Information pursuant to art. 13 and 14 of (EU) Regulation no. 679/2016 (“GDPR”)
SECUR & SECUR s.r.l. (hereinafter “SECUR & SECUR” or owner) protects the confidentiality of personal data and guarantees the necessary protection to prevent any breach.
As set forth by the European Union Regulation no. 679/2016 (“GDPR”), and in particular art. 13 and 14, we provide hereto, to the user (“Data subject”), the information required by the legislation relating to the processing of their personal data.
SECTION I
Who we are and what data we process (Art. 13, par. 1 letter a, art. 15, letter b GDPR)
SECUR & R s.r.l, in the person of its legal representative Pierluigi Tarchi, with registered office in Via Zarini 352 / c 59100 Prato (PO) and operational office in Vicolo di S. Marco Vecchio 26, 50139 (FI) with tax code and VAT no. 02187300971 who can be contacted through Customer Service at Tel +39 055 471339;
| Category of data | Examples of types of data |
| Contact details | First name, last name, address, nationality, residential province and city, landline telephone number and/or mobile number, fax, tax ID number, email address(es) |
| Banking information | IBAN and banking/postal account information (except for Credit Card number) |
| Internet traffic data | Log, originating IP address. |
“SECUR & SECUR”does not require the Data Subject to provide so-called “Particular” data, or, according to the provisions set forth by the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the health or sexual life or sexual orientation of the person. In the event that the service requested from “SECUR & SECUR” requires the processing of such data, the data subject will receive specific information in advance and will be required to render his/her consent.
The Data Controller has appointed a Data Protection Officer – DPO who can be contacted for any information and request:
e-mail: dpo@securandsecur.it or through Customer Service at Tel +39 055 471339
For any information or request, the Data Subject may contact the address of the operational office in
Vicolo di S. Marco Vecchio 26, 50139 Firenze
SECTION II
Purposes for which we need the data of the Data Subject (Art. 13, par. 1 of the GDPR)
The data are used by the Data Controller to follow up the registration request and the supply contract of the chosen Service, manage and execute the contact requests forwarded by the Data Subject, provide assistance, fulfil the legal and regulatory obligations which the Data Controller is required to comply pursuant to the activity exercised.
In no case does Secur & Secur disclose the personal data of the Data Subject to third parties or use them for undeclared purposes.
In particular, the data of the Data Subject will be processed for:
a) registration and requests for contact and / or information material
The personal data of the Data Subject are processed in order to carry out the preliminary activities, consequent to the registration request, to handle information and contact requests and / or to send information material, as well as to fulfil any other related obligation. The legal basis for these processing activities consists in the fulfilment of the services related to registration, information and contact requests and / or sending information material and complying with legal obligations.
b) managing the contract
The personal data of the Data Subject is processed in order to carry out the preliminary activities and consequent to the purchase of a Service, to manage a related order, to provide the Service, the related invoicing and payment, to handle complaints and / or Customer care requests and to provide assistance, prevent frauds and fulfil any other obligation deriving from the contract. The legal basis of these processing activities consists in fulfilling the services set forth by the contract and complying with legal obligations.
c) promotional activities on services similar to those purchased by the Data Subject (art. 47 GDPR)
The data controller, even without your explicit consent, may use the contact details communicated by the Data Subject, for the purpose of direct sales of its services, provided they are services similar to those being sold, unless the Data Subject does not explicitly object.
d) sale promotion activities on different Services other than those purchased by the Data Subject
The personal data of the Data Subject may also be processed for sale promotion purposes, for surveys and market researches with regard to Services that the Data Controller offers only if the Data Subject has authorized the processing and does not object to this.
This processing activity may take place with automated means, as follows:
- e-mail;
- sms;
- telephone
and can be done:
- f the Data subject has not revoked his/her consent to use his/her personal data;
- if, in the event that the processing takes place through telephone operator, the Data subject is not registered in the non-contact list as set forth by Presidential Decree no. 178/2010;
The legal basis of these processing activities consists in the consent granted by the Data Subject prior to processing, which can be revoked by the Data Subject freely and at any time (see Section III).
e) IT security
The Data Controller, in accordance with the provisions of art. 49 of the GDPR, processes, also through its suppliers (third parties and / or recipients), the personal data of the Data Subject relating to traffic to an extent strictly necessary and proportionate to guarantee the security of networks and information, i.e. the ability of a network or information system to withstand, at a given level of security, unforeseen events or illegal or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.
