PURSUANT TO ART. 13 OF EU REGULATION 2016/679
EUROCREDIT BUSINESS INFORMATION SRL, (hereinafter the “Company”), with registered office in Via Mauro Macchi 58, 20124 Milan, pursuant to and in accordance with the provisions of Article 13 of EU Regulation 2016/679, provides the following information on the processing of its Customers’ personal data, in its capacity as Data Controller
1. Data controller and contact details
Pursuant to Article 4 of the EU Regulation 2016/679, the Company is the controller of the data relating to its customers.
Pursuant to Articles 37 ff. of EU Regulation 2016/679, the Company has appointed a Data Protection Officer (hereinafter referred to as ‘DPO’), to whom any communications and requests should be addressed by e-mail to email@example.com
2. Type of data collected and processed
The processing will concern single operations, or a set of processing operations (such as, purely by way of example: collection, registration, organisation, storage, processing, communication, modification, selection, use) of the following personal data provided by the User when using the services provided by the Company through its Site:
a) identification and contact data, provided by the user when registering on the site or in the case of information requests sent to the Company, including, inter alia, name, surname, e-mail address, address and mobile phone number;
b) data from CVs uploaded in the ‘work with us’ section or sent spontaneously to firstname.lastname@example.org;
c) browsing data: simply accessing the Site does not require the provision of any personal data; however, the computer systems and software used to operate the Site acquire, in the course of normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified subjects
3. Purpose of the processing
Personal Data are processed:
A) without the express consent of the User (Art. 6 letter b) GDPR), for the following purposes:
- process a contact request;
- evaluate an unsolicited application for the purpose of its insertion in the Company’s recruiting database;
- process a request of activation of a free trial of a service/product of TAS;
- fulfil the obligations provided by the law, by a regulation, by the community norms or by an order of the Authority;
- fulfil obligations related to the management of the relationships with the Users;
- prevent or discover fraudulent activities or abuses harmful for the Site;
B) with the express consent of the User (Art. 7 GDPR), for the following purposes:
- send by e-mail informative communications, including the newsletter, relating to products and/or services of TAS, including free trials already requested by Users
4. Modalities of data processing
In relation to the purposes described above, the data may be processed using manual, automated, computerised or electronic means for managing, storing and transmitting the data and in any case suitable for guaranteeing security and confidentiality.
Data are processed in accordance with the provisions of the legislation, in particular:
a) lawfully and fairly processed;
b) collected and recorded for specified, explicit and legitimate purposes, and used in other processing operations in terms compatible with those purposes;
c) accurate and up-to-date;
d) relevant, complete and not excessive in relation to the purposes for which they are collected or further processed;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they were collected or subsequently processed.
5. Possible disclosure and dissemination of data
For the above purposes, data may be disclosed to third parties designated as controllers in accordance with Article 28 of the Regulation, and in particular to banks, insurance companies, service providers strictly necessary for the performance of the company’s activities, or to the company’s advisers, where this is necessary for tax, administrative, contractual or regulatory reasons or for administrative and/or accounting purposes, in accordance with recitals 47 and 48 and Article 6 of the Regulation. Furthermore, the Data may be shared with authorities, bodies and/or subjects to whom the Data must be communicated pursuant to legal provisions or orders of authorities. These authorities, bodies and/or individuals will operate as independent data controllers. The dissemination of the Data is not foreseen.
6. Transfer of Data to non EU-countries
Customers’ Personal Data is stored on servers located within the European Union. Customers acknowledge that, subject to consent or other appropriate legal basis, their Personal Data may be processed within countries outside the European Union.
7. Data storage period
The Data will be stored on paper and/or IT media for only the time necessary for the purposes for which they were collected, respecting the principles of conservation limitation and minimization referred to in Article 5, paragraph 1, letters c) and e) of the Regulation.
The Data will be stored to fulfill regulatory obligations and pursue the aforementioned purposes, in compliance with the principles of indispensability, non-excess and relevance.
The Company may store Data after the termination of the contractual relationship to fulfill regulatory and/or post-contractual obligations in relation to legal requirements (10 years). Subsequently, once the aforementioned reasons for the processing cease to exist, the Data will be deleted, destroyed or stored in anonymous form.
8. Rights of the Interested Party
In relation to the aforementioned processing, the interested party can exercise their rights referred to in articles 15 to 22 of the Regulation.
In particular, the interested party has the right to ask the Company for access to their data, the rectification or cancellation of the same, has the right to object to the processing or to request the limitation of the processing in the cases provided for in article 18 of the Regulation. and to obtain their Data in a structured, commonly used and machine-readable format, in the cases provided for in Article 20 of the Regulation.
The interested party may also revoke at any time the consent given pursuant to article 7 of the Regulation, as well as lodge a complaint with the Guarantor Authority for the protection of personal data pursuant to article 77 of the Regulation, if he believes that the processing of his Data is contrary to current legislation.
In cases of opposition to the processing of Data pursuant to article 21 of the Regulation, the Company reserves the right to evaluate the request, which will not be accepted if there are compelling legitimate reasons to proceed with the processing which prevail over the interests, rights and freedoms of the data of interested party.
Any requests must be sent in writing to the DPO at email@example.com.