Skip links
 

Privacy Policy

The company Asacert Srl whose registered office is located in Via Vittorio Veneto 2, 20032 Cormano (MI) and VAT number 04484450962 (subsequently described with the term “Owner” or “ASACERT”), as data controller, informs you , pursuant to EU Regulation no. 2016/679 (later abbreviated to “GDPR”) that your data will be used in the following ways and for the following purposes:

OBJECT OF THE TREATMENT

The Data Controller processes personal identifying data (e.g. name and surname, telephone number, email address, payment details) – hereinafter we will refer to these with the terms “personal data” or also “data” – communicated by you at the conclusion of each contract or if these data are required to carry out a function requested by you (e.g.: filling out the contact form on the website).

PURPOSE OF THE TREATMENT

Your personal data will be used:

1. Without your express consent, as indicated in article 6 letter. b), e) of the GDPR, for the following Service Purposes:

      • Conclude contracts for the Owner’s services;
      • Fulfill pre-contractual, contractual and tax obligations deriving from existing relationships with you;
      • Fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for example in the field of anti-money laundering);
      • Exercise the rights of the Owner, for example the right of defense in court;

2. Only with your specific and distinct consent (art. 7 GDPR), for the following communications via e-mail / post / telephone contacts / newsletters of:

      • commercial communications and/or advertising material on products or services offered by the Owner and concessions and incentives relating to the same;
      • detection of the degree of satisfaction with the quality of services;
      • Events, training courses and initiatives;

PROCESSING METHODS

The processing of your personal data is carried out by means of the operations indicated in article 4 n. 2) GDPR and precisely: collection, recording, organisation, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is processed both in paper form and in electronic and/or automated form.

The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of the data for the Marketing Purposes.

ACCESS TO DATA

Your data may be made accessible, for the purposes referred to in point C., to employees and collaborators of the Data Controller, in their capacity as internal data processors and/or managers and/or system administrators.

Without the need for express consent, see article 6 letter. b) and c) GDPR, the Data Controller may communicate your data for the purposes referred to in point B.1 to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to all subjects to whom the communication is mandatory by law for the fulfillment of the aforementioned purposes. These subjects will process the data in their capacity as independent data controllers. Your data will not be disclosed.

DATA TRANSFER

Personal data is stored on servers located in Cormano (MI), within the European Union. In any case, it is understood that the Owner, where necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures, as of now, that the transfer of non-EU data will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF REFUSING TO RESPOND

The provision of data for the purposes referred to in point B.1 is mandatory. In their absence, we will not be able to guarantee the Services in point B.1.

The provision of data for the purposes referred to in point B.2 is optional. You can therefore decide not to provide any data or to deny, at a later time, the right to process data previously provided: in this case, you will not receive newsletters, commercial communications and advertising materials relating to the Services offered by the Owner. You will however continue to be entitled to the Services referred to in point B.1.

RIGHTS OF THE INTERESTED PARTY

In your capacity as an interested party, you have the access rights referred to in the articles. 15-21 GDPR, i.e. right of access, right of rectification, right of cancellation (“right to be forgotten”), right of limitation of processing, right of data portability, right of opposition, as well as the right of complaint to the Authority Guarantor.

And precisely the rights of:

  • Obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
  • Get the indication;
  • Of the origin of the personal data;
  • The purposes and methods of processing;
  • Of the logic applied in case of processing carried out with the aid of electronic instruments;
  • The identification details of the owner, managers and representative designated pursuant to article 3, paragraph 1, GDPR;
  • Of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or appointees.
  • Obtain:
  • The updating, rectification or, when interested, integration of the data;
  • The cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
  • The certification that the operations carried out have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of clearly disproportionate to the protected right.
  • Oppose, totally or partially;
  • For legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of the collection;
  • To the processing of personal data concerning you for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator through and -mail and/or through traditional marketing methods via telephone and/or paper mail. Please note that the right of opposition of the interested party for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility for the interested party to exercise the right of opposition even only in part remains intact. Therefore, the interested party can decide to receive only communications via traditional methods or only automated communications or neither of the two types of communication.

METHOD OF EXERCISE OF RIGHTS

To exercise your rights you can contact the data controller by sending:

  • a registered letter with return receipt. to Asacert srl, via Vittorio Veneto 2, 20032 Cormano (MI) – Italy
  • an email to dpo@asacert.com

RESPONSIBLE OWNER AND PERSONS IN CHARGE

  1. The data controller is Asacert S.r.l. with registered office and operational headquarters in via Vittorio Veneto 2, 20032 Cormano (MI) – Italy.
  2. The updated list of data controllers and persons in charge of processing is kept at the registered office of the Data Controller.