Information on the processing of personal data – Customers and potential customers
1. Identity and contact details of the data controller
The Website is entirely managed by:
TECMA SOLUTIONS SPA
Registered office address Milan (MI) Via Medardo Rosso, 5 – CAP 20159
Tel: +39 02 66.80.94.09 ,
Email: info@tecmasolutions.com ,
PEC: tecmasolutions@pec.it ,
REA NUMBER : MI – 1985204,
VAT number and Tax Code: 07840930965,
hereinafter also “ the Owner ”.
Since the Data Controller is established in Italian territory, no representative has been appointed.
2. Contact details of the DPO
The Data Controller has not appointed a Data Protection Officer (“DPO”) pursuant to art. 37 GDPR.
3. Purpose of the processing and legal basis of the processing
Personal data will be processed for the following purposes:
- For contractual purposes and/or connected to the execution of pre-contractual measures adopted at your specific request, as well as to fulfill any legal obligations connected to such purposes, and in particular, to allow you to be contacted for the purpose of evaluating the possibility of concluding specific contracts. In this case, the need to proceed with the processing for the execution of the contract and/or for the management of pre-contractual relationships constitutes the legal basis;
- To send direct marketing communications, newsletters, advertising material, by means of traditional contact systems and automated IT systems, including commercial or promotional communications by e-mail or SMS, or for market research and analysis. In this case, consent, expressed in accordance with this information, constitutes the legal basis;
- For purposes related to related legal obligations if processing has been carried out for the purposes referred to in letter a). In this case, the legal basis is the legal obligation of the Data Controller to process such personal data in compliance with applicable national legislation.
4. Method of expressing consent
Consent, where required, may be expressed by signing a computerized document, also using specific flagboxes.
5. Treatment methods and rationale
- In relation to the personal data processed and stored for the purposes referred to in number 3 point a) of this information (contractual and pre-contractual purposes) and referred to in the following number 3, point c) (legal purposes), the processing will take place through paper-based tools, automated logic and use of CRM-type management software managed in the cloud, which will allow you to better manage the fulfillment of contractual obligations;
- In relation to the personal data processed for the purposes referred to in number 3, point b) of this information (marketing purposes) the processing will be carried out using software for sending commercial information.
6. Source from which the personal data originates
Only the data provided in accordance with this information will be processed. Personal data from sources accessible to the public will not be processed.
7. Recipients and any categories of recipients of personal data
The following may be recipients of personal data:
- The communications companies that carry out commercial communication activities on behalf of the Data Controller, if the relevant consent has been expressed, which hold the status of data controllers;
- Companies offering information society services, including, in particular, those offering hosting services;
- Companies that make cloud software available;
- Auditing companies;
- The owner’s partner companies.
8. Data Categories
Personal data will be processed.
9. Data Transfer
The Data Controller intends to transfer the personal data to a third country or to an international organisation. These subjects could be represented, by way of example, by:
- Communications companies that carry out communication activities on behalf of the Owner;
- Communication society service provider;
- Controlled and/or controlling organisations.
The transfer of personal data to such subjects, if established in a third country or an international organisation, is carried out in the presence of an adequacy decision from the European Commission, which has verified that the third country, the territory or one or more specific sectors within the third country, or the international organization in question ensure an adequate level of protection of rights. In any case, the Data Controller – if he deems it appropriate – reserves the right to conclude specific separate agreements that oblige such subjects to adopt adequate security measures, including organizational ones, aimed at offering appropriate guarantees regarding rights. The data may thus be transferred to the following countries: United States of America. To obtain a copy of such data or the place where they were made available, simply send the relevant request to the Data Controller, at the addresses in the epigraph.
