PRIVACY NOTICE
PRIVACY NOTICE PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679 AND LEGISLATIVE DECREE NO. 196/2003, AS AMENDED BY LEGISLATIVE DECREE NO. 101/2018
The Data Controllers (”Controllers”) and, for processing for Marketing and Communication purposes, the Joint Controllers (“Joint Controllers”), as defined below, pursuant to Article 13 of EU Regulation 2016/679 (“Regulation”), wish to explain the purposes for which they collect your personal data, which will be processed in accordance with the principles of fairness, lawfulness and transparency, protecting confidentiality and in compliance with the aforementioned legislation.
1. Data Controllers / Joint Controllers
| ALKEMY S.p.A. | (“Data Controller”) |
| Sole-shareholder company subject to the management and coordination of Alkemy Group S.p.A. Benefit Corporation | |
| Registered office | Via San Gregorio, 34 - 20124 Milano (MI) |
| gdpr@alkemy.com | |
| ALKEMY GROUP S.p.A. | (“Data Controller”) |
| Benefit Corporation | |
| Registered office | Via San Gregorio, 34 - 20124 Milano (MI) |
| gdpr@alkemy.com | |
| ALKEMY PLAY S.r.l. | (“Data Controller”) |
| Registered office | Via San Gregorio, 34 - 20124 Milano (MI) |
| gdpr@alkemy.com | |
| COSMIC S.r.l. | (“Data Controller”) |
| Registered office | Via Monte Rosa, 91 - 20149 Milano (MI) |
| gdpr@alkemy.com | |
| D.COM S.r.l. | (“Data Controller”) |
| Registered office | Via San Gregorio, 34 - 20124 Milano (MI) |
| gdpr@alkemy.com | |
| DIGITAL RETEX S.r.l. | (“Data Controller”) |
| Registered office | Via San Gregorio, 34 - 20124 Milano (MI) |
| gdpr@alkemy.com | |
| WTL S.r.l. | (“Data Controller”) |
| Registered office | Via San Gregorio, 34 - 20124 Milano (MI) |
| gdpr@alkemy.com | |
| XCC S.r.l. | (“Data Controller”) |
| Registered office | Via del Commercio, 36 - 00154 Roma (RM) |
| gdpr@alkemy.com |
hereinafter collectively referred to as the “Companies”, the “Controllers” or, for processing for “Marketing and Communication” purposes, “Joint Controllers”.
1.1 The Companies, for purposes related to the performance of contracts, legal obligations and defending a right in legal proceedings, as further specified in paragraph 4 below, act as independent Data Controllers pursuant to the Regulation, each independently determining the purposes and means of processing. With regard to Marketing and Communication activities, as further specified in the same paragraph 4, the Companies act as Joint Controllers, jointly determining, each within its own area of competence, the purposes and means of processing. As Joint Controllers, the Companies have entered into a specific agreement pursuant to Article 26 of the Regulation, an extract of which is available for inspection upon request by data subjects.
2. Data Protection Officer (DPO)
2.1 The Controllers/Joint Controllers have appointed a Data Protection Officer (DPO) at Group level, who can be contacted for all matters relating to the processing of your personal data – including with regard to the extract of the agreement pursuant to Article 26 of the Regulation – and the exercise of rights under the Regulation. The DPO’s contact details are as follows: groupdpo@alkemy.com.
3. Types of data processed
3.1 The processing may involve common personal data, identification and contact data, acquired directly or through third parties, such as – by way of example and not limited to – identification data (name, surname, address, telephone number, business email, data relating to company/firm, sector, job role, function and other similar data) including those of contacts, employees, collaborators or other persons connected to your activity, as well as, for contract management, tax and administrative data (tax identification number, VAT number, IBAN and banking/postal data). No special categories of personal data are processed.
