Information concerning the processing of personal data
In accordance with article 13 EU Regulation 2016/679 - GDPR, we inform you that the processing of data by you provided will be carried out with methods and procedures aimed at ensuring that the processing itself is compliant with fundamental rights and freedoms, with special attention to confidentiality and security, to personal identity and the right of data protection.
It is recalled that “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (article 4 GDPR).
1. Nature and legal basis of processing
Personal data processed by IMO S.p.A. in accordance to the article 6 GDPR are related to:
Name and Surname;
Telephone contact details;
Interest in specific topics
In accordance to the article 6 GDPR, processing is necessary to handle and follow up your request.
In case of sending marketing communications relating to the activities of IMO S.p.A. or newsletters, the explicit consent of the interested party will be required to data subject.
2. Data Origin
Personal data are collected through online forms available on our website www.imopronature.com.
3. Purposes of the processing
Personal data and any changes you may communicate IMO S.p.A. are collected and processed exclusively for the following purposes:
To provide information services requested to IMO S.p.A.;
To Exercise the rights of the Controller and respond to requests from interested parties
To fulfill the obligations deriving from the Law, Regulations, Community legislation or from an order of the Authority;
To send e-mails, newsletters, marketing and commercial communications, promotional material, only with the consent of the person concerned;
Carry out market surveys.
4. Processing method
The processing of personal data may concern all the operations indicated in art. 4 of GDPR, such as:
Electronic and paper recording and processing
Collection, storing and backup of data referring to data subject
Organization of archives, also in automated form, through company applications.
The data will be processed using instruments that guarantee confidentiality, integrity and availability. The processing is carried out on paper and through computerized and / or automated systems and will include all the operations or set of operations according to art. 4 of the GDPR and necessary for the concerning processing, including the communication with the subjects assigned to the processing itself. The data in question will not be disseminated, while they will be or may be communicated to public or private subjects operating within the scope of the purposes described above.
The data collected will be kept for a period of time not exceeding the achievement of the purposes for which they are processed, in accordance to point 3. The Data Subject may always request the interruption of the Processing or the deletion of the Data.
6.Access to processing
The data will be made accessible to employees/collaborators appointed as authorised persons, within the purposes of point number 3 and according to methods set out in point 4.
7. Communication of the data
The data will not be disclosed to third parties not authorized outside the scope and purposes of this processing or disseminated in any way To this end, the treatment is conducted with the use of appropriate security measures to prevent unauthorized access to data by third parties and to guarantee the confidentiality.
Controller may communicate your data without any specific consent for the purposes referred in point 3 to the following subjects:
Supervisory bodies, judicial authorities, control bodies
Other subjects whose right to access their personal data is recognized by provisions of law or secondary or community legislation.
These subjects will process the data as independent data controllers.
8. Data tranfers
The management and storage of personal data will be carried out on servers of the Data Controller and / or third-party companies appointed and duly appointed as Data Processors. The servers are located within the European Union. The data will not be transferred outside the European Union.
9. Nature of data provision and consequence of refusal
The provision of data for the purposes referred to in point 3 is mandatory. In their absence, it will not be possible to proceed with the provision of services or with the receipt of the requested information.
10. Data Subject´s Rights
According to the provisions of the GDPR, the interested party has the following rights towards the Data Controller:
withdraw the consent expressed at any time (withdraw of the consent article 7).
obtain confirmation of whether or not personal data processing is being processed and, in this case, to obtain access to personal data (Right of access article 15);
obtain the rectification of inaccurate personal data concerning him without undue delay (Right to rectification article 16);
obtain the erasure of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay, if certain conditions are met (Right to be forgotten article 17);
obtain the restriction of processing in certain cases (Right to restriction article 18);
obtain notification from the controller in case of rectification or cancellation of personal data or restriction of processing (notification obligation art. 19)
receive the personal data concerning you provided in a structured, commonly used and readable form by automatic device and have the right to transmit such data to another Data Controller, without impediments by the data controller who provided them, in certain cases (Right to data portability article 20);
object at any time, for reasons connected with your particular situation, to the processing of your personal data (Right to object article 21);
receive without undue delay communication of the personal data breach suffered by the Data Controller (article 34);
Where applicable, the data subject may exercise the above rights by emailing the Data Controller. The Data Controller reserves the right to verify the identity of the data subject before taking further action based on his/her request.
11.The Data Controller
Via Vincenzo Monti 6,
C.F e P.IVA 00714820156
Tel +39 02 909313250
Fax +39 02 909313211
Data Processors on behalf of IMO S.p.A.:
Digital For Business S.r.l.
Viale Ercole Marelli, 165
20099 Sesto San Giovanni (MI)
Tel +39 02 84269914
C.F e P.IVA 08484830966
This information may change. Any substantial changes will be communicated through this website.