Policy on the processing of personal data
This Policy information is intended for all those who interact with the pages of the Website, both those who use the Site without registering and those who register online for certain services.
This Policy information is provided pursuant to Article 13 of EU Regulation 2016/679 of the General Data Protection Regulation.
Who processes your data?
Via Paleocapa, 7 – 20121 Milan
Tax Code 80140330152
processes the data as the data controller (hereinafter also "Data Controller").
What data do we process?
Further to any additional information provided on other pages (in particular with reference to "Cookies"), the following data may be collected and processed through the Site and use of the related features and/or subscription to the services provided therein:
• Navigation data: these are the data that the server automatically records at each visit to the site, such as IP addresses or domain names of the computers used to connect to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, time of the request, method used to submit the request to the server, size of the returned file, digital code indicating the server response status (successful, error, etc.) and other parameters pertaining to the user's operating system and computer environment.
• Common personal and identification data: this category includes name and surname, email, company, qualification, additional contact data, data and information that may be contained in messages sent to the addresses indicated on the Website or by filling in any modules or electronic forms published there. The Website does not contain information, features or services directly intended for users under the age of 14. Minors should not provide information or personal data without the consent of their parent or guardian. Therefore, users under the age of 14 are asked not to communicate their personal data under any circumstances without the prior authorisation of a parent or guardian. Any data provided by persons under the age of 14 will be destroyed and access to the services available on the Website will be inhibited to any user who has concealed their minor age or who has in any case communicated their personal data in the absence of the consent of their parent (or guardian).
For what purposes do we process your personal data?
The data processing is aimed at achieving the following purposes:
1. In fulfilment of contractual or pre-contractual obligations - for the correct provision of the services requested or in any case accessible through the Website and/or through the forms made available therein, as well as for managing and processing questions and requests for interaction with GS1 Italy and persons attributable to the organisation of the latter. We point out that, given the institutional role of GS1 Italy, for associates, the transmission by email of a periodic newsletter with editorial content and/or concerning information on the activity of GS1 Italy (including ECR) and/or GS1 Italy Servizi S.r.l., constitutes an integral part of the services of GS1 Italy. In any case, it will always be possible to unsubscribe from this newsletter by following the instructions at the bottom of each email;
2. In fulfilment of legal obligations - for the fulfilment of obligations deriving from the law or national and/or European Community regulations in force, including in the field of taxation, as well as provisions issued by pertinent authorities and bodies;
3. By virtue of a legitimate interest of GS1 Italy - for the defence in court of a right or interest before any competent authority or body (including in the field of computer crimes); for sending information by email concerning services similar to those subject to a previous request by the user, without prejudice to the latter's right to object at any time;
4. Subject to your consent (optional and revocable at any time), the data may be processed to contact you by email or by telephone with an operator regarding communications of an informative or promotional nature regarding initiatives, projects and events relating to "Interno1" and to partner companies/entities or sponsors of GS1 Italy, as well as, in general, in relation to the activity of the latter and of the associated company GS1 Italy Servizi S.r.l. Any revocation of consent will only affect the processing of data subsequent to the time the revocation is submitted.
What happens if you do not provide your data?
The provision of data for the purposes referred to in points (i) (fulfilment of contractual obligations), (ii) (fulfilment of legal obligations) is optional. However, since this processing is necessary to allow browsing the Website and the use of the services offered through it, failure to provide, partial provision or incorrect provision of the data in question will make it impossible, depending on the case, to use the services provided online and to process and fulfil specific user requests.
Communication of data
Data may be communicated to the following categories of subjects:
• To any entity (including Public Authorities) which have access to the personal data based on statutory and administrative provisions.
• To all entities, whether public and/or private, natural and/or legal persons, for whom the communication is necessary or functional for the correct fulfilment of a contractual or legal obligation.
In addition to the above, personal data may be made known to persons working on behalf of the Company for the pursuit of the purposes described above, such as, by way of example only, and not limited to:
• Companies, consultants or professionals who may be in charge of the installation, maintenance, updating and, in general, hardware and software management of the Website.
