Privacy Policy
PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA PURSUANT TO REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016 (GDPR). EFFECTIVE FROM 05/04/2023
INTRODUCTION
This privacy policy takes into account the provisions of the GDPR and the Privacy Act (Legislative Decree No. 196 of 30 June 2003). This document was also worded according to the Guidelines of the Data Protection Supervisor (especially the Guidelines on Marketing and against Spam issued by the Data Protection Authority on 4 July 2013).
Controller:
ISAAC S.R.L.
Via Magolfa, 27 – 20143 Milan (MI)
Milan Chamber of Commerce
VAT Reg. No. 10142270965
Phone: +39 02 500 21099
Email: [email protected]
Website this privacy policy refers to: https://isaacantisismica.com/ (Website).
The Controller has not appointed a DPO (Data Protection Officer). Therefore, you may send any request for information directly to the Controller.
GENERAL INFORMATION
This document describes how the Controller processes your personal data provided on the Website.
The main processing of your personal data is described below. In particular, it explains the legal basis of processing if provision is required and the consequences of failure to provide personal data. To better describe your rights, if necessary, we have specified if and when a certain processing of personal data is not carried out.
Registration on the Website
The Website does not offer the possibility of registration. Therefore, the Controller does not process your personal data for this purpose.
Shopping on the Website
Purchases cannot be made on this Website. Therefore, your personal data will not be processed for this purpose. The Controller does not process the user’s data to send “reminder” emails for purchasing the Controller’s products or services.
Responding to your requests
Your data will be processed to respond to your requests for information. Provision is optional, but your refusal makes it impossible for the Controller to answer your questions. The legal basis of processing is the legitimate interest of the Controller to follow up on the user’s requests. This legitimate interest is equivalent to the user’s interest in receiving a response to communications sent to the Controller.
Generic marketing
Subject to your consent, the Controller may process the personal data you provide in order to send you advertising material and/or newsletters relating to its own or third-party products. The legal basis for this processing is your consent. The provision of personal data for this purpose is optional. Failure to consent to the processing of data for marketing purposes will make it impossible for you to receive advertising material relating to products/services of the Controller and/or third parties and prevent the Controller from sending you market surveys, even aimed at assessing the degree of your satisfaction, and newsletters. These communications will be sent to the e-mail address provided by you on the Website.
Profiling
Subject to your consent, the Controller may process your personal data for profiling purposes, i.e., for analysing your consumption choices by collecting the type of purchases made by you and the frequency, in order to send you advertising material and/or newsletters relating to its own products, or third-party products you have shown interest in. The legal basis for this processing is your consent. Provision of data for this purpose is optional. Failure to consent to the processing of your personal data for profiling purposes will prevent the Controller from processing your commercial profile, by studying your choices and purchasing habits as well as by sending you advertising material, relating to its products and/or products of third parties, you have shown interest in. These communications will be sent to the email address provided by you on the Website.
Transfer of data
The Controller does not transfer your personal data to third parties.
Geolocation
The Website does not implement tools to geolocate the user’s IP address.
Curriculum Vitae
You can submit your curriculum vitae on this Website. Your curriculum vitae will be reviewed by the Controller or its collaborators. The purpose of the processing is the legitimate interest of the Controller to view the document to verify the possibility of starting an employment or collaboration relationship with you. This interest is equivalent to your interest in being contacted by the Controller for this purpose. The data will be stored up until the end of the selection period and in any case for a period not exceeding 6 months from submission of the curriculum vitae. Provision of consent is optional and failure to provide it will prevent the Controller from contacting you.
Booking appointments
There are no third-party systems for booking appointments with the Controller on our Website. Therefore, your data will not be processed for this purpose. In any case, you can always contact the Controller as indicated in the epigraph.
Disclosure of personal data
As part of its normal activity, the Controller may disclose your personal data to certain categories of entities. In Article 2, you can find the list of entities the Controller discloses your personal data to. To facilitate the protection of your rights, Article 2 may in certain cases specify when your data are not disclosed to third parties.
“Disclosure” of personal data to third parties is different from “transfer” (regulated in the preceding point). In fact, the third party your data are “disclosed” to may only use them for the specific purposes described in the contract with the Controller. On the other hand, the third party your data is “transferred” to becomes the Controller of the autonomous processing of personal data. In addition, in order to transfer your personal data to third parties, your consent is always required.
Without prejudice to the foregoing, it is understood that the Controller may, however, use your personal data to correctly fulfil the obligations provided for by the laws in force.
SPECIFIC PRIVACY POLICY
Article 1 Processing methods
The processing of your personal data will mainly be carried out with the aid of electronic means or in any case automated means, according to methods and with the appropriate tools to ensure their security and confidentiality in accordance with the GDPR.
