Privacy Policy
PCube Srl Unipersonale - Cap. Soc. €10,000 i.v. - C.C.I.A.A. di Venezia - P.I. IT03757540277 - Registered Office: Via Friuli Venezia Giulia, 8 - 30030 Pianiga (VE) (hereinafter the "Company" or "PCube"), as data controller, provides you, pursuant to Articles 13 and 14 of the European Regulation 679/2016 on the protection of personal data (hereinafter "GDPR"), with the following information regarding the processing of personal data of individuals who have purchased, requested or used services and/or products provided by the Company (hereinafter the "Customer").
Index
Type of data processed
Purpose of processing
Legal basis of processing
Processing methods
Communication, dissemination and transfer of Data
Transfer of Data abroad
What are the Customer's rights
Changes and updates
1. TYPE OF DATA PROCESSED
The personal data processed by the Company include, by way of example and not exhaustively, the following categories of data relating to the Customer:
identification, contact and access data, such as name, surname, email address, telephone number and access credentials to the services and/or products provided by the Company;
(ii) browsing data, such as IP addresses, log data or domain names and other parameters relating to computers, operating systems and IT environments used;
(iii) product data, such as data relating to the products and/or services provided by the Company, which the Customer has requested, has access to or uses;
(iv) preference data, such as data relating to the Customer's preferences, activities and spending habits;
(v) payment and banking data, such as current account number or IBAN code;
(vi) data acquired from public sources, such as data of representatives and attorneys collected through, for example, Chambers of Commerce or commercial information services;
(hereinafter collectively referred to as the "Data").
2. PURPOSE OF PROCESSING
The processing of Data is carried out by the Company in the performance of its economic and commercial activities for the following purposes:
to enable the Customer to request, obtain, access and use the services and/or products provided by the Company;
b) to comply with obligations arising from laws, regulations or community legislation (e.g. tax and accounting obligations);
(the purposes referred to in letters a) and b) are collectively defined as the "Contractual Purposes")
c) to assert and defend its rights, including in the context of credit recovery and credit assignment procedures, also through third parties;
d) for the analysis and improvement of the services and/or products offered;
e) to complete a potential merger, asset sale, business or branch sale by disclosing and transferring the Data to the third party/parties involved;
(the purposes referred to in letters c) and e) are collectively defined as the "Legitimate Business Interest Purposes")
f) to provide the Customer, pursuant to Article 130 of Legislative Decree 196/2003 (the "Privacy Code"), with marketing communications via email on services and/or products similar to those that the Company provides, provided that, at any time, the Customer will have the opportunity to object to the sending of such communications;
g) with the Customer's prior consent, to provide marketing communications regarding the products and services offered by the Company, to involve the Customer in market research or other customer satisfaction initiatives through traditional communication channels such as postal mail and through automated communication tools such as email, automatic messages, and other distance communication tools;
h) with the Customer's prior consent, to provide marketing communications in accordance with the methods referred to in the previous letters f) and g) regarding the products and services of commercial partners that are part of the Company's distribution network and sales channels, to which the Data may be communicated and the list of which is available by contacting the Company through the methods indicated in this information;
i) without prejudice to what is indicated in the following letter j), to carry out, with the Customer's prior consent, an analysis of the Customer's preferences, activities and spending habits, in order to send the aforementioned marketing communications.
(the purposes referred to in letters f) to i) are collectively defined as the "Marketing Purposes");
j) to carry out, in relation to the Customer to whom communications for Marketing Purposes may be sent pursuant to this information, forms of minimally invasive segmentation based, among other things, on membership categories such as, by way of example, the professional category of membership, the city/province/region where located, and the type of service and/or product provided by the Company.
(the purpose referred to in letter j) is defined as the "Legitimate Marketing Interest Purpose").
3. LEGAL BASIS OF PROCESSING
The processing of Data is necessary with reference to the Contractual Purposes as such Data are necessary in order to:
provide the services and/or products requested concerning the cases referred to in Section 2, letter a);
comply with the provisions of applicable legislation as provided in Section 2, letter b).
Should the Customer decide not to provide the Data necessary for the Contractual Purposes, the Company will be unable to provide the requested services.
The processing of Data for Legitimate Business Interest Purposes is carried out pursuant to Article 6, letter f) of the GDPR for the pursuit of the Company's legitimate interest, which is fairly balanced with the Customer's interests, rights, and freedoms as the Data processing activity is limited to what is strictly necessary for the execution of the operations indicated therein. Processing for Legitimate Business Interest Purposes is not mandatory, and the Customer may object to such processing by the methods set out in this information; however, should the Customer decide to object to such processing, their Data may not be used for Legitimate Business Interest Purposes, except where the Company demonstrates the presence of compelling legitimate grounds or the exercise or defense of a right pursuant to Article 21 of the GDPR.
The processing of Data for Marketing Purposes is based:
with regard to Section 2 letter f), on Article 130 of the Privacy Code, which allows the sending of marketing communications via email regarding services and/or products similar to those provided, which the Customer may object to at the time of data collection and in each subsequent communication;
with regard to Section 2, letters g) to i), on the Customer's consent.
The processing of data for Marketing Purposes is not mandatory. Therefore, in case of opposition to marketing communications or refusal to provide the relevant consent, or revocation thereof, the Customer will not receive the marketing communications referred to in Section 2 letters f) to i). In any case, the Customer may revoke their consents to Data processing and object to the sending of all marketing communications at any time, through the methods provided in this information.
