Privacy Statement for www.centervue.com
1. Scope of Data processing
The Data Controller processes personal identification and non-sensitive data (in particular, name, surname, e-mail, telephone number, IP address, etc.. – hereinafter “Data” or “Personal Data”) communicated by you when browsing the website of the Data Controller www.centervue.com (hereinafter “Site”) and/or in the event of a request for contact sent to the Data Controller, through the use of the same Site.
2. Purposes and Legal Basis of Data Processing
Your data are processed, without your prior consent, for the following purposes:
a) the execution of the contract or the fulfilment of pre-contractual commitments, in particular:
- handle a contact request from you;
- manage and maintain the Site;
b) the pursuit of a legitimate interest of the Data Controller, in particular:
- prevent or detect fraudulent activity or abuse that is harmful to the Site;
- exercise the rights of the Data Controller, for example the right of defence in court.
3. Processing methods
The processing of your data is carried out – electronically – by means of the operations of collection, recording, updating, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, cancellation and destruction of data.
4. Data Retention
The Data Controller processes the Data for the time necessary to respond to your request and fulfil the purposes mentioned above and in any case for no longer than 1 year from the collection for contact data and no later than 6 months from the collection for navigation data.
5. Access to Data
Your Data may be accessed for the purposes mentioned above:
- employees and/or collaborators of the Data Controller, in their capacity as authorised data processors and/or internal company data processors and/or system administrators;
- third party companies or other subjects (for example, IT service providers, suppliers, credit institutions, professional studios, etc.) that carry out activities in outsourcing on behalf of the Data Controller, in their capacity as external data processors.
6. Data Communication
Your data may be communicated, even without your consent, for the purposes mentioned above to control bodies, law enforcement agencies or the judiciary that will process them, at their express request, as independent data controllers for institutional purposes and/or under the law during investigations and controls. Your data may also be communicated to third parties (for example, partners, professionals, agents, etc.), as independent data controllers, for the performance of activities instrumental to the purposes mentioned above.
7. Data transfer
Data are not disclosed but may be transferred for the above purposes to non-EU countries. In order to ensure an adequate level of protection of Personal Data, the transfer will be made by virtue of the adequacy decisions approved by the European Commission or the adoption, by the Data Controller, of the Standard Contract Clauses prepared by the European Commission.
8. Nature of data provision and consequences of refusal to respond
The provision of Data is required to send a request for contact to the Data Controller. If you decide not to provide the data, we cannot follow up your request.
9. Rights of the data subject
We inform you that, as an interested party, you have the right to:
- obtain confirmation over the existence or inexistence of Personal Data related to you, even if not yet registered, and their communication in a comprehensible way;
- obtain indication and, if necessary, the copy of the: a) source and category of the Personal Data; b) the logic applied in the case of processing carried out with the aid of electronic instruments; c) the purposes and methods of processing; d) the identification data concerning the Data Controller and data processors; e) subjects or categories of subjects to whom Personal Data may be communicated or who may come to know, in particular if recipients are extra-EU countries or international organizations; f) where possible, the period of storage of the Data or the criteria used to determine such period; g) the existence of an automated decision-making process and in this case the logic used, the importance and consequences for the person concerned; h) the existence of adequate safeguards in the event of transfer of the Data to a non-EU country or to an international organization;
- obtain, without undue delay, the updating and rectification of inaccurate Data or, where interested therein, the integration of incomplete Data;
- obtain the deletion, transformation into anonymous form or blocking of the Data: a) unlawfully processed; b) no longer necessary in relation to the purposes for which it was collected or subsequently processed; c) in the event of revocation of the consent on which the processing is based and if there is no other legal basis; d) if it has opposed the processing and there is no overriding legitimate reason to continue the processing; e) in the event of compliance with a legal obligation; f) in the case of Data relating to minors. The Data Controller may refuse the deletion only in the case of: a) exercise of the right to freedom of expression and information; b) fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) filing in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in court;
- obtain the limitation of the processing in the case of: a) contestation of the accuracy of the Personal Data; b) unlawful processing of the Data Controller to prevent its deletion; c) exercise of your right in court; d) verification of the possible prevalence of the legitimate reasons of the Data Controller over those of the person concerned;
- receive, if the processing is carried out by automatic means, without hindrance and in a structured format, commonly used and readable Personal Data concerning you to transmit them to another data controller or – if technically feasible – to obtain direct transmission from the Data Controller to another data controller;
- oppose, in whole or in part: a) for legitimate reasons, the processing of Personal Data concerning you, even if pertinent to the purpose of collection; b) the processing of Personal Data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by email and/or through traditional marketing methods by telephone and/or paper mail;
- lodge a complaint with the Guarantor Authority for the Protection of Personal Data.
In the cases mentioned above, where necessary, the Data Controller will bring to the attention of third parties to whom your personal data are communicated any exercise of rights by you, except in specific cases (e.g. where such performance proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected).
10. Procedures for the exercise of rights
You may exercise these rights at any time:
- by sending a registered letter with return receipt to the address of the registered office of the Data Controller;
- by sending an e-mail to firstname.lastname@example.org;
- by calling +39 049 5018399.
11. Owner and responsible for the treatment
The holder of the treatment is:
- CenterVue S.p.A.
The Privacy Manager is:
- Mr. Giuliano Barbaro
- Via S. Marco n. 9/H, 35129 – Padua, Italy, ph. +39 049 5018399
The updated list of internal and external data processors is kept at the Data Controller’s head office.
Padova, 30th October 2019.