Informativa contatti

Processing policy of personal data pursuant to the Regulation 2016/679 (GDPR) of the European Parliament and of the Council and pursuant to the Legislative Decree 196/2003, as amended by the Legislative Decree 101/2018

Data controller: Computec Srl (hereinafter also referred as “Data controller” or “holder”
Office: via C.A. Dalla Chiesa, 5 25017 – Lonato del Garda (BS) Useful contacts: privacy@computeconline.it

Data protection officer: N/A

Recipients: External managers and possible independent data controllers
Auditor and/or certification bodies, IT service providers, Judicial authority and investigative bodies

Purposes in short and management of personal data for their pursuit: Implementation of precontractual measures at the request of the interested party. Data: Identifying data, contact details
Preservation in terms of law Communication; Sending of e-mails of promotional nature about services and activities of the holder; IT security activities

Rights of the data subject and arrangements for the exercise of the rights:
The data subject may at any time exercise the rights stated in articles 15 et seq. of GDPR and, in the cases determined, may exercise the right to complain to the Privacy Authority for the protection of personal data
The data subject may exercise the rights addressing to the data controller at the contact details indicated therein.

Sources of personal data collection: From the data subject; From third parties other than the data subject
IT service providers, Judicial authority and investigative bodies

Hereby, the data controller informs the data subject about:

1) The reason why personal data is processed:

The holder gathers and/or receives:

  • Identifying data
  • Contact details
  • IT data such as IP addresses, e-mail addresses, log

The concession of data is necessary: without the concession the holder is not able to satisfy the data subject requests, received from the form “Contacts” published on the website.

Data may be collected also from third parties, other than the data subject, such as, for example:

  • IT service providers;
  • Data controller partner;
  • Judicial authorities and investigative bodies and law enforcement authorities
  • Data subject’s personal data is processed for the purposes described in the following purpose, that meets the legal bases mentioned in art. 6 of GDPR.

Purposes
a) Giving a feedback to the data subject’s requests about services provided by the holder
b) Managing possible requests coming from judicial authorities, investigative bodies and law enforcement authorities
c) Managing possible pre-contractual negotiations

Legal basis
Execution of pre-contractual measures ;
Commercial promotion activities;
Fulfillment of legal obligations of, among others: Legislative Decree 70/2003 and subsequent amendments
The legitimate interest of the holder, consisting in the right fulfillment of the obligations arising from rules of voluntary application (e.g. quality standards) and from the Legislative Decree 231/2001

Purposes
Communication to third parties and/or recipients such as:

  • Providers of delivery service of the requests showed in the holder’s website
  • Various public bodies and authorities, when requested by the law, or when it is necessary to protect the holder’s rights
  • Subjects who must perform tasks about IT security, e.g. pentest

Legal basis
Performance of contractual and pre-contractual activities;
Commercial promotion activities;
Fulfillment of legal obligations of, among others: Legislative Decree 70/2003 and subsequent amendments
The legitimate interest of the holder, consisting in ensuring the security and the privacy of the treatments

Purposes
IT security activities consisting in:

  • Monitoring HW and SW systems, applications and IT equipment used for the processing of personal data
  • Monitoring services on the web and on platforms of the holder
  • Implementing procedures of detection and notification of personal data breaches (data breach)

Legal basis
The legitimate interest of the holder, consisting in the right fulfillment of the obligations arising from rules of voluntary application (e.g. quality standards) and from the Legislative Decree 231/2001
The legitimate interest of the holder, consisting in ensuring the security and the privacy of the treatments
Fulfillment of legal obligations (detection and notification of data breach events)

The holder does not transfer abroad (non-EU countries) the subject’s personal data. They will not be released or disclosed in any way to non-determined and unidentifiable subjects, neither as third parties.

The communication concerns the categories of data, whose transmission is necessary to perform activities and purposes pursued by the holder in the management of the established relationship, and to give a feedback to the data subject’s requests. The data processing does not require the data subject’s consent when responding to legal obligations or obligations determined in accordance with the established relationship or other exclusion cases expressly provided or depending on the legislation in force or applied, even on a voluntary basis, by the holder or other third parties identified as data processors.
2) How personal data is processed and where and for how long it is stored
The personal data processing is carrying out through paper supports or IT procedures by authorized internal personnel.
They have access to the personal data of the data subject in the terms and limits necessary for carrying out the processing activities.

