The Personal Information for the purpose described in art.2.B) are optional. The Subject can decide to not give any information or to deny subsequently the possibility to process the data already supplied: in this case, the subject would not receive any newsletters, commercial communication and advertising material of the Services provided by the Data Controller.
Nevertheless the Subject continues to have the right to benefit from the Services for the purposes described in art.2.A).
8. What are your rights regarding your Personal Information?
Subject to your applicable privacy legislation art.15 GDPR, you may be entitled to certain of the following rights.
I. You may have the right to confirm the existence or not of your personal information, even if not registered when communicated in an intelligible form;
II. Right to personal information portability
a) the origin of the personal information;
b) the purposes and methods of processing of the Personal Information;
c) the logistics applied when the personal information is processed through digital tools;
d) the identification details of the Controller or a Processor in the Union as described in art. 3, comma 1, GDPR;
e) of the subjects or categories of subjects with whom we have shared your personal information or that may have come to know your personal information as designated representatives in the Member State;
III. Access to Personal Data:
a) Right to update and rectify your Personal Information;
b) Right to have your Personal Information deleted or removed, or be transformed into anonymous form or object to data processing, including those that do not need to be kept for the purposes for which the data was collected or subsequently processed;
c) Right to receive the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the information has been communicated or disseminated, except in the case in which this fulfillment is proved impossible or involves the use of means that are manifestly disproportionate to the protected right;
IV. The Right to Object, in everything or partially:
a) for legitimate reasons, to the processing of your personal information;
b) to the processing of your personal information for direct marketing purposes, such as advertising material, direct selling, marketing research and commercial communications. This includes electronic marketing communications, through automated means, so without the intervention of an operator, or through traditional marketing communications through email and/or phone call and/or paper letter.
The right to object to the processing of your personal information for direct marketing purposes through automated means, described in point b), extends also to the traditional ones, which in any case the Data Subject has the possibility to exercise its objection also only partially. Therefore, the Data Subject can decide to receive only communications through traditional methods or only through automated communications or neither.
Where applicable, the Data Subject has the right described in art. 16-21 GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability and right to object), as well as the right to complaint to the Garante Authority.
9. 9. How can you exercise your rights?
You, as the Subject Data, can exercise your rights at any give moment by sending:
- a registered letter of your personal information at the Data Controller's address;
- an e-mail to firstname.lastname@example.org