This privacy policy aims to provide all the information regarding the processing of personal data carried out by Digitoo Group S.r.l., when the User subscribes to this portal in order to receive promotional communications (as better specified below).
- INTRODUCTION – WHO ARE WE?
Digitoo Group S.r.l., with registered offices in Via Confienza 10, 10121, Torino (TO) Italia, Partita IVA n. 12705900012 (hereinafter the “Controller”), owner of this website (hereinafter the “Website”), as the controller of personal data of the users who browse on the Website (hereinafter the “Users”) provides the following privacy policy according to Article 13 of EU Regulation 2016/679 dated 27 April 2016 (hereinafter, “Regulation” or “Applicable Law”).
- HOW TO CONTACT US?
The Controller takes the utmost account of its Users’ right to privacy and protection of personal data. For any information related to this privacy policy, Users may contact the Controller at any time, using the following methods:
- Sending a registered letter with return receipt to the registered offices of Digitoo Group;
- Sending an electronic mail message to the address info@digitoogroup.com.
The Controller did not appoint a Data Protection Officer (DPO), because the Controller is not subject to the mandatory obligation to appoint it pursuant to art. 37 of the Regulation.
- WHAT DO WE DO? – PROCESSING PURPOSES
The Website allows Users to release their personal data in order to be contacted for receiving offers, coupons, discounts, marketing campaigns and/or compare quotes on promotions presented each time on this page (hereinafter, the “Service”). In connection with the activities that may be carried out through the Website, the Controller collects personal data relating to the Users.
This Website and any services offered through the Website are reserved for individuals who are 18 years and over. Therefore, the Controller does not collect personal data relating to individuals under 18 years of age. Upon request of the Users, the Controller will promptly delete all personal data that has been involuntarily collected and related to subjects under the age of 18.
The personal data of the Users will be processed lawfully by the Controller for the following processing purposes:
- process the User’s request: Users’ personal data are collected and processed by the Controller for the sole purpose of fulfilling their request to receive promotional communications on the contacts provided. Therefore, the User will receive periodic communications from the Controller that will contain advertising material, also relating to third party products or services. The User’s data collected by the Controller for this purpose include: first name, last name, telephone number, e-mail address and any further data voluntarily published by the User. The Controller may contact the User by e-mail and/or SMS and/or messaging systems. Without prejudice to what is provided for elsewhere in this privacy policy, under no circumstances shall the Controller make the User’s personal data accessible to other Users and/or third parties;
- legal obligations, or to fulfil obligations provided by the law, an authority, a regulation or European legislation.
The provision of personal data for the processing purposes indicated above is optional but necessary, since failure to provide such data will make it impossible for the User to receive promotional communications requested from the Controller. In the event of consent, the User may withdraw it at any time by making a request to the Controller by the means indicated in paragraph 8 below.
The User may also easily object to further promotional communications by clicking (where applicable) on the appropriate link for revocation of consent, which is present in each communication received. Once consent has been revoked, the User will see a message confirming that consent has been revoked.
Personal data that are necessary for the pursuit of the processing purposes described in this paragraph 3 are indicated with an asterisk in the request form.
- FURTHER PROCESSING PURPOSES
4.1 Communication of data to the Controller’s Partners
The User’s personal data (i.e. name, surname, e-mail, telephone number) will be communicated by the Controller to the following categories of third party companies:
– communication, landline, and mobile telephone companies
– companies operating in the e-commerce sector for products and services
– companies operating in the utilities sector – gas, electricity, water, photovoltaics and water purification
– companies operating in the tourism sector – tour operators, travel and transport agencies – and in the leisure sector
– companies involved in vocational and/or educational training
– advertising and marketing agencies, media centres, market research and contact centres
– companies operating in the automotive sector
– companies operating in the financial, banking, insurance sector
(hereinafter collectively referred to as the ‘Controller’s Partners‘).
The Data Controller’s Partners, as autonomous data controllers, will process the User’s personal data for their own marketing purposes (direct sales, sending of advertising material and commercial communications), and may contact the User by post, e-mail, telephone (landline and/or mobile, with automated call or call communication systems with and/or without the intervention of an operator) and/or SMS and/or messaging systems to propose to the User the purchase of products and/or services offered by the Data Controller’s Partners and/or other companies and to present the User with offers, promotions and commercial opportunities. Once the transfer has taken place, it will be the responsibility of the Controller’s Partner to provide the Users with all the information provided for in Article 14, paragraph 3 of the Regulation.
