Privacy policy

Information on the processing of personal data

Articles 12 et seq. of Regulation (EU) 2016/679 (GDPR)

INTRODUCTION
In compliance with the provisions of EU Regulation 2016/679 (hereinafter GDPR) we provide, below, information regarding the processing of personal data provided by the data subject, in relation to relations with the Company (hereinafter the Company). The information is provided pursuant to art. 13 GDPR.

1. IDENTITY and CONTACT DETAILS
The Data Controller is Cybertec Srl, with registered office in via Virgilio 34, 34134, Trieste, tel: 040 898111; email: info@cybertec.it.

2. CONTACT DETAILS OF THE DATA PROTECTION Officer (DPO)
The Data Protection Officer is Dr. Mario Brocca, tel. 0371/5943191, email: dpo@zucchetti.it; certified email: dpogruppozucchetti@gruppozucchetti.it.

3. PURPOSE OF PROCESSING, LEGAL BASIS and DATA RETENTION PERIOD Purpose Type OF DATA

processed Legal basis Retention period *a) Pre-contractual/contractual
Provide information on products and services marketed, if requested by the interested party;
execution of existing contractual relationships.
Personal data and contact details; data necessary for the execution of the contractual relationship. Execution of a contract to which you are a party or pre-contractual measures adopted at the request of the interested party;
fulfillment of legal obligations.
art. 6 paragraph 1 letter b) and c) GDPR.
According to the law.
b) Direct marketing
sending, with automated contact methods (email and instant messaging) and traditional methods (telephone calls with operator and ordinary mail), advertising material, newsletters, promotional and commercial communications relating to products and/or events and/or related training courses, as well as carrying out market studies and statistical analyses and detecting the degree of customer satisfaction.
Personal data and contact details. Consent (requested with a contract or with a specific request);
(optional and revocable at any time)
Art. 6 paragraph 1 letter a) GDPR.
If the interested party has not given his consent to send commercial communications in an automated manner, he may still receive them through the traditional methods, if he has not expressed his dissent through the ordinary methods and/or the Register of Oppositions.
Until the withdrawal of consent for this purpose and/or five years after the expression of consent. c) Marketing on already customers
sending communications relating to contracted products/services and/or products/services similar to those already contracted (newsletters, webinars, events, training activities).
Personal data and contact details; data relating to the company to which they belong and the role they occupy. Legitimate interest
Art. 6 paragraph 1 letter f) GDPR.
Until the withdrawal of consent.d) Indirect marketing
Communication of data to business partners/third parties so that they can make it the recipient of marketing communications.
Personal data and contact details. Consent (requested with a contract or with a specific request)
(optional and revocable at any time)
Art. 6 paragraph 1 letter a) GDPR.
Until the withdrawal of consent for this purpose and/or five years have elapsed since the last interaction with the Data Controller. e) Collection and publication of content:
generation of case histories and publications on social networks, newspapers, magazines and websites of images, videos, reviews, evaluations and other content that the data subject may freely decide to share with the Data Controller, as well as on any other means of communication used (as required by the individual consents required from time to time).
Personal data; images, sounds, company to which they belong, role and professional experience, nickname, profile of social networks Consent (optional and revocable at any time)
Art. 6 paragraph 1 letter a) GDPR.
Until the withdrawal of consent for this purpose and/or five years have elapsed since the last interaction with the Data Controller.f) If necessary, to ascertain, exercise or defend the rights of the Data Controller in court. Personal data and contact data, data relating to the execution of the contract. Legitimate interest (judicial protection)
Art. 6 co 1 lett. f) GDPR.
For the time necessary to exercise the rights in court.g) Registration on Internet portals. Personal data and contact details, data relating to the company to which you belong and the position you hold.Expressed consentFive years from the last interactionh) Purpose of assistance on products and services purchased. Personal data, contact details, personal data depending on the product/service contracted. Execution of a contract to which you are a party (for resolution of anomalies and malfunctions).
Legitimate interest (for analysis aimed at improving the service).
Five years since the last interaction.
*Upon deletion, the data may be stored for a further period of up to one year, according to the company’s information systems backup retention policies.

4. OBLIGATION TO PROVIDE DATA
The interested party must provide the Company with the data necessary for the performance of the contractual relationship, as well as the data necessary to fulfill obligations provided for by laws, regulations, community regulations, or by provisions of Authorities legitimated by law and by supervisory and control bodies (referred to in purposes a) and f) above).
Data not essential for the performance of the contractual relationship are qualified and considered additional and their provision by the data subject, if requested, is optional and subject to consent. The consent provided may be revoked by the data subject at any time by writing an email to: mrk@cybertec.it. Such revocation shall in no way affect the lawfulness of the processing based on the consents given before the revocation.

