We hereby provide you with the essential information pursuant to article 13 of Italian Legislative Decree No. 196 of 30.06.2003 (hereinafter, “Privacy Code”) and article 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) regarding the processing of your personal data by ZECA S.p.A. when visiting our website www.zeca.it and in relation to the services offered therein.
SUBJECT: Statement pursuant to GDPR EU 2016/679 regarding the protection of the processing of personal data.
DATA SUBJECT TO PROCESSING
The Controller processes personal, identifier and non-sensitive data (including, but not limited to, name, surname, company name, address, telephone number, email address – hereinafter, “personal data” or “data”) provided by you upon registering on the Controller’s website www.zeca.it (hereinafter, “website”), participating in opinion surveys, filling out registration forms through the website at events or webinars organised by the Controller, through on-line requests for clarification or support and sending of the newsletter.
PURPOSES OF THE PROCESSING
Your personal data is processed:
A) without your express consent (art. 24, letter a), b), c) of the Privacy Code and art. 6, letter b), e) of the GDPR) for the following Service Purposes:
• to permit you to use any services you may request;
• to permit the user to participate in initiatives organised by the Controller through the website (for example, events);
• to process a contact request;
• to fulfil obligations required by law, regulation, EU legislation or by order of the Authority;
• to prevent or detect fraudulent activities or harmful abuse of the website;
• to exercise the rights of the Controller, for example the right to enforce its rights in a court of law.
B) Only upon receiving your specific and separate consent (articles 23 and 130 of the Privacy Code, and art. 7 of the GDPR), for the following other purposes:
• To send you opinion surveys, newsletters and/or invitations to events via email or to register for events organised by the Controller or in which the Controller participates.
TYPES OF DATA THAT IS PROCESSED
The following may be collected or processed via the website:
• browsing data;
• personal data that was voluntarily provided by the user through the forms present within the website or through the e-mail account in the contacts section.
PURPOSE AND LEGAL BASIS OF THE PROCESSING
For the cases referred to in the paragraph PURPOSES OF THE PROCESSING art. A) the legal basis for the processing of your personal data consists in executing a contract to which you are a party or providing a service that you specifically requested or to comply to a legal obligation or to protect our legal interests. The processing of personal data for the purposes set out in the paragraph PURPOSES OF THE PROCESSING art. A) does not require consent from the user since processing is necessary for fulfilling a specific request of the data subject pursuant to art. 6, c. 1, letter b) of the GDPR.
For the cases referred to in the paragraph PURPOSES OF THE PROCESSING art. B) in which the legal basis for the processing your personal data consists in executing a contract to which you are a party or in the provision of a service, the supply of data is required and therefore the refusal to provide data, in whole or in part, would make it impossible for us to execute the contract.
PROVISION OF DATA AND CONSEQUENCES FOR NOT PROVIDING DATA
The provision of data for the purposes set out in paragraph PURPOSES OF THE PROCESSING art. A) is required. Without them, we cannot guarantee your registration on the website nor the services set out in the paragraph PURPOSES OF THE PROCESSING art. A).
The provision of data for the purposes set out in the section PURPOSES OF THE PROCESSING art. B) is optional. Therefore, you can decide whether to provide any data or later deny the possibility of processing data already provided: in this case, you will no longer receive event invitations, newsletters, and opinion surveys via e-mail. Nonetheless, you will continue to be entitled to the services set out in the paragraph PURPOSES OF THE PROCESSING art. A).
METHOD OF PROCESSING
The processing of your personal data is performed according to the operations indicated in article 4 of the Privacy Code and in article 4, no. 2) of the GDPR and in detail are: collection, recording, organisation, storage, consultation, formulation, alteration, selection, retrieval, alignment, use, combination, restriction, disclosure, erasure or destruction of the data. Your personal data will be processed both on paper as well as by electronic and/or automated means.
RECIPIENTS OR CATEGORIES OF RECIPIENTS
Personal data may be made available, disclosed or communicated to the following subjects whom will have been appointed by the data processors or persons in charge of processing, according to the individual circumstances.
• companies that are part of the Controller’s group (parent companies, subsidiaries and associated companies), employees and/or collaborators of any type belonging to the Controller and/or its group companies;
• public or private subjects, natural or legal persons that the Controller relies on to perform ancillary activities for the achievement of the purpose indicated above, or to which the Controller is required to communicate the personal data to fulfil its legal or contractual obligations.
TRANSFER OF DATA TO A THIRD COUNTRY
To fulfil the management of your data according to the paragraph PURPOSES OF THE PROCESSING art. A) and B), some of your personal data may be transmitted to subjects located in another EU Member State or in countries outside the EU. If necessary, the Controller has the right to move the data to a server located in another EU Member State or in countries outside the EU.
The Controller will handle the data for the period deemed necessary to fulfil the purposes set out in points A and B of the paragraph PURPOSES OF THE PROCESSING and in any case for no more than 10 years from the termination of the Service Purpose relationship.
RIGHTS OF THE DATA SUBJECT
The data subject maintains the following rights with regard to their personal data:
• Right of access (Art. 15): The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, obtain access to the personal data.
• Right to rectification (Art. 16): The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• Right to erasure (‘right to be forgotten’) (Art. 17): The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
o the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
o the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
o the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
o the personal data have been unlawfully processed;
o the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the right to lodge a complaint with the European Data Protection Supervisor to the email address firstname.lastname@example.org or to the PEC (certified email): email@example.com
HOW TO EXERCISE RIGHTS
Rights may be exercised at any time by sending:
• a registered letter with return receipt to ZECA S.p.A. – Operating headquarters located in:
STRADA DELLA CHIARA, 25 – 10080 FELETTO (TO)
• a PEC (certified email) to the Company’s PEC address:
This website and the services offered by the Controller are not intended for children under 18 years of age and the Controller does not knowingly collect personal information concerning children. In the event personal data concerning a child were involuntarily recorded, the Controller will immediately delete the data upon the user’s request.
AMENDMENTS TO THIS POLICY
CONTROLLER, PROCESSOR AND PERSONS IN CHARGE
The Data Controller is ZECA whose legal and operating headquarters are located on STRADA DELLA CHIARA 25, 10080, FELETTO (TO).
An updated list of persons responsible for processing personal data is maintained at the operating headquarters of the Data Controller.