Privacy Policy - Eventi Sportivi Aziendali

Information pursuant to art. 13 of Regulation (EU) no. 679/2016 ("GDPR")

PLE di Fiori Paolo tutela la riservatezza dei dati personali e garantisce ad essi la protezione necessaria da ogni evento che possa metterli a rischio di violazione.

As required by the European Union Regulation no. 679/2016 ("GDPR"), and in particular to art. 13, below we provide the user ("Interested") with the information required by the legislation relating to the processing of their personal data.

Holder of the treatment
PLE di Fiori Paolo, Via Moia, 18 BRUGHERIO (MB)
Owner email address: info@eventsple.com

SECTION I

Types of data collected (Article 13, 1st paragraph letter a, Article 15, letter b GDPR)

Among the Personal Data collected by this Application, either independently or through third parties, there are: Cookies, Usage data, name, surname, date of birth, telephone number, address, province, email, postcode, various types of Data and city.

PLE di Fiori Paolo, nella persona del suo legale rappresentante, con sede in Via Moia 18 BRUGHERIO (MB), opera come Titolare del trattamento, è contattabile all’indirizzo info@eventsple.com e raccoglie e/o riceve le informazioni che riguardano l’Interessato, quali:

Data category

Example of the types of data

Personal data

name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile telephone, fax, tax code, e-mail address (s), date of birth, various types of data

Telematic traffic data

Log, IP address of origin.

Access to accounts on third party services

Facebook
Access to the Facebook account (this Application)

This service allows this Application to connect with the User's account on the Facebook social network, provided by Facebook, Inc.

Permissions required: Access to posts contained in the User's timeline.

Place of processing: United States - Privacy Policy.
Subject adhering to the Privacy Shield.

Instagram

Instagram is an image viewing service managed by Instagram, Inc. that allows this application to integrate such content within its pages.

Subject adhering to the Privacy Shield.

Place of processing: United States - Privacy Policy.

Statistics

The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google.

Google may use the Personal Data to contextualise and personalize the advertisements of its own advertising network.

Subject adhering to the Privacy Shield.

Place of processing: United States - Privacy Policy - Opt Out. Subject adhering to the Privacy Shield.

PLE di Fiori Paolo non richiede all’Interessato di fornire dati c.d. “particolari”, ovvero, secondo quanto previsto dal GDPR (art. 9), i dati personali che rivelino l’origine razziale o etnica, le opinioni politiche, le convinzioni religiose o filosofiche, o l’appartenenza sindacale, nonché dati genetici, dati biometrici intesi a identificare in modo univoco una persona fisica, dati relativi alla salute o alla vita sessuale o all’orientamento sessuale della persona.

Nel caso in cui la prestazione richiesta ad PLE di Fiori Paolo imponesse il trattamento di tali dati, l’Interessato riceverà preventivamente apposita informativa e sarà ad Egli richiesto di prestare apposito consenso.

The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted for any information and request:

e-mail: info@eventsple.com

Purpose of processing the collected data

The User Data is collected to allow the Owner to provide its Services, as well as for the following purposes: Access to accounts on third party services, Statistics, Contacting the User and Displaying content from external platforms.

To obtain further detailed information on the purposes of the processing and on the Personal Data that are concretely relevant to each purpose, the User can refer to the relevant sections of this document.

Facebook permissions requested by this application

This Application may require some Facebook permissions that allow it to perform actions with the User's Facebook account and to collect information, including Personal Data, from it. This service allows this Application to connect with the User's account on the Facebook social network, provided by Facebook Inc.

For more information on the following permissions, refer to the Facebook permissions documentation and to the privacy policy of Facebook.

The required permissions are as follows:

Basic information

Access to posts contained in the User's timeline

Provides access to posts on a User's timeline.