The data controller periodically verifies the instruments through which the personal data of the data subject is processed and the security measures to provide a constant update. He verifies, also via authorized data processors, that personal data is not collected, processed and stored, when unnecessary or in case the processing procedures are completed.
He verifies and guarantees the personal data’s integrity and authenticity when stored and its use for the purposes actually performed.
The data controller guarantees after verification that excessive, irrelevant or not indispensable personal data will not be used except for the possible storing of the acts or documents containing them, as provided by the law.
The data is stored in electronic archives, located within the European economic area, under adequate security measures.
The data subject’s personal data is stored for the time necessary to achieve the purposes for which they were collected and for the additional time that may be imposed or permitted by law.

In particular:

Identifying data – Contact details
The data storage depends on the time necessary to meet the data subject’s requests.
Except for:
– the restriction of the personal data processing and other guarantees provided in particular cases
– the possible adhesion to the requested services and the establishment of a contractual relationship with the holder

IT data
Storing data time depends on the data processing needs and on the presumed and / or detected risk and on the prejudicial consequences and on the responsibilities arising from it, except for the measures to make the data anonymous or to limit its treatment. In any case, the data must be stored (with effect from the knowledge / detection of the event of danger or data breach) for the time necessary to notify the authority guarantor of any violation of the data detected by the procedures implemented by the holder and to remedy.

The Data Controller will delate any personal data of the data subject when the purposes that legitimize their storage is reached.

3) Rights of the data subject

The data subject has the right to have control over his personal data.
The rights are the following:

  • access;
  • correction;
  • cancellation;
  • treatment limitation;
  • opposition to treatment;
  • portability.

In other words, at any moment, without special charges and formalities the data subject is entitled to:

  • having confirmation that the personal data processing is carried out by the data controller;
    accessing to his personal data and knowing the origin (when the data are not obtained directly from the data subject), the goals and the purposes of the processing, the details of the subjects they are communicated to, the period of data storing or useful criteria to determine it;
  • obtaining the updating or correction of his personal data so that they are always correct;
  • obtaining the cancellation of his personal data from banks databases and / or archives, including backups, among others, where they are no longer necessary for the purposes of the processing or if it is assumed to be illicit, and if these conditions are required by law, and in any case if the treatment is not justified by another equally legitimate reason;
  • limiting the processing of his personal data in certain circumstances, for example when the accuracy is contested, for the period necessary for the Data Controller to verify its accuracy. The data subject must be informed, in due time, even when the suspension period has been completed or the reason for the limitation of the processing has been ceased, and therefore the limitation itself revoked;
  • obtaining his personal data, if his data processing takes place on a contract base and with automated tools, in electronic format in order to transmit them to another data controller.

The data controller must proceed in this way without delay and, in any case, at the latest within one month from the time he receives the request of the data subject. The deadline can be extended by two months, if necessary, taking into account the complexity and the number of requests received. In these cases, the data controller will inform the data subject of the reasons for the extension within one month from the moment he receives the request.
For any further information and in any case to send your request, write to the data controller at privacy@computeconline.it

4) How and when the data subject may oppose to the processing of his personal data

For reasons relating to his particular situation, the data subject may go against the processing of his personal data at any time if it is based on a legitimate interest, by sending his request to the data Controller at privacy@computeconline.it
The data subject has the right to cancel his personal data if there is no prevailing legitimate reason than the one that has given rise to his request.

5) To whom the data subject can make a claim

Except to any administrative or judicial action, if the data subject deems a violation of his personal data and of the legislation applied to the related processing, the data subject may submit a claim to the competent guarantor authority. In the event the violation takes place in another EU country, the competence to receive and to detect the claim will be under the control of authorities established therein.

Any update about this information document will be communicated to the data subject promptly through adequate methods. Moreover, to the data subject will be given information on the implementation by the data controller of the other processing that goes beyond the purposes referred in this statement, before proceeding and in time to give his consent if necessary.