Who are we and what do we do with your personal data?

IGD SIIQ S.p.A., hereinafter the Data Controller, protects the confidentiality of your personal data and provides it with the necessary protection from any event that may put it at risk of violation.

For this purpose, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of your rights under applicable law. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that may affect the processing of your personal data.

 

The Data Controller appointed a Data Protection Officer (DPO) who you can contact if you have questions about adopted policies and practices. The contact details of the Data Protection Officer are as follows: dpo@gruppoigd.it

 

How does IGD SIIQ S.p.A. collect and process your data?

The Data Controller collects and/or receives information about you, such as in general: name, surname, physical and electronic address, land line and/or mobile phone number, VAT number and tax code. They are used by the Data Controller to carry out instrumental activities, manage and respond to your request and for the pursuit of purposes such as, for example: the acquisition of information prior to the conclusion of a contract, the performance of a service or one or more transactions under negotiation with the Data Controller.

The communication of your personal data is mainly to third parties and/or recipients whose activities are necessary for the proper management of your request. Any communication that does not comply with these purposes will be subject to your consent. Your data (such as name, surname, physical or logical address, mobile and/or land line phone number) may also be processed for sales promotion, for market surveys with regard to the services that the Data Controller offers you only if you authorise the processing and/or if you do not oppose this.

The Data Controller does not transfer your personal data abroad. Your personal data will not be in any way disseminated or disclosed to unspecified subjects not even identifiable as third parties.

 

Your personal information will be processed for:

 

  • the management of your request for information on the service offered by the Data Controller

Your data will be processed to provide you with the information or documents useful to describe the service you are requesting, to send you an estimate, to contact you to agree on the price, the delivery method, any additional services, and for the acquisition of information prior to the conclusion of a contract, as well as for the registration and storage of your personal data.

Your personal data is also collected from third parties such as, for example:

  • other data controllers, e.g. the companies of the group to which the Data Controller belongs;

The personal data that the Data Controller processes for this purpose is, among others:

  • name, surname, physical and electronic address, land line and/or mobile phone number, VAT number and tax code.

 

  • communication to third parties and recipients

Your data will not be disclosed to third parties/recipients for their own purposes unless:

  • you authorise to do so;
  • the communication is made to data processing and IT service companies (e.g. web hosting, data entry, management and maintenance of IT infrastructures and services, etc.).

The personal data that the Data Controller processes for this purpose is, among others:

  • name, surname, physical and electronic address, land line and/or mobile phone number, VAT number and tax code.

 

  • sales promotion activities

Your personal data is processed to provide you with services in addition to those referred to in your request, or even improved and more appropriate to your request and, finally, to send you advertising material. Your data (name, surname, physical and electronic address, land line and/or mobile phone number) can be processed by:

  • email;
  • sms;
  • telephone contact even without operator;
  • paper mail.

The processing in question may be carried out if:

  1. you give your consent to the use of data also with reference to the methods of communication, both traditional and automated, with which the processing takes place;
  2. the processing is carried out by contacting a telephone operator, if not registered in the do-not-call registry pursuant to Italian Presidential Decree no. 178/2010;
  3. you have not opposed the processing and/or if, where applicable, you have not specifically and separately opposed the sending of communications by traditional means and/or by automatic means.

 

  • communication of data to partners and/or companies of the group to which the Data Controller belongs for marketing activities (direct marketing, market surveys) carried out by them autonomously

The communication of your personal data (such as name, surname, physical and logical address, mobile and/or land line phone number) to business partners and operating in the field of the Data Controller and/or companies in the group to which it belongs may occur for their marketing purposes, only if you give your consent to such processing.

 

  • IT security purposes

The Data Controller processes, also through its suppliers (third parties and/or recipients), your personal data, including IT (e.g. logical access) or traffic data collected or obtained in the case of services displayed on the website of the Data Controller to the extent strictly necessary and proportionate to ensure the security and capacity of a network or its servers to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of retained or transmitted personal data.

For these purposes, the Data Controller envisages procedures for the management of personal data breach.

 

 

What happens if you do not provide your data?

If you do not provide your personal data, the Data Controller will not be able to carry out the processing operations related to the management of your request or the obligations that depend on it.

The intention of the Data Controller was to carry out certain processing operations in accordance with certain legitimate interests that do not affect your right to confidentiality, such as those that:

  • prevent IT accidents and allow notification to the supervisory authority or communication to users, if necessary, of the personal data breach;
  • allow the communication of personal data to the companies of the group to which the Data Controller belongs for administrative purposes;
  • allow communication to third parties/recipients for activities related to the management of your request for information received, management of estimates, management of marketing activities (if you agree to this) and the signing of any contract with you.

 

What happens if you do not give your consent to the processing of personal data for marketing purposes (direct marketing, market surveys) of the Data Controller or for communication to third parties/recipients for marketing purposes pursued by them autonomously?