SECTION II

For what purposes do we need the data of the interested party (Article 13, 1st paragraph of the GDPR)

I dati servono al Titolare per dar seguito alla richiesta di iscrizione anagrafica ed al contratto di fornitura del Servizio prescelto, gestire ed eseguire le richieste di contatto inoltrate dall’Interessato, fornire assistenza, adempiere agli obblighi di legge e regolamentari cui il Titolare è tenuto in funzione dell’attività esercitata. In nessun caso PLE di Fiori Paolo rivende i dati personali dell’Interessato a terzi né li utilizza per finalità non dichiarate.

In particular, the data of the interested party will be processed for:

registration and requests for contact and / or information material

The processing of the personal data of the interested party takes place to carry out the preliminary activities and consequent to the request for registration, the management of requests for information and contact and / or sending of informative material, as well as for the fulfillment of any other obligation. resulting.

The legal basis of these treatments is the fulfillment of the services related to the request for registration, information and contact and / or sending information material and compliance with legal obligations.

The management of the contractual relationship

The processing of the personal data of the interested party takes place to carry out the preliminary activities and consequent to the purchase of a Service, the management of the related order, the provision of the Service itself, the related invoicing and payment management, the handling of complaints and / or reports to the assistance service and the provision of assistance itself, the prevention of fraud as well as the fulfillment of any other obligation deriving from the contract.

The legal basis of these treatments is the fulfillment of the services inherent to the contractual relationship and compliance with legal obligations.

promotional activities on services similar to those purchased by the interested party (Recital 47 GDPR)

The data controller, even without his explicit consent, may use the contact details communicated by the interested party, for the purpose of direct sales of his own Services, limited to the case in which they are services similar to those being sold, unless that the interested party does not explicitly object.

commercial promotion activities on services other than those purchased by the interested party

The personal data of the interested party may also be processed for commercial promotion purposes, for surveys and market research with regard to Services that the Data Controller offers only if the interested party has authorized the processing and does not object to this.

This treatment can take place, in an automated way, in the following ways:

e-mail;

sms;

telephone contact

and can be done:

if the interested party has not revoked his consent for the use of the data;

if, in the event that the processing is carried out through contact with a telephone operator, the interested party is not registered in the register of oppositions referred to in the Presidential Decree n. 178/2010;

The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time (see Section III).

IT security

The Data Controller, in line with the provisions of Recital 49 of the GDPR, processes, also through its suppliers (third parties and / or recipients), the personal data of the interested party relating to traffic to an extent strictly necessary and proportionate to guarantee the security of networks and information, i.e. the ability of a network or information system to withstand, at a given level of security, unforeseen events or illegal or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted.

The Data Controller will promptly inform the Data Subjects, if there is a particular risk of violation of their data, without prejudice to the obligations deriving from the provisions of art. 33 of the GDPR relating to notifications of personal data breaches.

Base giuridica di tali trattamenti è il rispetto di obblighi di legge ed il legittimo interesse del Titolare ad effettuare trattamenti inerenti a finalità di tutela del patrimonio aziendale e sicurezza delle sedi e sistemi di PLE di Fiori Paolo.

Profiling

The personal data of the interested party may also be processed for the purpose of profiling (such as analysis of the transmitted data and the selected Services, proposing advertising messages and / or commercial proposals in line with the choices made by the users themselves) only if the interested party has provided explicit and informed consent. The legal basis of these treatments is the consent given by the interested party prior to the treatment itself, which can be revoked by the interested party freely and at any time (see Section III).

Fraud prevention (recital 47 and art.22 GDPR)

• the personal data of the interested party, with the exception of particular (Art 9 GDPR) or judicial data (Art 10 GDPR), will be processed to allow controls for the purpose of monitoring and preventing fraudulent payments, by software systems that perform a verification in an automated way and prior to the negotiation of Services;

• passing these checks with a negative result will make it impossible to carry out the transaction; the interested party may in any case express their opinion, obtain an explanation or contest the decision by giving reasons for their reasons to the Customer Support service or to the contact info@eventsple.com;

• personal data collected solely for anti-fraud purposes, unlike data necessary for the correct execution of the requested service, will be immediately deleted at the end of the control phases.

the protection of minors

The Services / Products offered by the Data Controller are reserved for subjects legally able, on the basis of the relevant national legislation, to conclude contractual obligations.