1.2 The information obtained and processing methods will be relevant and not excessive with respect to the type of services provided. Your data will also be managed and protected in secure IT environments appropriate to the circumstances.
1.3 “Special categories of data” are not processed by our Website. Special categories of data are those that can reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, health status and sex life.
1.4 Judicial data are not processed by our Website.
Art. 2 Disclosure of personal data
The Controller may disclose your personal data to certain categories of entities. The entities the Controller reserves the right to disclose your data to are indicated below:
- The Controller may disclose your personal data to any entity (including Public Authorities) having access to personal data by virtue of regulatory or administrative measures.
- Your personal data may also be disclosed to any public and/or private entities, individuals and/or legal entities (legal, administrative and tax consultancy firms, Judicial Offices, Chambers of Commerce, Chambers of Labour and Labour Offices, etc.), if disclosure is necessary or functional to the correct fulfilment of legal obligations.
- The Controller makes use of employees and/or collaborators in any capacity. To ensure that the Website works properly, the Controller may disclose your personal data to these employees or collaborators.
- For routine management of the Website, the Controller puts companies, consultants or professionals in charge of the installation, maintenance, updating and, in general, the management of the hardware and software of the Controller or which the latter uses for the provision of its services. Your data may, therefore, also be processed by these entities only with reference to these purposes.
- To send its communications, the Controller uses external companies specializing in sending these types of communications (CRM platforms). Your personal data (in particular, your email address) may therefore be disclosed to these companies.
- The Controller does not use external companies to provide customer care service.
- The personal data of those who make a purchase are not disclosed to couriers or freight forwarders.
The Controller reserves the right to modify the above list as it sees fit. Therefore, you should view this privacy policy regularly to check which entities the Controller discloses your personal data to.
Art. 3 Storage of personal data
3.1 This article describes how long the Controller reserves the right to store your personal data.
- Your personal data will be stored only for the time necessary to ensure that the services offered through the Website are fairly provided.
- For marketing purposes, personal data will be stored up until withdrawal of consent. For inactive users, personal data will be erased one year after the last email viewed was sent.
- For customer care purposes, your data will be erased upon completion of the support service.
3.2 Without prejudice to the provisions of Article 3.1, the Controller may store your personal data for the time required by specific regulations, as amended from time to time.
Art. 4 Transfer of personal data
4.1 The Controller is based in the European Union. Therefore, the processing of your data is done safely from a regulatory point of view as it is governed by the GDPR. If your personal data is transferred to a non-EU country for which the European Commission has made an adequacy judgement, the transfer is in any case considered safe from a regulatory point of view. This Article 4.1 indicates from time to time the countries your personal data may be transferred to for which the European Commission has made an adequacy judgement.
- The Controller may transfer your personal data to the United Kingdom. With the decision of 28 June 2021, the European Commission has in fact ruled that the United Kingdom provides an adequate level of protection of personal data on the basis of the provisions of the GDPR.
4.2 Without prejudice to the provisions of Article 4.1, your data may also be transferred to non-EU countries for which the European Commission has not expressed an adequacy judgement. Please view this Article 4.2 regularly to ascertain which of these countries your data may be transferred to. To allow our Website to work properly, your personal data may be transferred to the USA. In these cases, the Controller will take all appropriate legally binding measures to ensure an adequate level of protection of your personal data, including, among others, the Standard Contractual Clauses approved by the European Commission on 4 June 2021.
4.3 In this article, the Controller indicates the countries where it may run its business. This circumstance may imply the application of the legislation of the concerned country, together with that of the GDPR.
- At the request of the user, the Controller will apply the most favourable legislation provided by the user’s national legislation to the processing of his or her personal data.
Art. 5. Rights of the data subject
Pursuant to Article 13 of the Privacy Regulation, the Controller informs you that you have the right to:
- ask the Controller for access to your personal data and the rectification or erasure of the same or the restriction of processing that concerns you or to object to processing, in addition to the right to data portability
- withdraw consent at any time without prejudice to the lawfulness of processing based on the consent given before withdrawal
- lodge a complaint with a supervisory authority (e.g., the Italian Data Protection Supervisor).
The above rights may be exercised by sending a request without formalities to the addresses indicated in the Introduction
Art. 6. Changes and Miscellaneous
The Controller reserves the right to make changes to this Privacy Policy at any time, and appropriately notify users of the Website and at any rate provides adequate and similar protection of personal data. In order to view any changes, please consult this privacy policy regularly. In the event substantial changes are made to this privacy policy, the Controller may also notify you by email.