Information notice pursuant to Art. 13 of the Regulation (EU) 2016/679 (“GDPR”) – Information to be provided where personal data are collected from the data subject
According to Regulation (EU) 2016/679 (General Data Protection Regulation) we provide you with the due information concerning the processing of the collected personal data. This information is not valid for other web sites which might be visited through links contained in all the web sites of data controller’s domain name. The data controller shall not be considered responsible for third parties’ web sites.
Personal data that can be treated: “ personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30 Reg. UE 679/2016).
Specific Information: specific information may be find on the Site page in relation to particular services or processing of the data provided.
The specific policy regarding cookies is available to the following link: cookies policy.
- PURPOSES AND LAWFULNESS OF THE PROCESSING
Your personal data shall be processed in accordance to the requirements for the lawfulness of processing set forth by Art. 6 lett. b) del of the Regulation (EU) 2016/679 for the following purposes:
- A) Data processing for (art.6.b):
– browsing on this website;
– to fill in the form with the required personal data to answer to your contact request and to send you the required information;
– to register on the current website and to access to reserved areas for using some contents in the website;
– for administrative and accounting activities in general. Data processing for administrative and accounting purposes are those related to organizational, administrative, financial and accounting activities regardless of the nature of data processed. In particular, internal organizational activities, those following contractual obligations’ fulfilment and information activities are related to these purposes.
- B) Data processing for (art.6.a):
– prior consent and until opposition, for newsletter subscription in order to receive communication relating to products, events and novelty of STONEX SRL. The data will be entered in the CRM of the company to compare and possibly improve the results of communications, to use systems for sending newsletters and promotional communications with reports. Thanks to the reports, the Data Controller will be able to know, for example: the number of readers, openings, unique “clickers” and clicks; the devices and operating systems used to read the communication; the detail on the activity of individual users; the details of the emails sent, e-mail delivered or not, of those forwarded. All these data are used for the purpose of comparing, and possibly improving, the results of communications.
- RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Personal data provided by you may be communicated to recipients, appointed pursuant to art. 28 of the Regulation EU 2016/679, which shall process your data as processors and/or persons acting under the authority of the Controller and the Processor, in order to perform agreements or related purposes. Precisely, your data may be communicated to recipients part of the following categories: – management services providers of IT systems and communication networks of Stonex Srl (including emails); – advisory and consultancy firms and companies; – competent Authorities for the fulfillment of obligations of law, if required; – in case of administrative accounting purposes, the data may be sent to commercial information companies for the assessment of solvency and payment habits and / or subjects for debts collection purposes.
- DATA TRANSFER TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANISATION
- DATA RETENTION PERIOD OR RELEVANT CRITERIA
The processing shall be carried out in automated and / or manual manner, with methods and tools aimed at ensuring the best security and confidentiality, by persons specifically appointed to do so.
According to the provisions set forth in art. 5 par. 1 lett. e) of the Regulation EU 2016/679, collected personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Data retention period depends on the purposes:
– to visit the current internet website (temporary);
– request for contact, information and appointment reservation (1 year maximum);
– newsletter or promotional communication by e-mail (24 months maximum).
- NATURE OF DATA PROVISION AND REFUSAL
With exception of what above specified concerning navigation data, the User is free to provide personal data.
The provision of personal data for purpose A) is necessary to perform the function be able to use the services offered by data Controller. The non submittal of personal data may the result the impossibility to obtain the required services. The provision of personal data for purpose B) is optional. The non submittal of personal data may make it impossible to send – by newsletter/ mailing list and/or e-mail – promotional, commercial, informative communication and/or offerts related to products, events, novelty of Stonex Srl.
- DATA SUBJECT’S RIGHTS
You have the right, at any time, to request the data Controller to access, rectify, cancel your personal data or limit their processing. Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing, e.g. profiling) and to the portability of your data.
Without prejudice to any other administrative and judicial appeal, if you believe that the processing of your data violates the provisions of Regulation EU 2016/679, pursuant to art. 15 letter f) of the aforementioned Regulation EU 2016/679, you have the right to lodge a complaint with the Data Protection Authority and, with reference to art. 6 paragraph 1, letter a) and art. 9 paragraph 2, letter a), you have the right to withdraw the consent given at any time.
In case of request of data portability the Controller shall provide you with your personal data in a structured, commonly used and machine-readable format, subject to the provisions set forth in paragraphs 3 and 4 of art. 20 of Regulation EU 2016/679.