Information on the processing of personal data
INFORMATION ON THE PROCESSING OF PERSONAL DATA OF CUSTOMERS PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679 ("GDPR")
Dear Data subject,
Pursuant to Art. 13 and 14 of the GDPR, the companies of the Retelit Group indicated below (hereinafter, the “Companies” or “Joint Controllers”), as Data Controllers, inform you that the data relating to your company (hereinafter, the “Customer”) and the personal data relating to the individuals acting on its behalf (hereinafter, the “Data”), will be used and stored in compliance with the provisions of the European Regulation for the Protection of Personal Data EU 2016/679 (hereinafter, “GDPR”), the applicable legislation on the protection of personal data, and in accordance with this policy.
It is understood that it is your responsibility to inform the individuals acting on your behalf, of the processing of the Data referred to in this notice and to seek their consent where necessary.
1. Who we are.
The Companies, depending on the specific purposes pursued and indicated in this Policy, process your Data independently, as data controllers, or jointly, as Joint Controllers, through the conclusion of a specific agreement pursuant to Article 26 of the GDPR, the essential contents of which will be made available, upon your written request, to the contacts below.
The following is the list of co-owners:
Retelit S.p.A., Parent Company of the Companies in the list (hereinafter also the “Group”) listed below, with registered office in Milan, Via Pola 9, 20124 tax code, VAT number 12897160151;
Retelit Digital Services S.p.A., with registered office in Milan, Via Pola 9, 20124 tax code, VAT number 12862140154;
Brennercom S.p.A. with registered office in Bolzano, Via Antonio Pacinotti 12 – 39100 – tax code, VAT number 01710910215;
PA ABS S.r.l., with registered office in Milan, Via Pola 9, 20124 tax code, VAT number 02690660309;
PA Expertise S.r.l., with registered office in Milan, Via Pola 9, 20124 tax code, VAT number 02204750976;
IRIDEOS S.p.A., with registered office in Milan, Viale Luigi Bodio 33/37, 20158 tax code, VAT number 09995550960;
IRIDEOS DATA CENTER ITALIA S.r.l. with registered office in Milan, Viale Luigi Bodio 33/37, 20158 tax code, VAT number 11920940969;
Brennercom Tirol GmbH, with registered office in Eduard-Bodem-Gasse 8 – A-6020 Innsbruck, VAT, ATU 628 358 19.
Hereinafter, severally the Controllers or jointly the “Joint Controllers” or the “Retelit Group”.
More information on the corporate structure of the Retelit Group, as well as contact details, can be found at www.retelit.it .
For any request regarding the processing of Data, it will in any case be possible to contact the Parent Company Retelit, by sending
- a registered letter with return receipt to the registered office
- a PEC to firstname.lastname@example.org or an e-mail to email@example.com
2. Data Protection Officer.
The Retelit Group, in order to facilitate the relationship between you and each Data Controller, have designated a Data Protection Officer (DPO) who can be contacted via
- PEC to firstname.lastname@example.org – c.a. of the Data Protection Officer (DPO);
- e-mail, at email@example.com.
These contact methods are also made available on the Parent Company Retelit website www.retelit.it where any updates will also be posted.
3. Type of Data and Method of Processing.
In the context of the activities related to the establishment and subsequent management of the contractual relationship with you and/or the organization for which you are a referral, Joint Controllers collect and process the following categories of Data:
- personal and identifying data (e.g., first name, last name, tax code, VAT number, video images);
- Contact information, such as residence or home address, e-mail address, telephone number;
- browsing data (e.g. cookies, IP addresses, parameters related to the operating system and device used by the user);
- Telephone and telematics traffic data;
- company, industry, job role, function;
- bank details (e.g. IBAN code, credit card number, etc.) other information necessary for payment and/or billing purposes (where applicable);
- data related to your consumption habits and preferences, in order to send you targeted offers of products and/or services from the Joint Controllers and/or business partners;
- in general, any other information necessary for the establishment and subsequent execution of the contract or for ancillary and/or functional activities, including Data collected in the context of any creditworthiness checks and fraud prevention.