4. Purposes and legal basis of processing
4.1 Management of the contractual relationship. Each Data Controller will process the personal data of its clients/users to provide the requested services and for purposes strictly related and instrumental to the management and performance of the pre-contractual and/or contractual relationship, as well as for purposes related to obligations imposed by laws and/or regulations, and to provisions issued by authorities legally authorised to do so. In such cases, the processing of the Data Subject’s personal data takes place to carry out preliminary and subsequent activities related to the purchase of a service and/or product, such as managing the relevant order, providing the service and/or manufacturing and/or shipping the purchased product, related invoicing and payment management, handling complaints and/or reports to the support service and providing such support, sending informational communications regarding the service and/or contract, and fulfilling any other obligation arising from the contract.
The legal basis for processing for the purposes indicated above is Article 6(1)(b) and (c).
4.2 Defence of a right in judicial or extrajudicial proceedings. The processing of the Data Subject’s personal data takes place to establish, exercise or defend a right of the Controller and/or to defend against claims by others, in judicial or extrajudicial proceedings.
The legal basis for processing for the purposes indicated above is Article 6(1)(f).
4.3 Marketing and Communication. The Joint Controllers will jointly process the data collected in the course of their activities for Strategic Marketing, Brand and Corporate Communication purposes, including those relating to:
i) sending advertising material, direct sales, conducting market research and commercial communications for offers, discounts and promotions of the Joint Controllers’ services/products through traditional means (e.g. postal mail, operator-assisted phone calls) and/or automated means (e.g. email, SMS, online instant messaging applications, web and mobile push notifications) as well as sending newsletters;
ii) profiling of data relating to interests, preferences and habits, such as analysis of data transmitted and services/products purchased in order to propose promotional messages and/or commercial offers in line with the preferences expressed;
The legal basis for processing for the purposes referred to in points (i) and (ii) above is Article 6(1)(a), i.e. the consent of the data subject.
iii) the Joint Controllers will jointly process the data collected for the purpose of sending email communications relating to promotions and offers of services/products identical and/or similar to those covered by the current contract with the Data Subject, unless the Data Subject has objected to such processing either initially or on the occasion of subsequent communications.
The legal basis for this processing is Article 130(4) of the Privacy Code (Italian Legislative Decree 196/2003). The Data Subject has the right to object at any time to the processing of personal data concerning him/her for this purpose.
5. Mandatory or optional nature of providing data and consequences of refusal
5.1 The provision of personal data is mandatory for the purposes referred to in the preceding paragraphs 4.1 and 4.2.
5.2 The provision of data necessary for the purposes referred to in the preceding paragraph 4.3 is optional and processing requires the consent of the data subject; any refusal will have no consequences on the performance of the requested services.
5.3 For the purposes referred to in the preceding paragraph 4.3, the Joint Controllers have also jointly determined within the specific agreement the processing methods and have defined the procedures to provide a response to the data subject pursuant to Articles 15-22 of the Regulation. The single point of contact for the exercise of rights is the Data Protection Officer whose contact details are indicated in the preceding paragraph 2. An extract of the joint controllership agreement is available to all data subjects upon express request.
6. Methods and duration of processing
6.1 Personal data will be processed by authorised and specialised personnel, lawfully and fairly, with or without the aid of electronic or otherwise automated means, and will include all operations or sets of operations necessary for the processing in question, including recording and storage, using security measures designed to ensure confidentiality and to protect personal data from any unlawful use, unauthorised access or disclosure and to prevent data loss. No processing is carried out for the purpose of automated decision-making pursuant to Article 22 of the Regulation.
6.2 For the purposes referred to in the preceding paragraphs 4.1 and 4.2, personal data are retained for the period necessary to achieve the purposes for which they were collected and will be processed for the time necessary to fulfil the requests of data subjects, to comply with legal obligations related to administrative, accounting, tax and social security activities (10 years) and for the entire duration of any litigation, without prejudice to further obligations provided by law.
6.3 For the purposes referred to in the preceding paragraph 4.3, personal data will be retained: (a) for the purposes referred to in paragraph 4.3(i) for a period not exceeding 24 (twenty-four) months from the last interaction; (b) for the purposes referred to in paragraph 4.3(ii) for a period not exceeding 12 (twelve) months from the last interaction; (c) for the purposes referred to in paragraph 4.3(iii) for a period not exceeding 24 (twenty-four) months from the termination of the relationship with the data subject.