5. PROCESSING METHODS
Personal data will be recorded, processed and stored in the Company’s archives, in paper and electronic form, in compliance with the appropriate technical and organisational measures referred to in Article 32 of the GDPR. The processing of the personal data of the data subject may consist of any operation or set of operations among those indicated in art. 4, paragraph 1, point 2 of the GDPR.
The processing of personal data will take place through the use of tools and procedures suitable for guaranteeing security and confidentiality and may be carried out, directly and/or through delegated third parties, either manually by paper means, or through the aid of computer means or electronic tools. The data, for the purposes of the correct management of the relationship and the fulfilment of legal obligations, may be included in the internal documentation of the Company and if necessary also in the deeds and registers required by law.
The personal data of the data subject may be processed by employees of the Company’s corporate functions appointed to pursue the purposes indicated above. These employees have been expressly authorised to process and have received adequate operating instructions pursuant to and for the purposes of art. 29 GDPR

6. CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The personal data of the interested party may be communicated and processed by external subjects operating as independent data controllers pursuant to Articles 4 and 24 GDPR such as, by way of example, supervisory and control authorities and bodies and in general subjects, public or private, entitled to request the data and/or subjects operating as Data Processors pursuant to Article 28 GDPR), such as consulting companies and/or professional firms and/or professionals, for example legal, tax and insurance companies.
The data may also be communicated by the Company to their business partners/concessionaires for the performance of activities related to the execution of the contract or for the performance – by them – of commercial actions, subject to the express consent of the interested party.

7. DATA TRANSFER IN NON-EU COUNTRIES
The data provided by the data subject will only be processed in countries within the European Union. If the personal data of the data subject are processed in a non-EU country, the rights granted to the latter by EU legislation will be guaranteed and the data subject will be promptly notified.

8. RIGHTS OF the data SUBJECT Pursuant
to Articles 15 et seq. GDPR, the data subject may exercise the following rights:
access: confirmation or not that a processing of the data subject’s personal data is in progress and the right to access them; it is not possible to respond to manifestly unfounded, excessive or repetitive requests;
rectification: correct/obtain the correction of personal data if incorrect or obsolete and to complete them, if incomplete;
cancellation/oblivion: obtain, in some cases, the deletion of the personal data provided; this is not an absolute right, as the Company may have legitimate or legal reasons to keep them; limitation: the data will be stored, but may not be processed, or further processed, in the cases provided for
by law;
portability: move, copy or transfer the data from the Company’s databases to third parties. This only applies to data provided by the data subject for the execution of a contract or for which consent has been provided and expressed and the processing is carried out by automated means;
opposition to direct marketing;
withdrawal of consent at any time, if the processing is based on consent.
Pursuant to art. 2-undicies of Legislative Decree 196/2003, the exercise of the rights of the data subject may be delayed, limited or excluded, with reasoned communication and made without delay, unless the communication may compromise the purpose of the limitation, for the time and to the extent that this constitutes a necessary and proportionate measure, taking into account the fundamental rights and legitimate interests of the data subject, in order to safeguard the interests referred to in paragraph 1, letters a) (protected interests in money laundering), e) (when carrying out defensive investigations or exercising a right in court)and f) (to the confidentiality of the identity of the employee who reports offences of which he has become aware by reason of his office). In such cases, the rights of the data subject may also be exercised through the Guarantor in the manner set out in Article 160 of the same Decree. In this case, the Guarantor will inform the interested party that it has carried out all the necessary checks or that it has carried out a review as well as the right of the interested party to lodge a judicial appeal.
It should also be noted that – before processing the requests – the Company may carry out an assessment of the identity of the person concerned, to assess the legitimacy of the request received.
To exercise these rights, the data subject may contact the Company at mrk@cybertec.it or by contacting the number 040 898111 or by sending a letter to the Cybertec Privacy Office, via Virgilio 34, 34134, Trieste.
The Company will respond within 30 days of receipt of the formal request sent by the data subject.
We remind you that in the event of a breach of the personal data of the data subject, the latter may lodge a complaint with the competent authority: “Guarantor for the protection of personal data”.

Need more information?

Don't hesitate to contact us!