Information on the processing of personal data

Below, IRIDEOS S.p.a. provides information concerning the processing of personal data (“Data”) relating to its clients (albeit potential), third-party subjects representing them (legal representatives, delegates, representatives, etc.) and those who provide their Data by accessing the www.irideos.it website, the other websites of our group and our newsletters.

ABOUT US

The data controller is IRIDEOS S.p.a., with registered office in Milan, Vial Bodio, 37. You can reach us at gdpr@irideos.it for matters concerning the protection of your Data.

HOW WE COLLECT DATA

We collect Data from subjects through our call centers and with other contact methods such as, for example, our websites and apps for mobile devices such as tablets and smartphones.

We collect Data also through third-party subjects including our business partners, marketing and market research companies and financial risk centers.

Finally, we can collect Data from public sources such as freely-accessible registers, lists and documents (e.g., financial statements or company registration reports) as well as from sources including paper or digital newspapers, telephone directories, websites of public bodies and supervisory and control authorities.

THE DATA WE PROCESS

We process your Data to supply electronic communication services and other services as well as complementary and accessory products. They include mainly:

• personal information (i.e. name, surname, birth date), tax code, vat number, address of residence and/or domicile and phone number and/or e-mail address;
• data of the data subject collected for the purchase of Sim Cards and other products and/or services, through authentication systems according to applicable regulations, such as advanced electronic signature verification (‘FEA’) and remote image capture;
• personal data, tax code, VAT number, address of residence and/or domicile, telephone numbers, e-mail addresses of the subjects you have appointed to have commercial relations with our Company;
• phone and internet traffic data;
• bank and/or payment data (i.e. IBAN and SWIFT code);
• data concerning the solvency and punctuality of payments, purchases also made through the information systems of authorized companies providing services for the management of credit risk and fraud prevention;
• data concerning consumption habits and/or Client interests;
• particular data pursuant to art. 9 of the GDPR, if collected for the activation of specific services (also in favor of specific categories of interested subjects such as the visually or hearing impaired);
• judicial data, processed to perform compulsory justice services.

PURPOSES OF PROCESSING

THIRD-PARTY SUBJECTS WE CAN COMMUNICATE DATA TO

In order to execute the contract, comply with legal obligations and pursue our legitimate interests, we have the faculty to communicate the personal data collected to the following subject categories:

• legal entities and/or individuals who perform data processing and processing services for the purpose of marketing our services and products;
• banking and financial institutions and other payment service providers, and for credit risk management and fraud prevention;
• companies and/or individuals carrying out market researches and customer satisfaction surveys;
• companies and/or individuals managing our information systems for the performance of our economic activities;
• companies and/or individuals providing technical and organizational services;
• companies and/or individuals providing data entry, storage and Data management services;
• legal persons providing advanced electronic signature solutions (‘FEA’), image acquisition from and/or other video recognition activities of the data subject;
• companies and/or individuals performing direct and indirect customer care activities;
• companies and/or individuals performing control, revision and certification functions of the activities carried out by our Company;
• companies and/or individuals performing consulting activities for our Company;
• commercial and/or sales agents and brokers;
• other electronic communications operators, for the management of interconnection and roaming relations;
• companies and/or individuals who are assignees of the debt and debt collection companies/institutions;
• companies and/or individuals performing transmission, enveloping, transport and distribution activities to the Clients;
• our parent companies, subsidiaries and associated companies;
• judicial and independent authorities, on the basis of orders issued pursuant to the current legislation.

With the exception of the competent judicial and independent authorities, the above-mentioned subjects shall process the personal data acquired as data controllers or joint controllers or processors on our behalf.

Your data may also be disclosed to our employees, interns, temporary workers and consultants specifically authorized to carry out their processing, but will not in any way be disseminated and/or made available to unknown subjects.

HOW WE PROCESS DATA

Your Data are collected, processed and stored in a lawful manner and for the purposes indicated above, manually and using electronic and/or automated means so as to guarantee their security and confidentiality.

WHERE WE PROCESS DATA

Your Data are stored in archives located in countries within the European Union.

If necessary to pursue the purposes illustrated above, they may be transferred abroad, including to countries and/or organizations outside the European Union that guarantee a level of personal data protection considered suitable by the European Commission or based on other suitable guarantees such as, for example, the standard contractual clauses adopted by the European Commission or the provision of your consent.

DATA PROCESSING DURATION

Your Data will be retained in a form that enables your identification for a period of time that does not exceed that necessary for the purpose for which they were collected and pursuant to the provisions regulating the electronic communications sector. Afterwards, they will be deleted or made anonymous, without prejudice to their retention to comply with the obligations that apply after the contract is terminated and to comply with the orders issued by judicial authorities and/or regulatory and supervisory bodies.

The specific time limits for the retention of the main Data processing operations are listed below:

YOUR RIGHTS

In accordance with the GDPR, you have the right to:

• access your Data to obtain information concerning their existence, processing purposes, the recipients or recipient categories your Data are or will be communicated to, Data retention limit;
• ask and obtain the modification and/or adjustment of any Data you consider inaccurate and/or incomplete;
• ask and obtain the cancellation and/or restricted processing of your Data if the data or information are not necessary for the execution of the contract, the pursuit of a legitimate interest for our Company and/or the compliance with legal obligations;
• oppose at any moment the processing of your Data, including profiling, in accordance with art. 21 of the GDPR;
• ask and obtain your Data – in a structured and commonly used format readable by automatic devices – for their portability to another controller.

You may exercise said rights either directly or through a representative by sending a standard e-mail to gdpr@irideos.it.

We will comply with requests within the terms set out in art. 12, paragraph 3 of the GDPR.

Pursuant to the regulations in force, you may lodge a complaint concerning the processing of your Data to the Authority for the protection of personal data as well as bring proceedings before a court in line with articles 78 and 79 of the GDPR.

DATA PROTECTION OFFICER

We have duly appointed a Data Protection Officer, domiciled at our registered office, who can be contacted at rpd@irideos.it.

Click here to download the Information On The Processing Of Personal Data.

Last update: June 2022