The Data Controller will promptly inform the Data Subjects, if there is a particular risk of data breach, without prejudice to the obligations set forth by art. 33 of the GDPR relating to notifications of personal data breaches.
The legal basis of these processing activities consists in respecting legal obligations and the legitimate interest of the Data Controller to carry out processing related to the protection of corporate assets and the security of the offices and systems of the Aruba Group.
f) profiling
ï The personal data of the Data Subject may also be processed for profiling purposes (such as analysis of the transmitted data and the selected Services, proposing advertising messages and / or sales proposals in line with user choices) exclusively in the event that the Data Subject has provided explicit and informed consent. The legal basis of these processing activities consists in the consent given by the Data Subject prior to processing, which can be revoked by the Data Subject freely and at any time (see Section III).
g) fraud prevention (art. 47 and art. 22 GDPR)
- ï the personal data of the Data Subject, with the exception of particular (art. 9 GDPR) or judicial (art. 10 GDPR) data, will be processed to allow checks for the purpose of monitoring and preventing fraudulent payments, by software systems that carry out a verification with automated processes prior to the negotiation of the Services;
- if a negative result is obtained during these checks, it will not be possible to carry out the transaction; the Data Subject may in any case express his/her opinion, obtain an explanation or object the decision by providing reasons to the Customer Care or contact dpo@securandsecur.it;
- personal data collected for anti-fraud purposes only, unlike the data necessary for the correct execution of the requested service, will be immediately deleted at the end of the verification phases.
h) protection of minors
The Services / Products offered by the Data Controller are reserved for subjects legally able to conclude contractual obligations, on the basis of the relevant national legislation.
The Data Controller, in order to prevent illegitimate access to its services, implements prevention measures to protect its legitimate interest, such as checking the tax code and / or other verifications, when necessary for specific Services / Products, and checks the accuracy of the general data indicated in the identity documents issued by competent authorities.
Communication to third parties and categories of recipients (art. 13, par. 1 GDPR)
The communication of the data subject’s personal data takes place mainly towards third parties and / or recipients whose activity is necessary for the performance of the activities related to the contract and to fulfil certain legal obligations, such as:
|
Categories of recipients |
Purposes |
|
Companies belonging to the Secur & Secur Group or subsidiaries |
Fulfilment of administrative and accounting requirements as well as those connected with the contractual services, |
|
Third party suppliers and companies belonging to the Secur & Secur Group or subsidiaries |
Performance of services (assistance, maintenance, delivery/shipping of products, performance of additional services, providers of networks and electronic communication services) associated with the requested service |
|
Credit and digital payment institutions, banks/post offices |
Management of deposits, payments, reimbursements associated with the contractual service |
|
External professionals/consultants and consulting firms |
Fulfilment of legal requirements, exercise of rights, protecting of contractual rights, credit recovery |
|
Financial Administration, Public Agencies, Legal Authorities, Supervisory and Control Authorities |
Fulfilment of legal requirements, protection of rights; lists and registries held by Public Authorities or similar bodies based on specific regulations relating to the contractual service |
|
Formally delegated subjects or those with recognized legal rights |
Legal representatives, administrators, guardians, etc. |
• The Data Controller requires third party suppliers and data processors to comply with security measures as those adopted for the Data Subject, by restricting the scope of activity of the Data processor to the processing related to the requested service.
• The Data Controller does not transfer your personal data to countries where the GDPR is not applied (non-EU countries) unless otherwise specified, hence you will be informed in advance and your consent will be requested if necessary.
The legal basis of these processing activities consists in providing the services set forth by the contract, respect legal obligations and the legitimate interest of Secur & Secur to carry out processing operations necessary for these purposes.
