Policy on personal data processing for direct marketing purposes

 

1. Data Controller (person or company determining the purposes and means of personal data processing).

Data Controller is VENTICENTO SRL, with registered office in Via Pagano, 71 – 20145 Milan – Italy, Tax Code and VAT number 04989530961, email: info@venticento.com, Phone +39 02.84.98.00.50.

Other offices: via Ludovico Ariosto, 21 – 20091 Bresso (Milan-IT)

Data-protection Officer- DPO: Data Controller has appointed its own Data-protection Officer, to whom data subjects may refer in order to exercise their rights as set forth in articles 15-21 of the GDPR (right to access, rectify and delete data, right to restrict processing, right to data portability and right to oppose processing, as well as to revoke any consent previously granted). In the event that there is no response to a data subject’s request, a data subject may lodge a complaint with the Supervisory Authority duly appointed with regard to protecting personal data (GDPR – Art.13(2)(d)).

Data-protection officer can be reached at the following email address: privacy.dpo@Venticento.com

2.2 – Contacts – Purposes and legal basis for processing

The optional, explicit and voluntary sending of an email and/or a letter through the postal system to the addresses indicated on the Contacts section on this site, leads to the subsequent acquisition of the sender’s first name and last name and email address, which is needed in order to respond to his/her request. Any other personal data (phone number, job title, company name) and personal content given in the email or letter will also be acquired.

These data are processed by the Data Controller after receiving a freely given and explicit consent by the sender for the following purposes:

  • to answer the requests submitted by the sender
  • for the following marketing purposes: (i) to send out (via e-mail, mail, telephone, text and push messages) newsletters, commercial communications and/or advertising material of products or services marketed by Data Controller and to carry out activities to rate customer satisfaction; (ii) to send out (via e-mail, mail, telephone, text and push messages) newsletters, commercial communications and/or advertising material of products or services marketed by Third Parties in partnership with Data Controller (as an example but not limited to: companies whose logos are displayed in the “PARTNERSHIP” section)

The sender can reach Venticento out by filling the following forms out on this website:

  • Contact request (First Name, Last Name, Company, Email address, Phone number)
  • Chat

The legal basis for data processing for these purposes is the specific free and informed consent of the data subjects (GDPR-Art. 6 (1)(a)).

If the consent is not granted, the data subjects cannot receive updates on the Data Controller’s activity, neither commercial communication relative to products or services provided by the Data Controller and by his business partners.

The data subject has the right to withdraw his or her consent at any time; this withdrawal shall not affect the lawfulness of processing based on consent before his/her withdrawal.

2.2.2 – Communication scope (GDPR-Art.13(1)(e) and (f))

Data may be processed exclusively by internal personnel, regularly authorized and trained to process such data (GDPR-Art.29). Data will not be communicated to any other party, nor disclosed or transferred to a country outside of the EU. It is possible, anyway, that data can be communicated to entities involved in the sender request (appointed in this case as vendor or supplier).

Transfer of personal data to a third country

In case a transfer of personal data to a third country is necessary due to the corporate seat of some servers or clouds in countries that, according to the European Commission, do not ensure an adequate level of protection, Data Controller will ensure that appropriate safeguards are provided for and enforceable data rights and effective legal remedies are available.

Data of data subjects, if transferred to countries outside the European Union, will always be processed in accordance with the principles set out in GDPR -Art. 45 and 46 regarding the existence of an adequacy decision by the European Commission.

Consequently, we take appropriate measures to ensure that personal data is protected; for example, where required, our service providers sign standard contractual clauses approved by the European Commission or other supervisory authorities.

2.2.3 – Data retention period (GDPR-Art.13(2)(a))

Data that are processed to answer the requests submitted by the sender will be retained for the time needed by the purposes for which they were gathered.

Data that are processed for marketing purposes will be retained until the withdrawal of the consent.