The Joint Controllers collect the Data:
- at the data subject, through customer care operators, and by other modes of contact, such as, for example, websites and applications on mobile devices such as tablets and smartphones;
- through third parties, such as our business partners, marketing and market research companies, and financial risk centers;
- from public sources, such as freely accessible records, directories and documents (such as financial statements or chamber of commerce visas), as well as from sources such as print and/or digital newspapers, information drawn from telephone directories, websites of public agencies and supervisory and control authorities.
4. Purpose and legal basis of data processing.
Data will be collected, used, and stored:
- To fulfill legal and/or regulatory obligations to which the Joint Controllers are subject, including tax, accounting, administrative obligations, related to the provision of services or sale of their products;
- for the performance of contracts to which the data subject is a party and for the adoption of pre-contractual measures taken at your request;
- for the performance of ordinary pre-contractual activities related and/or instrumental to the establishment of the contractual relationship, such as, but not limited to, creditworthiness, solvency and/or reliability checks, to prevent the risk of possible fraud;
- for the establishment, exercise or defense of a right of the Owners, including in court;
- for carrying out corporate transactions, such as divestitures, acquisitions, mergers, demergers or other organizational transformations;
- to send commercial communications about products and services similar to those already purchased (so-called “soft spam”), without prejudice to the data subject’s right to object at any time;
- to send surveys and other “customer satisfaction” activities aimed at detecting the degree of satisfaction and/or improving the quality of service rendered to Customers;
- for the conduct of market research, promotional initiatives and the sending of commercial communications, by the Retelit Group and/or business partners, on their own and third parties’ products and services – operating in the field of digital services, infrastructure and ICT – through e-mail, newsletters, sms, MMS, and/or by means of the postal service or telephone calls with operator;
- to carry out profiling activities in order to target promotional offerings and customize marketing activities referred to in the preceding point;
- for the communication of Data to third parties – operating in the ICT services and infrastructure sector – for the conduct of promotional initiatives, events and sending of commercial communications, by the latter, on their own products and services;
- To carry out analysis of telephone and telematic traffic data, in an anonymous and aggregate manner to improve the technologies and services provided by the Joint Controllers.
The processing of Data for the purposes under a), b) and c), does not require your consent as it is necessary to comply with legal obligations, for the performance of contracts to which you are a party and/or for the adoption of pre-contractual measures taken at your request, pursuant to Art. 6, c. 1, lett. b) and c) of the GDPR.
The processing of Data for the purposes sub d), e), f), g), k) does not require your consent as it is necessary for the pursuit of the legitimate interest of the Companies, pursuant to Art. 6, c. 1, lett. f) of the GDPR.
The processing of Data for the purposes sub (h), (i) and (j) requires your consent in accordance with Art. 6, c. 1 (a).
With reference to the activities referred to in (j) above, it should also be noted that, in accordance with the relevant provisions of the Guarantor (Data Protection Authority), further processing information may be provided to you by the third parties to whom the Data may be disclosed.
5. Data provision.
The provision of Data for the purposes under a), b) c) constitutes a legal and contractual obligation, respectively: in these cases, failure to provide the Data will result in the impossibility for the Companies to establish and/or continue business relations with you.
The provision of Data for the purpose sub d), e), f), g), k) is optional, but necessary for the pursuit of the legitimate interest of the Companies, without prejudice to your right to object to the processing at any time in the case of special situations that concern you.
The provision of Data for the purposes sub h), i) and j) is optional and failure to provide it will result in the impossibility for the Companies to carry out the functional activities to achieve the purposes in question, without any consequences with reference to the establishment and/or execution of the contract.