SECTION III
What happens if the Data Subject does not provide his/her data which are necessary to provide the requested service? (art.13, par.2, letter e of the GDPR)
The collection and processing of personal data is necessary to follow up on the requested services and to provide the Service and / or supply the requested Product. If the Data Subject does not provide the personal data expressly indicated as necessary in the order form or the registration form, the Data Controller will not be able to execute the processing activities related to the management of the requested services and / or the contract and related Services / Products, or consequent obligations.
What happens if the Data Subject does not render his/her consent to the processing of personal data for sale promotion activities on Services / Products other than those purchased?
In the event that the Data Subject does not render his/her consent to the processing of personal data for these purposes, said processing will not take place for such purposes, without this having effects on the supply of the requested services, or services for which he/she already gave consent, if required.
In the event that the Data Subject has given consent and should subsequently revoke it or oppose the processing for sale promotion activities, his/her data will no longer be processed for these activities, without this having consequences or prejudicial effects for the Data Subject and for the requested services.
How we process the data of the Data Subject (art. 32 of the GDPR)
The Data Controller implements adequate security measures in order to preserve the confidentiality, integrity and availability of the data subject’s personal data and imposes similar security measures on third party suppliers and Data Processors.
Where we process the data of the Data Subject
The personal data of the Data Subject are stored in paper, computer and telematic archives located in countries where the GDPR is applied (EU countries).
How long are the data of the Data Subject stored? (art. 13, par. 2, letter a GDPR)
Unless the Data Subject explicitly expresses his/her will to remove them, the personal data will be stored as long as they are necessary pursuant to the legitimate purposes for which they were collected.
In particular, with regard to the management and supply of services related to the contact requests sent by the Data Subject, such data will be stored for no longer than 12 months; furthermore, in case of adherence to the contract, they will be kept for the entire duration of the contract and in any case for maximum 12 (twelve) months from the last of the active related Service or, if within this period, no active Services are present and / or no Products are purchased through the contract.
In case data is provided to the Data Controller for purposes of sale promotion for services other than those already purchased by the Data Subject, for which he/she initially gave consent, these will be stored for 24 months unless the consent is revoked.
In case data is provided to the Data Controller for profiling purposes, these will be stored 12 months, unless the consent is revoked.
In addition, in the event that a user forwards unsolicited or unnecessary personal data to Secur & Secur in order to perform the requested service or to provide a strictly related service, Secur & Secur cannot be considered Data Controller of these data, and will delete them as soon as possible.
Regardless of the intention of the Data Subject to remove his/her personal data, these will be stored in any case according to the terms established by current laws and / or national regulations, for the exclusive purpose of ensuring specific obligations.
Furthermore, personal data will be anyhow stored for the fulfilment of obligations (e.g. tax and accounting) that remain in effect even after the conclusion of the contract (art. 2220 of the Civil Code); the Data Controller will only keep the data necessary to attain these purposes.
Without prejudices to the cases in which the rights deriving from the contract and / or from the registration shall be challenged before the courts; in this instance, only the personal data of the Data Subject exclusively necessary to attain these purposes, will be processed for the time required.
What are the rights of the Data Subject? (art. 15 – 20 GDPR)
The Data Subject has the right to obtain the following from the data controller:
1. confirmation as to whether or not his/her personal data is being processed and, in this case, to obtain access to personal data and the following information:
1. processing scopes;
2. categories of personal data in object;
3. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
4. when possible, the estimated storage period of the personal data or, otherwise, the criteria used to determine this period;
5. the existence of the Data Subject’s right to ask the data controller to rectify or delete personal data or limit the processing of his/her personal data or to oppose processing;
6. the right to lodge a complaint with a supervisory authority;
7. if the data are not collected from the data subject, all available information on their origin;
8. the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.
9. the adequate guarantees provided by the third country (non-EU) or an international organization to protect any data transferred
1. b) the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others; in the event the Data Subject requests further copies, the data controller may charge a reasonable fee based on administrative costs.
