Policy Regarding the Processing of Users’ Personal Data

 

(ex artt. 13 e 14, Reg. UE 2016/679) – “Direct Marketing and Newsletter”

DATA CONTROLLER:
Alleantia S.r.l., tax code and VAT no. 02011550502, with registered office in Via Tosco Romagnola 136, 56025 – Pontedera (PI), (hereafter “Alleantia” or the “Data Controller”).
email address: [email protected]

PRIVACY COORDINATOR:
[email protected]

Purposes and data processing Legal basis for data processing Data retention period
Communications of an informative, promotional and/or direct marketing nature by any means of communication (traditional or automated, i.e., without operator intervention) (“Direct Marketing and Newsletter”) of the Data Controller to those who expressly request it, by entering their own email address in the specific data collection form. Registration allows the Data Controller to manage information and respond to any requests, including cancellation. Express consent of the interested party (art.6, par. 1, letter a) EU Regulation 2016/679). As long as the interested party does not ask to revoke the consent to the sending of direct marketing communications and their subscription from the newsletter service through the appropriate unsubscribe button (“Click here”) in the manner indicated at the bottom of the communication or by request to the Data Controller at the addresses indicated
Communications of a commercial nature aimed at the promotion and/or direct sale of products or services similar to those already purchased or used by the interested party, using the email coordinates indicated on such occasions (“soft spam”), without consent – except for express dissent – for the sole cases of soft spam, without prejudice to the right of the interested party to object at any time to the methods indicated at the bottom of the communication or at the addresses indicated. Legitimate interest of the Data Controller pursuant to art. 130, paragraph 4, of Legislative Decree 196/2003, as amended and supplemented. Up to the exercise of the right of opposition exercisable via the appropriate unsubscribe button (“Click here”) with the methods indicated at the bottom of the communication or by requesting the Data Controller at the addresses indicated.

Once the above retention terms have expired, the Data shall be destroyed, deleted or made anonymous, compatibly with the technical deletion and backup procedures. Moreover, Personal Data may also be processed for a longer period of time if there is an interruption and/or suspension of the limitation period that justifies an extension of data storage retention.

PROVISION OF DATA

Pursuant to article 13, paragraph 2, letter e) of the GDPR, we hereby inform you that the provision of the email address for the above-mentioned purpose is obligatory; therefore, any refusal to provide said address will result in the impossibility of sending you the Newsletter.

UNSUBSCRIPTION FROM THE SERVICE

To stop receiving the newsletter, you can contact the Data Controller at any time at [email protected] or you can unsubscribe from the service directly upon receipt of the newsletter.

OPPOSITION TO GENERIC MARKETING BY THE DATA CONTROLLER

You may, at any time, decide to no longer receive communications relating to the Data Controller’s generic marketing activities by clicking on the unsubscribe button (“Click here”) at the bottom of each email you receive. Alternatively, you can contact the Data Controller at any time by writing to [email protected]

DATA RECIPIENTS – PARTIES AUTHORIZED TO PROCESS THE DATA

In some cases, the execution of the complex of activities connected and/or instrumental to the management of requests involves the Data Controller communicating the personal data of the Data Subjects:
– to employees and/or collaborators of the Data Controller as persons authorized to process the data and/or system administrators;
– to parties whose right to access it is recognized by law;
– to companies or third parties which carry out activities for the Data Controller strictly connected or instrumental to the operation of the site, such as, for example, the company that deals with the management of users’ personal data and the management of the computer systems on which they are stored, companies that offer email sending services.
The personal data provided by users who submit requests are used for the sole purpose of performing the service requested and are communicated to third parties only if this is necessary for this purpose.
Outside of these cases, personal data shall not be communicated, except for contractual or legal provisions or unless specific consent is required from the interested party.
In this sense, personal data could be transmitted to third parties but only and exclusively in the event that a) there is the explicit consent of the interested party to share data with third parties; b) there is a need to share information with third parties in order to provide the requested service; c) this is necessary to fulfill requests from the judicial or public security authorities.
Parties in the same category for the sending of data shall process the data and use them as appropriate as Data Processors expressly appointed by the Data Controller pursuant to the law or, rather, as independent data controllers.
The data controller appoints, as authorized parties, all personnel, including those of a temporary nature, as well as occasional collaborators, who carry out tasks that involve the processing of personal data.
The updated list of data processors is kept at the Data Controller’s registered office.

TRANSFER OF NON-EU PERSONAL DATA

Personal data is processed by Alleantia within the territory of the European Union and is not disclosed. If necessary for technical or organizational reasons, Alleantia reserves the right to transfer data to countries outside the European Union. In this regard, the Data Controller shall hereby ensure that the transfer of data outside the EU is regulated in accordance with the provisions of Chapter V of the Regulation and authorized on the basis of specific decisions of the European Union. All the necessary precautions will, therefore, be taken in order to ensure the most complete protection of personal data, basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on adequate guarantees expressed by the third party recipient pursuant to art. 46 of the Regulation; c) on the adoption of binding corporate rules pursuant to art. 47 of the GDPR or, failing that, by virtue of one of the derogatory measures referred to in art. 49 of the GDPR. In any case, the recipients of the data shall be subjected to protection and security obligations equivalent to those guaranteed by the EU and national law.

RIGHTS OF THE DATA SUBJECT – LODGING OF COMPLAINTS WITH THE SUPERVISORY AUTHORITY

The interested party may at any time exercise the rights attributed to the same by sending a registered letter with return receipt to Alleantia S.r.l., at its registered office in Via Tosco Romagnola 136, 56025 – Pontedera (PI).
Alternatively, the interested party can contact the Alleantia Privacy Coordinator at the email address: [email protected]
The interested party has the right to ask the Data Controller to delete or correct inaccurate data, and to add incomplete data, as well as to request the limitation of processing in the cases provided for by art. 18 of the GDPR.
Furthermore, in the event that the processing is based on consent or on a contract basis and is carried out with automated tools, the interested party may request the portability of the party’s data and receive it in a structured format that is commonly used and readable by an automatic device, as well as, if technically feasible, to transmit it to another holder without impediments.
The interested party has the right to revoke the consent given at any time for marketing and/or profiling purposes, as well as to propose opposition to the processing, for reasons connected to one’s particular situation, of the data in the hypothesis of exercising a public interest or legitimate interest of the Data Controller as well as for marketing purposes, including profiling related to direct marketing.
The possibility remains for the interested party, if the same prefers to be contacted for the above-mentioned purpose exclusively through traditional methods, to express its opposition only to the reception of communications through automated methods.
In this case, the Data Controller shall refrain from processing, except for overriding legitimate reasons, or for ascertaining, exercising or defending a right in legal proceedings.
The interested party also has the right to lodge a complaint with the competent Supervisory Authority (Privacy Guarantor) in the Member State in which the party habitually resides or works or in the State in which the alleged violation has occurred.

MODIFICATIONS

The Data Controller reserves the right to make changes to this information at any time by informing the interested parties via the site. Therefore, we ask you to periodically consult this “Section”, taking as reference the date of the last modification indicated. In case of non-acceptance of the changes made to this information, the interested parties are required to communicate this to the Data Controller and may request the removal of their personal data. Unless otherwise specified, the previous privacy policy shall continue to be applicable to Personal Data collected up to that point.

DATE OF THE LAST MODIFICATION:
August 30, 2021