Your personal data will not be processed for these purposes; this will not have any effect on the processing of your data for the main purposes, nor on that for which you have already given your consent, if requested.

If you have given your consent and you subsequently withdraw it or oppose to the processing for marketing purposes, your data will no longer be processed for marketing purposes, without this resulting in consequences or detrimental effects for you and the contract you have signed.

 

How and for how long is your data retained?

Your personal data is processed by both electronic and manual means and tools made available to subjects acting under the authority of the Data Controller authorised and trained for this purpose. The paper and, above all, electronic files where your data is stored and retained are protected by effective and adequate security measures to counter the risks of violation considered by the Data Controller. The Data Controller checks regularly and constantly the measures adopted, especially for electronic and telematic tools, as a guarantee for the confidentiality of personal data processed, filed, stored and retained by them, especially if belonging to special categories.

Personal data is retained for the time necessary to manage your request, except for the signing of a special sale and purchase contract. For data intended for marketing purposes (direct marketing, market surveys), for which you have given consent, you are always allowed to oppose its processing and/or to withdraw consent.

Computer files are located within the EU (and EEA) borders and are not intended to be connected to or interact with databases located abroad.

How

Data processing is carried out on paper or through IT procedures by internal subjects authorised and trained for this purpose. They are granted access to your personal data to the extent and within the limits required for carrying out the processing activities that concern you.

The Data Controller periodically checks the tools by means of which your data is processed and its security measures, which it constantly updates; it makes sure, also through the subjects authorised to process the data, that personal data for which processing is not necessary is not collected, processed, stored or retained; it makes sure that the data is retained with the guarantee of integrity and authenticity of its use for the purposes of the processing actually carried out.

 

Where

The data is retained on paper, computer and electronic files located within the European Economic Area, and appropriate security measures are ensured.

How long

The personal data processed by the Data Controller is retained for the time necessary to manage your request and to carry out the activities related to sending the information you requested, and in any case for a period of 24 months from the first contact, unless a contract is signed with the Data Controller.

The personal data processed by the Data Controller for marketing purposes (direct marketing, market surveys) will be retained for 24 months by the Data Controller unless you withdraw the consent you have given and/or unless you object to the processing.

This is without prejudice to your right to oppose at any time the processing based on legitimate interest for reasons related to your particular situation.

 

What are your rights?

In substance, at any time and free of charge and without any special charges or formalities for your request, you can:

  • obtain confirmation of the processing carried out by the Data Controller;
  • access your personal data and know its origin (when the data is not obtained directly from you), the purposes of the processing, the data of the subjects to whom it is communicated, the period of retention of your data or the criteria used to determine it;
  • withdraw your consent at any time if this is the basis for the processing. In any case, the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
  • update or rectify your personal data so that it is always accurate and correct;
  • erase your personal data from the databases and/or files, including backup files, of the Data Controller, if, among other things, it is no longer necessary for the purposes of the processing or if this is deemed unlawful, and provided that the conditions laid down by law are met; and in any event if the processing is not justified by another equally legitimate reason;
  • restrict the processing of your personal data in some circumstances, for example if you have contested its accuracy, for the period required for the Data Controller to check its accuracy. You must also be informed, in reasonable time, of when the period of suspension has ended or the cause of the restriction of processing has ceased to exist, and therefore the restriction itself withdrawn;
  • obtain your personal data, if received and/or in any case processed by the Data Controller with your consent and/or if its processing is carried out on the basis of a contract and with automated tools, in electronic format also in order to transmit it to another data controller.

The Data Controller must do so without delay and, in any case, at the latest within one month of receipt of your request. The time limit can be extended by two months, if necessary, taking into account the complexity and the number of requests received by the Data Controller. In such cases, the Data Controller will inform you of the reasons for the extension within one month of receipt of your request.

For any further information and to send your request, please contact the Data Controller at privacy@gruppoigd.it.

 

How and when can you oppose the processing of your personal data?

For reasons relating to your specific situation, you may oppose at any time the processing of your personal data if this is based on legitimate interest or if it is for marketing purposes (direct marketing, market surveys), by sending your request to the Data Controller at the email address privacy@gruppoigd.it.

You have the right to have your personal data erased if there is no legitimate reason overriding the one that gave rise to your request, and in any case if you have opposed the processing for marketing purposes (direct marketing, market surveys).

 

Who can you complain to?

Without prejudice to any other administrative or judicial action, you may submit a complaint to the competent supervisory authority or to the authority that carries out its tasks and exercises its powers in Italy where you have your habitual residence or work or, if different, in the Member State where the violation of Regulation (EU) 2016/679 occurred.

Any update of this information will be communicated to you in a timely manner and by appropriate means and you will also be informed if the Data Controller will process your data for purposes other than those referred to in this information before carrying it out and in time to give your consent if necessary.