• Companies, consultants or professionals who may be appointed to provide services complementary to those offered by the Company and subject of the user's request;
• Legal and tax professionals and consultants;
who will process them, as appropriate and subject to the appropriate assessments of the specific case, as autonomous data controllers or external managers of the processing of personal data on behalf of GS1 Italy.
As a matter of principle, personal data will not be transferred to non-EU countries or outside the European Economic Area.
If, for the pursuit of the aforementioned purposes, personal data are transferred outside the European Union, the transfer will take place to third countries that guarantee an adequate level of protection of personal data, as established by specific decisions of the European Commission.
Transfer to the United States will take place on the basis of the so-called "Privacy Shield" or other convention or agreement that is, from time to time, in force and applicable. Personal data will only be transferred to countries that do not belong to the European Union and that do not ensure adequate levels of protection after the conclusion of specific agreements which incorporate so-called "standard contractual clauses", in the version approved by the European Commission and, from time to time, in force and applicable.
For how long will my data be stored?
Personal data will be stored for the entire duration of the contractual relationship or in any case for the time necessary to carry out, process and manage any user requests and, subsequently, for the maximum time permitted by the applicable legal provisions regarding the prescription of rights and/or forfeiture of the action (including in the administrative-fiscal field) and, in general, for the exercise/defence of the rights of GS1 Italy in disputes brought by public authorities, public subjects/bodies and private subjects.
In the event of processing based on consent for the sending of informational and promotional communications, the data will be stored for a period not exceeding two years.
What are your rights?
As a data subject, the user has the right to ask the Data Controller to exercise the following rights:
Right of access
You may request confirmation of the existence or otherwise of processing of your personal data and, if so, access such data and specific information on the processing, such as, for example, the purposes, the categories of data processed and the existence of the other rights indicated below. You may also request a copy of your data.
Right of rectification
You have the right to request and obtain rectification of your personal data and/or the integration of incomplete personal data.
Right of erasure
You may obtain the deletion of your data, without unjustified delay, among others, if (i) such data are no longer necessary for the purposes for which they were collected, (ii) you object to the processing of your data (as indicated below) and there is no other legitimate prevalent reason for the processing, (iii) the data are processed unlawfully, (iv) the data must be deleted pursuant to a legal obligation, and (v) personal data of a minor under 14 years of age were collected in relation to the offer of information society services.
We invite you to consider that this right does not apply if the processing of data is necessary, among others, for the fulfilment of a legal obligation or for the ascertainment, exercise or defence of a right in court.
Right of limitation
You have the right to obtain the limitation of the processing of personal data, which means that the processing of data will be suspended for a certain period of time. Circumstances that may give rise to this right include situations in which the accuracy of the personal data has been challenged, but some time is required to verify the (in)accuracy. This right does not prevent the continued processing of personal data.
Right to portability
You have the right to receive the personal data concerning you in a structured format, commonly used and readable by an automatic device and to transmit them to another data controller in relation to the cases in which the processing of your data is based on consent or concerns particular categories of personal data processed on the basis of your consent, or if the processing is based on the execution of a contract and such processing is carried out by automated means.
You also have the right to obtain the direct transmission of data from one data controller to another, where technically feasible.
The possibility of obtaining the deletion of data, as indicated above, remains unaffected.
Right to object
You have the right to object at any time – and on the basis of reasons relating to your particular situation – to the processing based on a legitimate interest of the Data Controller, without prejudice to the demonstration by the latter of compelling legitimate reasons for proceeding with the processing that prevail over the interests, rights and fundamental freedoms of the data subject or for the ascertainment, exercise or defence of a right in court.
Right to lodge a complaint with the Data Protection Authority
Furthermore, in the event that you believe that the processing of your data violates provisions of the Regulation, you have the right, pursuant to Article 77 of the Regulation itself, to lodge a complaint with the competent Data Protection Authority in the Member State in which you usually reside or work, or the State in which the alleged infringement occurred.
The above rights may be exercised by informal request addressed to the Data Controller. The request can be sent to the Data Controller by letter or email at the addresses indicated above – email: firstname.lastname@example.org.