This is an English courtesy translation of the original documentation prepared in Italian language. Please consider that only the original version in Italian language has legal value.
ALTAMIRA S.R.L., with registered offices in Corso Magenta 56, 20123 Milan, CF, P. IVA, Milan Business Register no. 12940250157, in its capacity as the Data Owner (hereinafter, “the Owner”), informs you, in accordance with art. 13 of Legislative Decree no 196 of 30.6.2003 (hereinafter, “Privacy Code”) and art. 13 of EU regulation no. 2016/679 (hereinafter “GDPR”) that your data will be processed in the following manner and for the following purposes:
- Nature of the data processed
The Owner handles non-sensitive, personal and identification data (including, but not limited to, name, address, telephone, e-mail, etc. – hereinafter “personal data” or “data”) provided by you upon registration with the website www.altamirahrm.com (hereinafter “the site”), through the request form for the Owner’s newsletter, when ordering and/or purchasing products online through the site, or by compiling and submitting a contact form to the Owner, or through any other request made by you to the Owner (e.g. for a Demo, etc.).
- Purpose of data processing
Personal data shall be used:
A. without your express consent (article 24 a), b), c) of the Privacy Code and art. 6 b) and e) of the GDPR), for the following purposes:
- to meet pre-contractual, contractual and fiscal obligations arising from our dealings with you;
- to enable you to register on the site;
- to process and manage orders and/or purchases made online;
- to enable you to use the Owner’s product demos and any additional services you may request;
- to process contact requests;
- to enable you to submit an online application and to process this;
- to manage and maintain the site;
- to fulfil the obligations foreseen by law, regulation, community standards or by order of the Authority;
- to prevent or uncover fraud or abuse which may harm the site;
- to exercise the rights of the Owner, such as the right to legal defense.
B. Only upon your specific and express consent (arts. 23 and 130 of the Privacy Code and article 7 of the GDPR), for marketing purposes:
- to send you via email newsletters, commercial communications and/or advertising material about the Owner’s products or services.
Please note that, if you are already our customer, we will send you commercial information concerning the Owner’s products and services similar to those you already use, unless you dissent (article 130, point 4, Privacy Code).
- Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 point 2 of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, linking, blocking, communication, cancellation and destruction of data. Your personal data may be processed both in hard copy (archives) and/or through electronic or automated means (Salesforce, Zendesk and Office 365 site and applications).
The Owner will process the personal data for the time required for the above purposes and, in any case, for not more than 10 years after termination of the user relationship and not more than 2 years in the case of data collected for marketing purposes.
- Access to Data
Access to your data for the purposes set forth in art. 2.A) and 2.B) may be granted to:
- the Owner’s employees and collaborators, in their capacity as data supervisors and/or data processors and/or system administrators;
- third-party companies or other entities (for example, website providers, e-payment service providers, suppliers, hardware and software technicians, lenders, professional firms, etc.) who perform outsourced activities on behalf of the Owner, in their capacity as external processing managers.
- Data sharing
Without your express consent (under Article 24 a), b), d) of the Privacy Code and Art. 6 b) and c) of the GDPR), the Owner may communicate your data for the purposes set forth in art. 2.A) to oversight bodies, judicial authorities, where obligatory in law. The data will not be further disclosed.
- Data transfer
Personal data will be stored and managed on servers located within the European Union. The data will not be transferred outside the European Union. It remains understood that the Owner shall, wherever necessary, retain the right to change the location of the servers in Italy and/or the European Union and/or non-EU countries. In this event, the Owner guarantees as of now that the transfer of data outside the European Union shall be undertaken in accordance with applicable law, drawing up agreements, where required, to ensure an adequate level of protection and/or adopting the standard contractual clauses foreseen by the European Commission.
- Nature of data provision and consequences of refusal to reply
Data provision for the purposes of art. 2.A) is obligatory. In the absence of such data, we will not be in a position to provide you with the services foreseen under art. 2.A).
Data provision for the purposes of art. 2.B), on the other hand, is optional. Thus, you may decide not to provide any information or subsequently to deny consent to the processing of data already provided: in that case, you will not be able to receive newsletters, marketing communications and advertising material relating to the products or services offered by the Owner. Nevertheless, you will continue to be entitled to the services foreseen under art. 2.A).
- Rights of the interested party
In your capacity as an interested party, you enjoy rights under art. 7 of the Privacy Code and art. 15 of the GDPR; specifically:
- to receive confirmation of the existence or otherwise of your personal data, even if not yet registered, and to have them communicated to you in an intelligible form.
- to be advised of: a) the source of the personal data; b) the purpose and the method of its processing; c) the logic applied where processing is carried out with the aid of electronic tools; d) the identification details of the Owner, the processors and the designated representative pursuant to article 5, para. 2 of the Privacy Code and art. 3.1 of the GDPR; e) the parties or categories of parties to whom the personal data may be communicated or who may come across the data as designated representatives in the territory of the State, data supervisors or processors.
- to obtain a) the updating, correction, and where needed, the integration of the data; b) the deletion, conversion to anonymous format or blocking of data processed violation of the law, including data which it was not necessary to keep for the purposes for which it was gathered or subsequently processed; c) confirmation that operations described in points a) and b) were made known, including as concerns their content, to those to whom the data was communicated or transmitted, except in cases where this proves impossible or would involve the use of resources manifestly out of proportion to the protected right.
- to object, in whole or in part: a) for legitimate reasons to the processing of your personal data, even if pertinent for the purposes of the collection; b) to the processing of your personal data for purposes of transmitting advertising materials or direct selling or for carrying out market research or commercial communication, through automated calling systems not involving an operator via e-mail and/or through traditional marketing channels by phone and/or mail. It should be noted that the interested party’s right to object, as set out in point (b) above, for direct marketing purposes through automated means also covers traditional means and that, in any case, the party concerned retains the right also to a partial refusal. Therefore, the interested party may choose to receive communications only by traditional means, only by automated communications, or by neither of the two types of communication.
Where applicable, you also have rights under art. 16-21 of the GDPR (right of correction, right to be forgotten, right to limit processing, right to portability of contractual and raw navigation data, the right of refusal) as well as the right to complain to the oversight body.
- Exercise of rights
You may exercise your rights at any time:
- by sending a registered letter to the Owner’s address;
- by sending an email to firstname.lastname@example.org;
- by calling +39 02 48 100 463.
- Owner, data supervisors and processors
The Owner of the processing is Altamira Srl, with registered offices in Corso Magenta 56, 20123 Milano. The data supervisor is John Martelli.
The up-to-date list of data supervisors and processors is kept at the headquarters of the processing owner.