With regard to the purpose sub f), it will be possible for the Companies to use the e-mail details you have provided in the context of a previous sale of products and services without prejudice to your ability to object to such processing at any time (initially or on the occasion of subsequent communications), in the manner described in the appropriate section of this policy.
6. Recipients or categories of recipients.
The Data may be made accessible to, brought to the attention of, and/or communicated to the following parties, who may be appointed by the Data Controllers – as appropriate – as data processors, authorized persons, co-processors, or will act as independent data controllers:
- employees or collaborators in any capacity, of the Group Companies;
- Public or private entities, natural or legal persons, which the Companies make use of for the performance of activities instrumental to the pursuit of the above purpose and/or to which the Data Holders are obliged to communicate the Data, by virtue of legal, contractual and/or for commercial promotion purposes, subject to your consent.
In any case, the Data will not be disseminated.
7. Data retention.
The Contractors will process your Data for as long as is strictly necessary to achieve the purposes stated and described in this policy.
Specifically, depending on the purpose of processing, the expected retention periods are as follows:
8. Data Transfer to Third Countries.
The Retelit Group undertake to process and store the Data within the European Union.
Notwithstanding the above, in order to achieve the purposes referred to in paragraph 4, the Data may be transferred to entities established in countries outside the European Economic Area, which provide the Data Holders with services related to the processing activities performed (e.g., technology service providers, cloud, CRM, etc.).
Such a transfer, where appropriate, will take place in compliance with the conditions set forth in the GDPR and will be regulated, depending on the recipients, through the use of the standard contractual clauses adopted by the European Commission or – alternatively – on the basis of an adequacy decision of the Commission and/or any other instrument allowed by the relevant legislation, including adherence to the certification mechanism of the “EU-U.S. Data Privacy Framework.”
9. Rights that can be exercised by the Data Subject.
During the period in which the Data Controllers carry out the processing of your Data, you, as a data subject may, at any time, exercise the rights provided for in Articles 15 to 22 of the GDPR:
- Right of Access: You have the right to obtain confirmation as to whether or not processing concerning your Data exists, and, where applicable, the right to receive any information relating to the processing;
- Right to Rectification: You have the right to have your Data rectified if it is incomplete or inaccurate;
- Right to be Forgotten: in certain circumstances, You have the right to obtain the deletion of Your Data, if it is not relevant to the continuation of the contractual relationship and/or necessary to fulfill a legal obligation to which the Joint Controllers are subject and/or for the establishment, exercise and/or defense of a right in court;
- Right to restriction of processing: You have the right to obtain the restriction of processing concerning your Data, in the cases provided for in Article 18 of the GDPR;
- Right to portability: You have the right to receive personal data about you in a structured, commonly used, machine-readable format and request its transmission to another data controller, if technically feasible.
- Right to object to processing carried out on the basis of legitimate interest: You have the right to object, at any time, for reasons related to your particular situation, to the processing of your Data, if based on the lawful condition of legitimate interest, unless there are legitimate reasons for the Joint Controllers to continue the processing, which override the interests, rights and freedoms of the data subject, such as the establishment, exercise or defense of a right in court.
- Revocation of consent in relation to the processing carried out for marketing purposes: You have the right to revoke at any time any consent you may have given to the processing of Data for the purposes h) i), j), by clicking the appropriate link at the bottom of the e-mails with promotional content by sending specific request to firstname.lastname@example.org or – where available – by accessing the Customer Area, using the appropriate function.
10. Right to file a complaint with the Guarantor.
You have the right to file a complaint with the Guarantor if you believe that your rights under the GDPR have been violated, in the manner indicated on the Guarantor’s website to the link below – www.garanteprivacy.it .
11. Final Provisions.
The Retelit Group reserve the right to amend and/or update this policy also on the basis of developments in applicable data protection legislation, as well as in the face of any changes in the corporate structure of the Group.
The updated version of the disclosure can always be found on the Group Company’s website at www.retelit.it.