Privacy Policy
Privacy Policy
The company Asacert Assessment & Certification SpA benefit company whose registered office is located in Piazzetta Umberto Giordano 2, 20122 MILANO e P.IVA 04484450962 (subsequently described as “Data Controller” or “Asacert”), as data controller, informs you pursuant to EU Regulation n. 2016/679 (then abbreviated as “GDPR”) that your data will be used in the following ways and for the following purposes:
Subject of the Treatment
The Data Controller processes personal identification data (e.g.: name and surname, telephone number, email address, payment details) – these will be referred to as “personal informations” or also “data” – communicated by you at the conclusion of any contract or if these data are required for the performance of a function requested by you (e.g.: filling out the contact form on the website).
Purpose of the processing
Your personal data will be used:
- Without your express consent, as indicated by Article 6 letter b) and e) of the GDPR, for the following Service Purposes:
– Conclude contracts for the services of the owner;
– To fulfil pre-contractual, contractual and tax obligations deriving from existing relations with you;
– Comply with obligations under the law, a regulation, EU legislation or an order of the Authority (such as anti-money laundering);
– Exercise the rights of the owner, for example the right to defend himself in court;
- Only with your specific and distinct consent (art. 7 GDPR), for the following communications via e-mail/ mail/ telephone contacts/ newsletters of:
– commercial communications and/or advertising material on products or services offered by the owner and related facilities and incentives;
– Measurement of satisfaction with the quality of services;
– Events, training courses and initiatives;
Processing methods
The processing of your personal data is carried out by means of the operations indicated in Article 4 n. 2) GDPR, specifically: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data is processed both in paper form and in electronic and/or automated form.
The owner process personal data for the time necessary to fulfill the above purposes and in any case for no longer than 10 years from the termination of the relationship for the Service Purposes and for no longer than 2 years from the collection of data for Marketing Purposes.
Access to data
Your data may be made accessible, for the purposes mentioned above to employees and collaborators of the owner, in their capacity as internal processors and/or system administrators.Without the need for express consent, see Article 6 lett. b) and c) GDPR, the owner may disclose your data to supervisory bodies, judicial authorities, as well as to all subjects to whom disclosure is mandatory by law for the accomplishment of these purposes. These people will process the data in their capacity as autonomous controllers of the processing. Your data will not be disclosed.
Data transfer
Personal details is stored on servers located in the Italian territory, Asacert Assessment & Certification Spa for the storage of its own data and the data provided uses a cloud service within the European Union. It is understood that the Owner, if necessary, will be able to move servers also outside of the EU. In this case, the Data Controller ensures that the transfer of the extra-EU data will be carried out in accordance with the applicable legal provisions, After the conclusion of the standard contractual clauses provided by the European Commission.
Nature of the provision of data and consequences of refusal to respond
The provision of data for the purposes referred to in “Purpose of processing” point 1 is mandatory.
The provision of data for the purposes referred to in “Purpose of processing” point 2 is optional. You can then decide not to provide any data or to deny, at a later time, the right to process previously provided data: in this case, you will not receive newsletters, commercial communications and advertising materials related to the Services offered by the Owner. You will still be entitled to the Services referred to in point 1.
Rights of the data subject
As a data subject, you have the access rights set out in Articles. 15-21 GDPR, namely right of access, right to rectification, right to deletion (“right to be forgotten”), right to restriction of processing, right to data portability, right of opposition, as well as the right to complain to the Supervisory Authority.
Specifically the rights of:
Obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
Get the indication:
The origin of personal details;
The purposes and methods of processing;
The logic applied in case of processing carried out with the help of electronic tools;
The identification details of the owner, the responsible persons and the representative designated pursuant to article 3, paragraph 1, GDPR;
The people or categories of people to whom personal data may be communicated or who may become aware of it as a designated representative in the territory of the State, The Commission has not yet taken a decision on the matter.
Obtain:
Updating, rectification or, where relevant, integration of data;
The deletion, transformation into anonymous form or blocking of data processed in violation of law, including those for which retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
The attestation that the operations carried out have been made known, including as regards their content, to those to whom the data were communicated or disseminated, except where such fulfilment proves impossible or involves the use of means manifestly disproportionate to the right protected.
To oppose, in whole or in part:
For legitimate reasons to the processing of personal data concerning you, even if relevant to the purpose of the collection;
To the processing of personal details a concerning you for the purpose of sending advertising or direct sales material or for the completion of market research or commercial communication, by the use of automated calling systems without the intervention of an operator via e-mail and/or traditional marketing methods via telephone and/or paper mail
Please note that the right of opposition of the interested party for direct marketing purposes by automated means extends to traditional methods and that in any case it is subject to the Possibility for the data subject to exercise the right of opposition, even partially. Therefore, the data subject may choose to receive communications only through traditional means or only automated communications or neither of the two types of communication.
Modalities for the exercise of rights
For the exercise of your rights you can contact the owner by sending:
– a registered A.R. at Asacert Assessement & Certification SpA, Via Vittorio Veneto 2, 20032 Cormano (MI)
– an e-mail to info@asacert.com
Owner, responsible and persons in charge
The data controller is Asacert Assessment & Certification SpA with registered office in Piazzetta Umberto Giordano 2, 20122 Milano – Italia and official address in Via Vittorio Veneto 2, 20032 Cormano (MI)
The updated list of data processors and persons in charge of processing is kept at the registered office of the Data Controller.