Privacy Policy

European Regulation 679/2016 GDPR

1. Data Controller

ABC Rete di Impresa, with registered office in via Gianbattista Morgagni, 30, 37135 Verona (VR), CF and P. Iva04463290231 (hereinafter, ‘Owner’ or ‘ABC’), as Data Controller, informs pursuant to Articles 13 and 14 of EU Regulation no. 2016/679 (hereinafter, ‘GDPR’) that the Data of natural persons resident in the European Union (hereinafter, ‘Client’ or ‘Data Subject’), of which the company has come into possession during the course of its activities, will be processed in the following manner and for the following purposes.

2. Object of Treatment

The Data Controller processes personal data (e.g. name, surname, tax code, email, telephone number, etc., hereinafter referred to as ‘personal data’ or ‘data’) acquired, even verbally, or communicated by the Data Subject when registering on the website and/or subscribing to the Data Controller’s newsletter service or when executing a contract to which the Data Subject is a party.

3. Legal basis and Purpose of Processing

Personal data are processed:
A) Without the express consent of the Data Subject (Art. 6 letter B of the GDPR), in order to achieve the object of the Controller, in particular:
  • fulfil pre-contractual, contractual and tax obligations arising from existing relations with the Customer;
  • comply with obligations laid down by law, regulation, Community legislation Community legislation or by order of the Authority;
  • allow subscription to the newsletter service provided by the Controller and any further Services possibly requested;
  • exercise the rights of the Controller.
B) Subject to the specific consent of the data subject (Art. 6 letter A of the GDPR), by means of specific and separate from this, for the purposes indicated therein.
Please note that ABC customers may be sent commercial communications relating to services and products of the Controller similar to those already used by the Customer, unless expressly dissenting of the Interested Party.

4. Modalities of Treatment

The processing of the Customer’s personal data is carried out by means of the operations indicated in Art. 4 no. 2 of the GDPR, namely: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subject to both paper and electronic processing.

The Data Controller shall process personal data for the time necessary to fulfil the purposes set out in Art. 3 of this notice and in any case for no longer than 10 years from the termination of the relationship with the Customer. The data collected and not subject to storage determined by law will be kept for no longer than 2 years from the termination of the relationship with the interested party.

The data will also be processed in compliance with the principle of confidentiality and security; in particular, all technical, IT, organisational and procedural security measures will be taken so that the adequate level of data protection indicated in Article 32 of the GDPR is ensured.

5. Data Access

The Customer’s data may be made accessible for the purposes set out in Articles 3.A) and 3.B) of this information notice:
  • employees and collaborators of the Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators;
  • third parties (e.g. providers for the management and maintenance of the website, suppliers, credit institutions credit institutions, professional firms, etc.) that carry out activities in outsourcing on behalf of the Controller, in their their capacity as external data processors.

6. Data Communication

Without the Customer’s express consent (Art. 6 letters b) and c) of the GDPR), the Controller may communicate the data for the purposes set out in Article 3.A) of this policy to supervisory bodies, judicial authorities as well as to all other subjects to whom communication is obligatory by law or necessary for the fulfilment of of the said purposes.

7. Transfer of Data

The management and storage of personal data will take place on the Controller’s servers located within the European Union and/or of third party companies appointed and duly designated as Data Processors. processors. The servers are currently located in Italy. The data will not be transferred outside the the European Union. It is in any case understood that the Data Controller, where necessary, shall have the right to move the location of the servers to Italy and/or the European Union and/or countries outside the EU. In this case, the Data Controller assures as of now that the transfer of data outside the EU will take place in compliance with the applicable legal provisions applicable laws by entering into, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided for by the European Commission.

8. Nature of provision of Data and consequences of refusal to respond

The provision of data for the purposes set forth in Article 3.A) of this policy is mandatory. Failure to provide it will make it impossible for ABC to follow up on the existing relationship with the Data Subject.

9. Rights of the data subject

As a data subject, you have the rights set out in Articles 15 – 21 of the GDPR, namely the rights to:
  1. obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet recorded, and their communication in intelligible form;
  2. get the indication:
    1. the origin of personal data;
    2. the purposes and modalities of the processing;
    3. the logic applied in the event of processing carried out with the aid of electronic instruments;
    4. the identification details of the owner, the managers and the designated representative;
    5. of the entities or categories of entity to whom or which the personal data may be communicated or who or which may become aware of them in their capacity as designated representative(s) in the territory of the State, data processor(s) or person(s) in charge of processing;
  3. obtain:
    1. updating, rectification or, when interested, integration of the data;
    2. the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
    3. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
  4. oppose it, in whole or in part:
    1. for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of collection;
    2. to the processing of personal data concerning him/her for the purposes of sending advertising or direct sales material or for the performance of market research or commercial communications, through the use of automated calling systems without the intervention of an operator by email and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the data subject’s right to object, as set out in point b) above, for direct marketing purposes by automated means extends to traditional marketing methods and that, in any case, the data subject’s right to object may also be exercised in part. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.
Where applicable, the Customer therefore has the rights set out in Articles 15-21 of the GDPR, namely the right of access, the right of rectification, the right to be forgotten, the right to restriction of processing, the right to data portability, the right to object, as well as the right to complain to a Supervisory Authority.

10. Methods of exercising rights

Clients may exercise their rights at any time by sending:
– a registered letter A/R to ABC Rete di Impresa, via Gianbattista Morgagni 30, 37135 Verona (VR);
– an e-mail to [email protected]
– a PEC to [email protected]

11. Minors

The Owner’s Services are not intended for minors under the age of 18, and the Owner does not intentionally collect personal information referring to minors. In the event that information about minors is inadvertently recorded, the Owner will delete it in a timely manner upon the request of the data subject.

12. Owner, manager and appointees

The Data Controller is ABC Business Network in the name of its legal representative. The updated list of data processors and processors is kept at the Data Controller’s office.

13. Amendments to this Notice

This Policy is subject to change. Therefore, we recommend that you also regularly check this Policy on our website and refer to the most up-to-date version.