10. Period of retention of personal data
- The personal data processed and stored for the purposes referred to in point a) number 3 of this information (contractual and pre-contractual purposes) are processed for a period of time not, however, exceeding 10 years starting from the termination of the effects of the contract, in case of conclusion of the same, and, in the case of mere pre-contractual negotiations, for a period not exceeding 10 years from the termination of the negotiations;
- The personal data processed for the purposes referred to in point b) number 3 of this information (marketing purposes) are processed and stored until the relevant cancellation and/or revocation is requested by the interested party;
- The personal data processed and stored for the purposes referred to in point c) number 3 (fulfillment of legal obligations) are processed and stored for a period not exceeding 10 years starting from the termination of the effects of the contract, in the event of its conclusion , and, in the case of mere pre-contractual negotiations, for a period not exceeding 10 years from the termination of the negotiations, without prejudice, in any case, to different provisions of law.
11. Optional nature of consent and consequences of non-consent
- In relation to personal data processed and stored for the purposes referred to in point a) number 3 of this information (contractual and pre-contractual purposes), the communication of personal data is a contractual obligation and a necessary requirement for carrying out pre-contractual negotiations and for the conclusion of the contract. The interested party has the right to provide personal data; in case of failure to communicate such data, however, it will not be possible to conclude any contract or carry out any contractual negotiations;
- In relation to personal data processed for the purposes referred to in point b) number 3 of this information (marketing purposes), the communication of personal data is not a contractual obligation. You have the right to provide personal data; in case of failure to communicate such data, however, it will not be possible to carry out any marketing activity;
- In relation to personal data processed for the purposes referred to in point c) number 3 of this information (legal obligations), the communication of personal data is a legal obligation. There is an obligation, in this case, to provide personal data; in case of failure to communicate such data it will not be possible to conclude the contract.
12. Right to object
The interested party has the right to object in the following terms:
- The right to object at any time, for reasons related to your particular situation, to the processing of personal data concerning you pursuant to Article 6, paragraph 1, letters e) or f) of the GDPR, including profiling on the basis of these provisions . The Data Controller refrains from further processing the personal data unless he demonstrates the existence of compelling legitimate reasons to proceed with the processing which prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court;
- If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such purposes, including profiling to the extent that it is connected to such direct marketing;
- In case of opposition to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes. It is specified that the interested party’s right to object to the processing of their personal data for the aforementioned purposes may be exercised even only in part, i.e. by objecting, for example, to the sole sending of promotional communications carried out via automated and/or digital tools, or to the sending of paper communications;
- If personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, the data subject, for reasons relating to his or her particular situation, has the right to object to the processing of personal data which concerns you, except where the processing is necessary for the performance of a task of public interest.
13. Other rights
The Data Controller also intends to inform you of the existence of the following rights:
- Right of access: the interested party has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed and, in this case, to obtain access to the personal data and specific information, in compliance with the art. 15 of the GDPR;
- Right of rectification:: the interested party has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him or her without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration, in accordance with the art. 16 of the GDPR;
- Right to delete data, including the right to withdraw consent: the interested party has the right to obtain from the Data Controller the deletion of personal data concerning him or her without unjustified delay and the Data Controller has the obligation to delete the data without unjustified delay. personal data, or to withdraw your consent, if the reasons defined by the art. exist. 17 of the GDPR. As regards the right to revocation, the interested party also has the right to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
- Right to limit processing: the interested party has the right to obtain from the Data Controller the limitation of processing when the hypotheses defined by the art. 18 of the GDPR;
- Right to data portability: the interested party has the right to receive the personal data concerning him or her provided to the Data Controller in a structured, commonly used and machine-readable format and has the right to transmit such data to another data controller without impediments on the part of the Data Controller in the cases and under the conditions specified by the art. 20 of the GDPR;
- The contractor’s right to object to commercial communications: the contractor has the right to object at any time, free of charge, to the receipt of commercial communications.
14. Exercise of rights
Requests to exercise the rights indicated in this information, including, in particular, the right to cancellation and the right to revoke the consent given must be addressed directly to the Data Controller at the relevant email address. Alternatively, you can exercise your rights by sending the relevant communication via registered mail to the Owner’s address.