Pursuant to art. 13 of Regulation (EU) no. 2016/679 (hereinafter the “GDPR”), the Italian Chamber of Commerce in Canada West (hereinafter the “Chamber of Commerce” or the “Owner”) informs you that personal data relating to your company (hereinafter the “Client”), to natural persons acting on its behalf as legal representatives or contact points (hereinafter the “Data”) collected from the Client, shall be processed in compliance with the provisions of GDPR and in accordance with the following information.
It is understood that it is the Client’s responsibility to inform the natural persons acting on his behalf of the processing of the Data referred to in this notice and to request their consent, where necessary.
DATA CONTROLLER. RESPONSIBLE FOR THE TREATMENT.
The Data Controller is the Italian Chamber of Commerce in Western Canada, with registered office in Vancouver (BC), tel. 6046821410, e-mail email@example.com. The updated list of any data processors is available at the registered office of the Data Controller.
PURPOSE AND LEGAL BASIS OF THE PROCESSING. LEGITIMATE INTERESTS PURSUED.
The Data will be processed:
- to fulfil the legal obligations to which the Data Controller is subject.
- for the execution of contracts to which the Client is a party or for the adoption of pre-contractual measures adopted at the Client’s request.
- to ascertain, exercise or defend a right in court.
- for the sending of commercial communications on products and services like those already purchased (so-called “soft spam”).
- to send commercial communications on products and services, by e-mail, SMS, mms, fax or similar and/or by postal service or telephone calls with operator.
The processing of the Data for the purpose under a) does not require the Client’s consent as it is necessary to fulfil the legal obligations to which the Data Controller is subject, pursuant to art. 6, c. 1, letter c) of GDPR. The processing of the Data for the purpose under b) does not require the Client’s consent as the processing is necessary for the execution of contracts to which the Client is a party or for the adoption of pre-contractual measures adopted at the Client’s request, pursuant to art. 6, c. 1, letter b) of GDPR. The processing of Data for the purposes under c) does not require the Client’s consent as it is necessary for the pursuit of the legitimate interest of the Data Controller, pursuant to art. 6, c. 1, letter f) of GDPR. The processing of the Data for the purposes under d) does not require the consent of the Customer, pursuant to art. 130, paragraph 4, of Legislative Decree no. 196/2003 as amended by Legislative Decree no. 101/2018 (hereinafter the “Privacy Code”). The processing of Data for the purposes under e) requires the consent of the Customer pursuant to art. 6, c. 1, letter a) of GDPR.
PROVISION OF DATA AND CONSEQUENCES IN CASE OF FAILURE TO PROVIDE DATA.
The conferment of the Data for the purposes under a) and b) constitutes, respectively, a legal and contractual obligation. The provision of the Data for the purposes under c), however, is optional but necessary for the pursuit of the legitimate interests of the Owner indicated above. In all these cases, failure to provide the Data will make it impossible for the Data Controller to establish business relations with the Customer. The provision of the Data for the purpose of sub e) is optional
and the failure to provide it and/or consent to its processing will make it impossible for the Owner to carry out the functional activities to achieve the purpose in question.
RECIPIENTS OR CATEGORIES OF RECIPIENTS.
The Data may be made accessible, brought to the attention of or communicated to the following subjects, who will be appointed by the Data Controller as managers or persons in charge:
- companies of the group to which the Owner belongs (parent companies, subsidiaries, affiliates), employees and/or collaborators in any capacity of the Owner and/or companies of the group to which the Owner belongs.
- public or private entities, natural or legal persons, which the Owner uses for the performance of activities instrumental to the achievement of the above mentioned purpose or to which the Owner is required to communicate the Data, by virtue of legal or contractual obligations.
In any case, the Data will not be disseminated.
The Data shall be retained for a maximum period equal to the statute of limitations of the rights enforceable by the Holder, as applicable from time to time.
ACCESS RIGHTS, CANCELLATION, RESTRICTION, AND PORTABILITY.
Interested parties are granted the rights set out in Articles 15 to 20 of the GDPR. By way of example, each interested party may:
- obtain confirmation as to whether personal data concerning him/her are being processed.
- where processing is in progress, to obtain access to personal data and information relating to the processing and to request a copy of the personal data.
- obtain rectification of inaccurate personal data and integration of incomplete personal data.
- d) to obtain, where one of the conditions laid down in Article 17 of the GDPR is met, the deletion of personal data concerning him/her.
- to obtain, in the cases provided for in Article 18 of the GDPR, the limitation of the processing.
- to receive personal data concerning him/her in a structured, commonly used, and machine-readable format and request their transmission to another data controller, if technically feasible.
RIGHT TO OBJECT.
Each interested party has the right to object at any time to the processing of his personal data carried out in the pursuit of a legitimate interest of the Owner. In case of opposition, your personal data will no longer be processed, provided that there are no legitimate reasons for processing that prevail over the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of a right in court.
RIGHT TO REVOKE CONSENT.
Where consent is required for the processing of personal data, each data subject may also revoke the consent already given at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation. Consent may be revoked by writing an email to firstname.lastname@example.org.
RIGHT TO OBJECT AND REVOKE CONSENT IN RELATION TO THE PROCESSING CARRIED OUT FOR MARKETING PURPOSES.
With reference to the processing of the Data for the purposes d) and e), each interested party may revoke any consent given at any time or oppose its processing by writing an email to the address email@example.com. The opposition to the processing exercised
through these methods also extends to the sending of commercial communications by means of the postal service or telephone calls with operator, without prejudice to the possibility of exercising this right in part, for example by opposing only the processing carried out by automated communication systems.
RIGHT TO LODGE A COMPLAINT WITH THE GUARANTOR.
In addition, each data subject may lodge a complaint with the Privacy Guarantor in the event he or she believes that his or her rights under GDPR have been violated, in the manner indicated on the website of the Privacy Guarantor accessible at www.garanteprivacy.it.
This is a translation from the original Italian version.