We wish to inform you that your personal data provided at the time of registration shall be used by UniCredit Business Integrated Solutions S.C.p.A and disclosed to other companies, in full compliance with the fundamental principles set forth in:
a) Directive 95/46/EC of the European Parliament concerning protection of natural persons with regard to personal data processing and data circulation;
b) Directive 97/66/EC for the protection of privacy in telecommunications and Italian Law Decree no. 6 dated 30 January 1998;
c) Directive 97/07/EC and Italian Legislative Decree 185/99 for the protection of consumers in distance contracts;
d) Directive 00/31/EC and Italian Legislative Decree 70/2003 for e-commerce;
e) Italian Legislative Decree no. 196 dated 30 June 2003 – Personal Data Protection Code.
PERSONAL DATA PROCESSING OPERATIONS AND RELATED OBJECTIVES
A summary is provided below of all the operations performed by us involving collection, preservation or processing of your personal data, and the objectives that we pursue through each operation.
a. Collection and preservation of your personal data in order to provide the e-commerce service regarding our products and to provide the Judicial Authority with the information required;
b. Processing of personal data provided by you and of data inferred from your web history, in accordance with the process described in greater detail in the general conditions of service, for the purpose of defining your commercial profile;
c. Use of your commercial profile by UniCredit Business Integrated Solutions S.C.p.A for its own marketing and promotion purposes;
d. Collection, preservation and processing of your personal data for administrative and accounting purposes, including email transmission of commercial invoices;
e. Use of your commercial profile by UniCredit Business Integrated Solutions S.C.p.A for third party marketing and promotion purposes.
Processing shall be carried out using fully automated procedures, in compliance with the confidentiality and safety regulations provided by law, through a process that allows survey of the customer’s commercial tendencies shown in its internet behaviour. Through the data formation and preservation system, UniCredit Business Integrated Solutions S.C.p.A. ensures and guarantees that it does not include, directly or indirectly, matters concerning sensitive data pursuant to Articles 4 letter D and 26 of Italian Legislative Decree 196/03. Hence any processing that may directly or indirectly concern sensitive data shall be automatically excluded.
FREEDOM TO GRANT CONSENT AND CONSEQUENCES OF REFUSAL
The granting of consent to the processing of personal data provided for the purposes set forth in points (a), (b), (c), (d) is necessary. In the event of refusal to provide consent it shall not be possible to provide you with the UniCredit Business Integrated Solutions S.C.p.A. services. Instead, in the event of refusal of consent for purpose (e) there shall be no consequences.
CATEGORIES OF PERSONS OR ENTITIES TO WHICH DATA MAY BE DISCLOSED OR WHO MAY ACQUIRE DATA IN THE CAPACITY OF DATA PROCESSORS OR PERSONS IN CHARGE OF PROCESSING.
The data may be acquired in the capacity of data processors by the natural persons and legal entities listed below and in the capacity of persons in charge of processing, with regard to data required for performance of duties assigned, by the natural persons belonging to the following categories: subordinate employees of the company, temporary workers, interns and consultants.
DATA CONTROLLER AND DATA PROCESSOR
The Data Controller is UniCredit Business Integrated Solutions S.C.p.A, with registered office in Via Livio Cambi 20151 Milan - Italy.
Any applications pursuant to Article 7 of Italian Legislative Decree 196/03 must be addressed to UGIS S.C.p.A – Personal Data Protection Office or sent by email to the address firstname.lastname@example.org.
The Data Processors are the Head of Administration and Head of Customer Care.
DATA SUBJECT’S RIGHTS
Article 7 of Italian Legislative Decree 196/03 (Data Subject’s Rights)
1. With regard to the processing of personal data the data subject is entitled to obtain confirmation as to whether or not we hold personal data concerning him, even if not yet recorded, and to have said data transmitted in intelligible form.
2. The data subject is entitled to be informed of:
source of data;
purposes and procedures of processing;
logic of processing;
personal details of the Data Controller and Processors and of the persons and entities to which data may be disclosed.
3. The data subject is entitled to obtain:
the updating, correction or integration of the data collected;
the deletion, transformation into anonymous form or freezing of data processed in breach of the law, including data that does not need to be preserved in relation to the purposes for which it was collected or subsequently processed;
confirmation that the aforesaid operations have been brought to the attention of those to whom the data has been transmitted or disclosed, unless fulfilment of this obligation proves impossible or entails an employment of resources that is clearly disproportionate to the protected right.
4. The data subject is also entitled to oppose, fully or partially:
for legitimate reasons, the processing of personal data, even if pertinent to the purpose of collection;
the processing of personal data for the dispatch of advertising material.