The Data Controller, in order to prevent illegitimate access to its services, implements prevention measures to protect its legitimate interest, such as the control of the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data identification of identity documents issued by the competent authorities.

Communication to third parties and categories of recipients (Article 13, 1st paragraph of the GDPR)

The communication of the data subject's personal data takes place mainly towards third parties and / or recipients whose activities are necessary for the performance of the activities related to the relationship established and to respond to certain legal obligations, such as:

Categories of recipients

Purpose

Terzi fornitori e Società di PLE di Fiori Paolo*

Provision of services (assistance, maintenance, delivery / shipment of products, provision of additional services, suppliers of networks and electronic communications services) connected to the requested service

Credit and digital payment institutions, banking or postal institutions

Management of receipts, payments, refunds related to

contractual performance

External professionals / consultants and consulting firms

Fulfillment of legal obligations, exercise of rights,

protection of contractual rights, credit recovery

Financial administration, public bodies, authorities

Judicial, supervisory and control authority

Fulfillment of legal obligations, defense of rights; lists and

registers kept by public authorities or similar bodies on the basis of specific legislation, in relation to the contractual performance

Subjects formally delegated or having a recognized legal title

Legal representatives, curators, guardians, etc.

* The Data Controller requires its third party suppliers and data processors to comply with security measures equal to those adopted for the interested party, restricting the perimeter of action of the manager to the processing related to the requested service.

The Data Controller does not transfer the customer's personal data to countries where the GDPR is not applied (non-EU countries), unless otherwise specified, for which he will be informed in advance and, if necessary, his consent will be requested.

Base giuridica di tali trattamenti è l’adempimento delle prestazioni inerenti al rapporto instaurato, il rispetto di obblighi di legge e il legittimo interesse di PLE di Fiori Paolo a effettuare trattamenti necessari a tali finalità.

SECTION III

What happens if the interested party does not provide his data identified as necessary for the performance of the requested service? (Article 13, paragraph 2, letter and GDPR)

The collection and processing of personal data is necessary to follow up on the requested services as well as the provision of the Service and / or the supply of the requested Product. If the interested party does not provide the personal data expressly provided as necessary in the order form or the registration form, the Data Controller will not be able to process the processing related to the management of the requested services and / or the contract and the Services / Products connected to it, nor to the obligations that depend on them.

What happens if the Data Subject does not provide consent to the processing of personal data for commercial promotion activities on Services / Products other than those purchased?

In the event that the interested party does not give his consent to the processing of personal data for these purposes, said processing will not take place for the same purposes, without this having effects on the provision of the requested services, nor for those for which he already has given their consent, if required.

In the event that the interested party has given consent and should subsequently revoke it or oppose the processing for commercial promotion activities, his data will no longer be processed for these activities, without this having consequences or prejudicial effects for the interested party and for the required performance.

How we process the data of the interested party (Article 32 of the GDPR)

The Data Controller provides for the use of adequate security measures in order to preserve the confidentiality, integrity and availability of the data subject's personal data and imposes similar security measures on third party suppliers and Managers.

Where we process the data of the interested party

The personal data of the interested party are stored in paper, computer and telematic archives located in countries where the GDPR is applied (EU countries).

How we process the data of the interested party (Article 32 of the GDPR)

In particular, with regard to the management and provision of services related to the contact requests sent by the interested party, such data will be kept for no longer than a maximum period of 12 months; furthermore, in case of adherence to the contract, they will be kept for the entire duration of the contract itself and in any case no later than a maximum period of 12 (twelve) months from the last of the active Services and connected to it, or if, within this period, result of the active and / or purchased Services of the Products through the contract.

In the case of data provided to the Data Controller for the purposes of commercial promotion for services other than those already acquired by the interested party, for which he initially gave his consent, these will be kept for 24 months, unless the consent given is revoked.