7. Disclosure of data
7.1 Personal data may be shared among the Joint Controllers, as well as with employees, staff, collaborators and only personnel authorised by the Joint Controllers for the purposes indicated in the preceding paragraph 4.
7.2 Personal data may also be disclosed to third parties to comply with legal obligations or to entities, or categories of entities, such as, by way of example, external consultants, banks, financial institutions, independent professionals, IT equipment maintenance companies, entities providing services for the management of information systems, including websites, web applications and telecommunications networks, and in any case to all those third parties identified for the above-listed purposes and for the performance of existing contractual obligations. The aforementioned entities will act as Independent Controllers or Data Processors on behalf of the Controller or Joint Controllers and in accordance with the instructions provided to them.
7.3 The updated list of data processors is maintained by each of the Companies and is available upon request.
8. Data transfers
8.1 Personal data will not be processed or transferred outside the European Union. Should they be transferred – including for mere archiving purposes – to third countries outside the European Union, the rights provided for by the Regulation will be guaranteed and in compliance – in any case – with the applicable legal provisions and the “Standard Contractual Clauses” approved by the European Commission or other equivalent safeguards.
9. Rights of the data subject
9.1 We hereby inform you that, pursuant to Articles 15-22 of the Regulation, you have the right to exercise the following rights:
i) to access personal data;
ii) to receive confirmation as to whether or not such data exists and to know its content and origin;
iii) to obtain the rectification, updating or erasure thereof;
iv) to object to processing or to request its restriction;
v) to data portability;
vi) to withdraw consent at any time, where applicable: the withdrawal of consent does not affect the lawfulness of processing based on consent given before the withdrawal, and to object to processing for marketing and/or profiling purposes pursuant to Article 21 of the Regulation;
vii) to lodge a complaint with the Italian Data Protection Authority.
9.2 Such rights may be exercised by sending a written communication to the Group Data Protection Officer, at the contact details indicated in the preceding paragraph 2.
10. Amendments
10.1 The Controllers/Joint Controllers reserve the right to amend or simply update the content of this privacy notice, in part or in full, including as a result of changes in applicable legislation. In such cases, timely notification will be provided.
WHAT ARE COOKIES?
Cookies are small text files that websites visited by users send to their terminals, where they are stored and then retransmitted to the same websites at the next visit. So-called 3rd party cookies, on the other hand, are placed by a website other than the one the user is visiting and may be installed when the website features components and/or content dynamically provided by 3rd parties. This is because all websites may have elements (images, maps, sounds, links to other domains’ web pages, etc.) residing on servers other than that of the website being visited.
Our website uses the following types of cookie:
TECHNICAL COOKIES
These cookies are indispensable for the working of the site.
These cookies will last for 7 days.
3rd PARTY PROFILING AND ADVERTISING COOKIES
These cookies are installed by 3rd party subjects and such installation requires your consent, failing which they will not be installed. Detailed below are the links to 3rd party privacy notices where you can express your decision regarding consent to the installation of such cookies. If you do not make any choice but in any case decide to browse this website, you will be consenting to the use of such cookies.
These cookies will last for 6 months.
GOOGLE ANALYTICS
- Privacy Policy: http://www.google.com/policies/
- Technical: Yes
- Type: Analytical
- Profiling: No
Please note that information acquired by the aforementioned cookies is rendered anonymous before being sent to the 3rd party owner. Such information does not, therefore, enable users to be identified.
MANAGING PREFERENCES
In addition to the foregoing, most browsers allow users to manage cookie preferences but this website works best with all types of cookie enabled. Cookie settings may be checked and modified by the browser preferences. The following links show how to set preferences on the most commonly used browsers:
- Internet Explorer (http://windows.microsoft.com/en-US/windows-vista/Block-or-allow-cookies)
- Firefox (http://support.mozilla.com/en-US/kb/Enabling+and+disabling+cookies)
- Safari (http://support.apple.com/kb/index?page=search&fac=all&q=cookies%20safari)
- Chrome (http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95