If consent is not given, the possibility of subscribing to the Service shall not be affected in any way. In the event of consent, the User may withdraw it at any time by making a request to the Controller with the methods indicated in paragraph 8 below.
The Data Controller informs that the User’s personal data will be processed by the Data Controller’s Partners as autonomous data controllers, based on the specific information that will be issued by the Data Controller’s Partners to the Users. Any requests not to receive further commercial communications from the Controller’s Partners, to whom the data have already been communicated by the Controller, must therefore be addressed directly to them.
Here you can consult the list of the Controller’s Partners that have requested to be indicated extensively.
- LEGAL BASIS
Process User’s request (as described in paragraph 3, letter a) above): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, since the processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract.
Legal obligations (as described in paragraph 3, letter b) above): the legal basis is Article 6, paragraph 1, letter c) of the Regulation, since the processing is necessary for compliance with a legal obligation to which the controller is subject.
Further processing purposes: for the processing relating to data communication activities to the Data Controller’s Partners (as described in Section 4 above), the legal basis consists in Article 6(1)(a) of the Regulation, i.e. the provision by the data subject of consent to the processing of his/her personal data for one or more specific purposes. For this reason, the Data Controller asks the User for the provision of a specific free and optional consent, in order to pursue such processing purpose.
- PROCESSING METHODS AND DATA RETENTION PERIOD
The Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.
The personal data of the Users will be retained for the time strictly necessary to carry out the main purposes explained in paragraph 3 above or, in any case, as necessary for the protection in civil law of the interests of both the Users and the Controller.
In the cases referred to in paragraph 4.1, the User’s personal data shall be retained for the time strictly necessary to fulfil the purposes set out therein and, in any event, until the User withdraw his consent.
- TRANSMISSION AND DISSEMINATION OF DATA
The User’s personal data may be transferred outside the European Union and, in this case, the Controller will ensure that the transfer is carried out in accordance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the Regulation.
The employees and/or collaborators of the Controller who are in charge of carrying out Website maintenance may become aware of the personal data of the Users. These subjects, who have been instructed by the Controller accordingly to article 29 of the Regulation, will process the User’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.
The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Controller as “Data Processors”, such as, for example, IT and logistic service providers functional to the operation of the Website, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Controller, making a request to the Controller in the manner indicated in paragraph 7 below.
- RIGHTS OF THE DATA SUBJECTS
Users may exercise their rights granted by the Applicable Law by contacting the Controller as follows:
- Sending a registered letter with return receipt to the registered offices of Digitoo Group;
- Sending an electronic mail message to the address info@digitoogroup.com.
Pursuant to Applicable Law, the Controller informs that Users have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the data controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to aware of them as processors or agents.
Furthermore, Users have the right to obtain:
a) access, updating, rectification, or, when interested, integration of data;
b) the cancellation, transformation into anonymous form or the restriction of data processed in breach of the law, including data that does not need to be stored in relation to the purposes for which the data was collected or subsequently processed;
c) certification to the effect that notification has been supplied of operations as per letters a) and b), as also regards their content, to those to whom the data was communicated or disseminated, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.
Moreover, the Users have:
a) the right to revoke consent at any time, if the processing is based on their consent;
b) (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device);
c) the right to oppose to:
i) in whole or part, for legitimate reasons, the processing of personal data relating to him/her for legitimate reasons even pertinent to the purpose of collection;
ii) in whole or part, the handling of personal data for the purpose of sending advertising or sales materials or for the carrying out of market research or for commercial communication purposes;
iii) if personal data is processed for direct marketing purposes, at any time, to the processing of data for this purpose, including profiling to the extent that it is related to such direct marketing.
d) if it is deemed that the processing concerning his/her personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which he/she usually resides, in the one in which he/she works or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Authority, with registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).
The Controller is not responsible for updating all links viewed in this Privacy Policy, therefore, whenever a link does not work and/or is not updated, the Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.