In the case of data provided to the Data Controller for profiling purposes, these will be kept for 12 months, unless the consent given is revoked.

Occorre inoltre aggiungere che, nel caso in cui un utente inoltri a Iscos Formazione dati personali non richiesti o non necessari al fine dell’esecuzione della prestazione richiesta ovvero all’erogazione di un servizio ad essa strettamente connessa, PLE di Fiori Paolo non potrà essere considerata titolare di questi dati, e provvederà alla loro cancellazione nel più breve tempo possibile.

Regardless of the determination of the interested party to remove them, personal data will in any case be stored according to the terms provided for by current legislation and / or national regulations, for the exclusive purpose of guaranteeing the specific obligations of some Services (by way of example but not exhaustive, Certified Electronic Mail, Digital Signature - in this regard see the relevant section).

Furthermore, personal data will in any case be kept for the fulfillment of obligations (eg tax and accounting) that remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes, the Data Controller will only keep the data necessary for its prosecution.

The cases in which the rights deriving from the contract and / or from the registration in the registry are valid, in which case the personal data of the interested party, exclusively those necessary for these purposes, will be processed for the time necessary to their pursuit.

What are the rights of the interested party? (articles 15 - 20 GDPR)

The interested party has the right to obtain from the data controller the following:

confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information:

the purposes of the processing;

the categories of personal data in question;

the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations;

when possible, the retention period of personal data provided or, if not possible, the criteria used to determine this period;

the existence of the right of the interested party to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;

the right to lodge a complaint with a supervisory authority;

if the data are not collected from the data subject, all available information on their origin;

the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.

the adequate guarantees provided by the third country (non-EU) or an international organization to protect any data transferred

the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; In the event of further copies requested by the interested party, the data controller may charge a reasonable fee based on administrative costs.

the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay

the right to obtain from the data controller the deletion of personal data concerning him without undue delay, if the reasons provided by the GDPR in art. 17, including, for example, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, and the conditions provided for by law always exist; and in any case if the processing is not justified by another equally legitimate reason;

the right to obtain from the data controller the limitation of processing, in the cases provided for by art. 18 of the GDPR, for example where it has contested its accuracy, for the period necessary for the Data Controller to verify its accuracy. The interested party must be informed, in a reasonable time, even when the suspension period has expired or the cause of the limitation of the processing has ceased, and therefore the limitation itself has been revoked;

the right to obtain communication from the owner of the recipients to whom the requests for any corrections or cancellations or limitations of the processing carried out have been transmitted, unless this proves impossible or involves a disproportionate effort.

the right to receive personal data concerning him in a structured format, commonly used and readable by automatic device and the right to transmit such data to another data controller without impediments by the data controller to whom he provided them, in cases provided for by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to the other, if technically feasible.

For any further information and in any case to send the request, please contact the Owner at info@eventsple.com. In order to ensure that the aforementioned rights are exercised by the interested party and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.

How and when can the interested party oppose the processing of their personal data? (Art. 21 GDPR)

For reasons relating to the particular situation of the interested party, the same may object at any time to the processing of their personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending the request to the Data Controller at info@eventsple.com.

The interested party has the right to have their personal data deleted, if there is no legitimate overriding reason of the Data Controller with respect to the one that gave rise to the request, and in any case in the event that the interested party has opposed the processing for commercial promotion activities.

Who can the interested party lodge a complaint with? (Art. 15 GDPR)

Without prejudice to any other administrative or judicial action, the interested party may lodge a complaint with the competent supervisory authority in the Italian territory (Authority for the protection of personal data) or the one that carries out its duties and exercises its powers in the Member State where the violation of the GDPR has occurred.

Any update of this Information will be communicated promptly and by appropriate means and will also be communicated if the Data Controller processes the data of the interested party for purposes other than those referred to in this Information before proceeding and following the manifestation of the relative consent of the Interested if necessary.

Contact us now