PRIVACY STATEMENT FOR CUSTOMERS
1. What types of personal data are collected
The Personal Data Protection Policy governs the use and storage of personal data that is processed. FIX advanced entertainment solution Soc. Cop. is the “Data controller” of the personal data that you as an interested party provide us.
The updated list of data supervisors and data processors is kept at the Data Controller’s office.
FIX advanced entertainment solution Soc. Cop. collects the following types of personal data:
- Personal information
- Personal contact information
2. Why the data is collected (purpose of treatment)
Your personal data is collected to provide the following services:
1) without your express consent (Art. 6 letters b and e of the GDPR), for the following Service related Purposes:
- to enter into contracts for the Data Controller’s services;
- to fulfil the pre-contractual, contractual and tax related obligations resulting from current business relations with you;
- to fulfil the obligations established by law, by a regulation, by EU legislation, or by an order of the Authority;
- to exercise the rights of the Data Controller, for example the right to defence in court;
Please note that if you are already a customer, we may send you business communications relating to our services and products similar to those you have already used, unless you have not agreed to receive these communications.
3. How and where data is processed and stored (processing methods)
The personal data collected (identified in point 1) is processed in the operational offices and accounting offices located in Italy, in Via Fieschi, 20 16121 Genoa. Data storage and archiving takes place in the same offices.
No third party has access to the data, unless specifically required by law to fulfil the purposes indicated.
4. For how long data is stored
The processing of your personal data is carried out by means of the operations indicated in art. 4 no. 2 GDPR and more specifically: collection, registration, organization, structuring, storage, consultation, processing, adaptation or modification, selection, extraction, comparison or interconnection, use, communication (by transmission, dissemination or any other provision), limitation, deletion or destruction of data.
Your personal data is processed with the support of the following means:
- paper version
- electronic/IT (management and accounting software, etc.)
Pursuant to Italian law, FIX advanced entertainment solution Soc. Cop. will process personal data and will be required to keep the documents for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service-Related Purposes and not more than 2 years from the collection of data for Marketing Purposes (or for a shorter period if we are informed that the receipt of such information is not desired) according to the Data Retention Policy. After these periods, personal data will be irreversibly destroyed. For more information on the program for the storage of personal data, see the Data Retention Policy.
5. Access to data
Your data may be made accessible for the purposes referred to in paragraph 2.A above pursuant to art. 15 of the GDPR:
1) to employees and collaborators of the Data Controller, in their capacity as data supervisors or data processors and/or system administrators;
2) to third party companies or other subjects (indicatively banking institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) in order to carry out outsourced activities on behalf of the Data Controller, in their capacity as external data supervisors and processors.
6. Data communication
Without the need for specific consent (Art. 6 letters b and c of the GDPR), the Data Controller may communicate your data for the purposes referred to in paragraph 2.A above to those subjects to whom such communication is obligatory by law for the accomplishment of the aforementioned purposes (business, accounting and administrative consultants, accounting firms, banking institutions, etc.) and other subjects such as judicial authorities, insurance companies for the provision of insurance services, and Supervisory bodies.
These subjects will process the data in their capacity as independent data controllers.
Your personal data will not be disseminated.
7. Data transfer
Personal data is stored on servers located within the European Union.
In any case, it is understood that the Data Controller, if necessary, has the right to move the servers outside the EU. In this case, the Data Controller henceforth ensures that the transfer to a non-EU location will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.
8. Provision of the data and consequences resulting from the refusal to provide it
The provision of data for the purposes referred to in paragraph 2.A above is obligatory. In its absence, we cannot guarantee the Services indicated in paragraph 2.A above.
The provision of data for the purposes of paragraph 2.B above is optional. You can therefore decide not to provide any data or to subsequently deny the right to process the data already provided: in this case, you will not be able to receive newsletters, business communications and advertising material concerning the Services offered by the Data Controller.
In any case, you will continue to be entitled to the Services referred to in paragraph 2.A above.
9. Your rights as an interested party and how to exercise them
In your capacity as an interested party, you have the rights referred to in art. 15 of the GDPR according to the methods and within the limits established by current legislation. You have the right to:
- request confirmation of the existence of personal data concerning yourself (right of access);
- know its origin;
- receive intelligible communication about your data;
- have information about the logic, the methods, and the purposes of the data processing;
- request that the data be updated, corrected, supplemented, deleted, transformed into an anonymous form, or blocked when processed in violation of the law, including data no longer necessary for the purposes for which it was collected;
- receive, in cases of consent-based processing, the data you provided to the Data Controller, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
- file a complaint with the Supervisory Authority.
You can exercise your rights at any time. Requests should be sent to the Data Controller, by contacting FIX advanced entertainment solution Soc. Cop. through the “Data Access Request Form” or through the e-mail address firstname.lastname@example.org or in writing to Via Fieschi, 20 16121 Genoa, Italy.
If you wish to make a complaint regarding how your personal data was handled, please contact the “Data Protection Officer” at email@example.com or in writing to Via Fieschi, 20 16121 Genoa, Italy.
The Data Protection Officer will examine your complaint and work with you to solve the problem.
If you believe that your personal data has not been handled appropriately according to the law, you can submit a complaint to the Supervisory Authority: Italian Data Protection Authority (Public Relations Office – URP address: Piazza di Monte Citorio no. 121- 00186 – ROME, Italy; Tel.: +39 06.69677.2917; e-mail: firstname.lastname@example.org, email@example.com; Certified email: firstname.lastname@example.org). Date: May 25th 2018