Finally, the processing of Data for Legitimate Marketing Interest Purpose is functional to the pursuit of a legitimate interest of the Company adequately balanced with the Customer's interests, rights, and freedoms in light of the limits imposed in Section 2 letter j). Also, in this case, processing for Legitimate Marketing Interest Purpose is not mandatory, and the Customer may object to such processing by the methods set out in this information; however, should the Customer object to such processing, they will no longer receive the relevant communications, except where the Company demonstrates the presence of compelling legitimate grounds or the exercise or defense of a right pursuant to Article 21 of the GDPR. Should the Customer wish to obtain more information about balancing interests, rights, and freedoms, they may contact the Company at any time by the methods indicated in this information.
4. PROCESSING METHODS
The Data will be processed by the Company using electronic and manual systems according to the principles of fairness, loyalty, and transparency provided by applicable personal data protection legislation and protecting the Customer's privacy through technical and organizational security measures to ensure an adequate level of security.
5. DATA RETENTION
The Data will be retained for the period necessary to achieve the purposes for which such Data were collected, as stated in this information. In any case, the following retention periods will apply concerning the Data processing for the purposes indicated below:
For Contractual and Legitimate Business Interest Purposes, the Data is retained for a period equal to the duration of the provision of the services and/or products requested by the Customer and for 10 years following the termination of the provision, subject to any renewals and cases in which retention for a subsequent period is required for any disputes, requests from competent authorities or pursuant to applicable legislation;
b) For Marketing Purposes referred to in Section 2, letters f) and g) and for Legitimate Marketing Interest Purpose, the Data is retained for a period equal to the duration of the provision of the requested services by the Customer and a period of 24 months following the last contact with the Customer, interpreted, among others, as the participation in an event of the Company, the use of a product or service provided by the Company or the opening of a newsletter (collectively defined as the "Last Contact");
c) For Marketing Purposes referred to in Section 2, letter h), the Data is retained for a period of 12 months from registration;
d) For Marketing Purposes referred to in Section 2, letter i), the Data is retained by the Company for a period equal to the duration of the provision of the services and/or products requested by the Customer and a period of 12 months following the Last Contact, while they are retained by third parties for a period equal to 12 months from registration.
6. COMMUNICATION, DISSEMINATION AND TRANSFER OF DATA
For Contractual Purposes, the Data may be transferred to the following third parties performing activities functional to those of providing the services and/or products requested by you located inside and outside the European Union: (a) third-party service providers of assistance and consultancy for the Company with reference to the activities of the sectors (by way of example only) technological, accounting, administrative, legal, insurance; (b) in cases where the provision of the requested services and/or products involves the intervention of our business partners, the Company may share some Data with distributors, resellers, partners, and suppliers who are part of the Company's distribution chain of products and services; (c) subjects and authorities whose right to access the Data is expressly recognized by law, regulations, or measures issued by competent authorities.
For Legitimate Business Interest Purposes, the Data may be transferred to the following categories of recipients, located inside and outside the European Union: (a) third-party service providers of assistance and consultancy for the Company with reference to the activities of the sectors (by way of example only) technological, accounting, administrative, legal, insurance, (b) potential buyers of the Company and entities resulting from mergers or any other form of transformation involving the Company, (c) competent authorities.
For Marketing Purposes and for Legitimate Marketing Interest Purpose, the Data may be transferred to third-party data processors providing assistance and consultancy services for the Company concerning marketing communications activities located inside and outside the European Union.
Such recipients, as the case may be, process the Customer's Data as data controllers, data processors, or persons in charge of processing. The complete and updated list of subjects processing the Data as data processors is available upon request from the Data Protection Officer, using the contact methods indicated in this information.
7. TRANSFER OF DATA ABROAD
The Data may be freely transferred outside the national territory to countries located within the European Union, but they may also be transferred outside the European Union, particularly to the United States. Concerning transfers outside the European Union to countries not deemed adequate by the European Commission, the Company adopts suitable and appropriate security measures to protect the Data. Consequently, any transfer of Data to countries outside the European Union will occur, in any case, in compliance with the appropriate and suitable guarantees for the transfer itself, such as standard contractual clauses for data protection, pursuant to applicable legislation and, in particular, Articles 45 and 46 of the GDPR.
Should the Customer wish to obtain more information about the existing safeguards and request a copy of them, they may contact the Company at any time by the methods indicated in this information.
8. WHAT ARE THE CUSTOMER'S RIGHTS
In relation to the processing of Data described in this information, the Customer may exercise, at any time, the rights provided by the GDPR (Arts. 15-21), including:
receive confirmation of the existence of the Data and access their content (right of access);
update, modify and/or correct the Data (right of rectification);
request the deletion or restriction of the processing of Data processed unlawfully, including those for which retention is unnecessary for the purposes for which the Data were collected or otherwise processed (right to be forgotten and right to restriction);
object to the processing (right to object);
withdraw consent, where given, without prejudice to the lawfulness of processing based on the consent given before withdrawal;
lodge a complaint with the Supervisory Authority (Italian Data Protection Authority www.garanteprivacy.it) in case of violation of the personal data protection legislation;
receive a copy in electronic format of the Data concerning them, to transfer them to themselves or a different service provider, in cases where the Company processes such Data based on their consent or based on the circumstance that the processing is necessary for providing the requested services and/or products and the Data are processed through automated tools (right to data portability).
To exercise such rights, the Customer may contact the Data Protection Officer, who can be reached by sending a request to the email address privacy@pcube.it or addressing the communication by mail to the Company's address indicated at the beginning of this information, indicating "attention of the Data Protection Officer."
When contacting us, the Customer must ensure to include their name, email/postal address, and/or telephone number(s) to ensure that their request can be handled correctly.
9. CHANGES AND UPDATES
This information may be subject to changes also due to possible modifications and/or additions to regulations. Changes will be notified in advance, and the updated text of the information will always be available on www.pcube.it and shop.pcube.it.