PRIVACY POLICY RELATING TO THE SUBSCRIPTION TO THE NEWSLETTER

The privacy policy in force from time to time may be request by sending an email to privacy@onit.it.

 

1. Introduction.

In compliance with the Regulation (EU) 2016/679 (hereinafter also referred to just as  “Regulation”) as well as applicable Italian regulations, as Data Controller (hereinafter also referred to just as “Controller”) Onit S.p.A. wishes to inform herewith the data subjects about the processing of their personal data carried out within the processes relating to the subscription to the newsletter.

 

2. Types of data being processed and method of collection

The Data Controller collects, processes and uses the following categories of personal data: name, surname, contact details (email, telephone number).

 

3. Purposes of processing and legal basis

Personal data are collected and processed to:

(1) Send company information at regular intervals.

The legal basis for processing for the purpose under point (1) is the consent freely given by the data subject.

 

4. Nature of the provision of data and consequences if data are not provided

The provision of personal data by the data subject for the purpose under par. 3 of this privacy policy is optional. However, the failure to provide such data may make it impossible for the data subject to receive the information under art. 3.

 

5. Disclosure of data

Personal data may be accessed by Onit's administrative, commercial and marketing personnel as well as by the Data Protection Officer appointed by the Data Controller in view of his role and for the execution of his tasks and functions, any other supervisory body that the Company may have, the firm responsible for the management of the Data Controller's computer infrastructure, and the firm responsible for the management of the Data Controller's marketing activity.

In any case, the Data Controller guarantees that the above subjects have been authorized to process such data in writing.

The data shall neither be disclosed nor transmitted to any third parties unless in the event of an action and/or control by any supervisory and/or judicial authorities.

 

6. Methods of processing

Data shall be processed both in electronic and in paper format.

 

7. Duration of the processing

Collected data shall be stored for the time strictly necessary to achieve the above purpose (see par. 3 of this privacy policy) and in any case for 20 years from the signing of this privacy policy.

 

8. Data Protection Officer (DPO)

The Data Protection Officer (DPO) may be contacted at the following addresses:

Email: nicola.pagliarulo@share-ing.eu; Certified email: nicola.pagliarulo@legalmail.it

 

9. Rights of the data subject

The “data subjects”, i.e. the natural persons, may exercise their rights under Chapter III, Section 2, art. 15-22 of the GDPR.

The Regulation allows the data subjects to exercise the right of access in order to be informed about the personal data held by the Data Controller and how they are used as well as the right to have incomplete personal data completed and to obtain the updating, rectification, erasure or anonymisation of personal data or the restriction of processing.

The data subjects shall also have the right to withdraw their consent at any time and this shall not affect the lawfulness of processing based on consent before its withdrawal.

 

10. Right to data portability

Each data subject may request to receive the personal data concerning him or her held by the Data Controller or to have such data transferred in a structured, commonly used and machine-readable format for further personal uses or to transmit them to another data controller (right to data portability).

This right may be exercised when:

• the processing of data is based on consent pursuant to art. 6, par. 1, point a) or to art. 9, par. 2, point a), or on a contract pursuant to art. 6, par. 1, point b).
• the processing is carried out by automated means.

In particular, the data that may be subject to portability are the personal data (e.g. name, surname, title, date of birth, sex, place of birth, residence, etc.).

 

11. Right to object

Pursuant to art. 21, the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on art. 6, par. 1, point e) or f), including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

 

 

12. How data subjects may exercise their rights

To exercise his or her rights under art. 15-22 of the GDPR, each data subject may contact: Onit S.p.A., with registered office in Via dell'Arrigoni 308, 47522 Cesena (FC), Italy, Tel: +39 0547 313110, Fax: +39 0547 318021, Email: privacy@onit.it, Certified email: onit@pec.onit.it.

The response term is one (1) month, which however may be extended by two (2) months in the event of particularly complex requests. In that case, Onit shall nonetheless provide at least a provisional notice within one (1) month.

As a general rule, the exercise of the rights in question shall be free of charge. However Onit reserves the right to charge a fee in the event of manifestly unfounded or excessive requests, also due to their repetitive character.

Onit shall have the right to request any information necessary to confirm the identity of the data subject.

The exercise of the data subject's rights under art. 15-22 of the GDPR may be delayed, limited or excluded in the event of specific circumstances, for example if such exercise may actually and tangibly compromise the secrecy of the identity of an employee reporting an offence pursuant to the Italian law no. 179/2017 (so-called "whistleblowing") or any interests protected by any regulations on money laundering and protection of the victims of extortion or the carrying out of investigations for defence purposes or the exercise of a right in court, etc. (Privacy Code, art. 2-undecies).

 

13. Complaint with competent authorities

Onit informs data subjects that they shall have the right to lodge a complaint with or make a report to the Data Protection Supervisor or, as an alternative, to file a petition with the judicial authorities pursuant to art. 77 et seq. of the Regulation.

 

14. Amendments to this privacy policy

The Data Controller reserves the right to modify this Privacy Policy at any time at its sole discretion. Any changes shall be effective from the date of publication of the modified version of the Privacy Policy, which shall be available and notified to the data subjects and anyway provided upon specific request sent by email to privacy@onit.it. In any case, the Data Controller guarantees that personal data shall be processed according to the principles of lawfulness, fairness, transparency and protection of the data subject's privacy and rights.