2. c) the right to obtain from the data controller the correction of inaccurate personal data concerning him/her without undue delay
3. d) the right to obtain from the data controller, the deletion of his/her personal data without undue delay, if the reasons provided for by art. 17 of the GDPR apply, including, for example, in the event that they are no longer necessary for the processing scopes or if the scope is illegal, and provided that the conditions set forth by law are present; and in any case, if the processing is not justified by another equally legitimate reason;
4. e) the right to obtain from the data controller, the limitation of the processing activities in the cases provided for in art. 18 of the GDPR, for example if accuracy is contested, for the time required by the Data Controller to verify the accuracy. The Data Subject must be informed, in a reasonable time, also of when the suspension period has elapsed or the cause of the limitation of the processing has ceased, and therefore the limitation itself revoked;
5. f) the right to obtain communication from the Data Controller of the recipients to whom the requests for any corrections or cancellations or processing limitations have been transmitted, unless this proves impossible or involves a disproportionate effort.
6. g) the right to receive his/her personal data in a structured format, commonly used and readable by an automatic device and the right to transmit such data to another data controller without impediments by the data controller to whom the data was provided, in the cases set forth by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.
For any further information and to send your request, please contact the Data Controller at dpo@securandsecur.it.
In order to ensure that the aforementioned rights are exercised by the Data Subject and not by unauthorized third parties, the Data Controller may request the same to provide any additional information necessary for the purpose.
How and when can the Data Subject oppose the processing of his/her personal data? (Art. 21 GDPR)
For reasons relating to the particular situation of the Data Subject, the same may object at any time, the processing of his/her personal data if it is based on legitimate interest or if it occurs for sale promotion activities, by sending the request to the Data Controller at dpo@securandsecur.it.
The Data Subject has the right to request deletion of his/her personal data if there is no legitimate reason of the Data Controller prevailing the reason that gave rise to the request, and in any case, in the event that the Data Subject has opposed the processing for sale promotion activities.
Where can the Data Subject lodge a complaint? (Art. 15 GDPR)
Without prejudice to any other administrative or judicial action, the Data Subject may lodge a complaint with the competent supervisory authority on the Italian territory (Data Protection Authority) or the one that carries out its duties and exercises its powers in the Member State where the violation of the GDPR occurred.
Any update of this Privacy Policy will be communicated promptly and by appropriate means and it will also be notified if the Data Controller processes the data of the Data Subject for purposes other than those referred to in this Privacy Policy before proceeding and following the obtainment of the Data Subject’s consent.
SECTION IV
This Section provides the Data Subject with special information relating to the processing of his/her personal data for each of the Services listed below, in addition to those reported in the previous Sections.
DOMAINS / HOSTING SERVICES
Communication to third parties and categories of recipients
In order to provide registration services for a domain name with an extension (TLD) that does not belong to the following list
.at .be .bg .cz .de .dk .ee .es .eu .fi .fr .gr .hr .hu .ie .it .lt .lu .lv .mt .nl .pl .pt .ro .se .si .sk .uk
personal data, for purposes strictly related to the provision of the service, will be communicated to third parties (registration authorities and related accredited subjects) who are based in countries where the GDPR is not applied (non-EU countries), and in any case where the European Commission considers that adequate laws on data protection are in force.
Furthermore, the Data Subject is informed that the registration of a domain name involves the insertion of his/her personal data in a publicly accessible register (“Whois”) kept at the Registration Authority competent for the chosen extension, except for cases in which the Data Subject has requested the concealment of personal data according to the procedures set forth by the competent Registration Authority or pursuant to the contractual conditions relating to the Service.
The legal basis of these processing activities consists in providing the services established in the contract, comply with legal obligations and regulations and respect the legitimate interest of Secur & Secur to carry out the processing required for these purposes.
SSL SERVICES
Communication to third parties and categories of recipients
As part of providing the “SSL” Service, the personal data of the Data Subject may be disclosed to third parties based in countries where the GDPR is not applied (non-EU countries and in any case where the European Commission considers that adequate laws on data protection are in force.
The legal basis of these processing activities consists in providing the services established in the contract, comply with legal obligations and regulations and respect the legitimate interest of Secur & Secur to carry out the processing required for these purposes.
SECTION V
COOKIES
General information, deactivation and management of cookies
Cookies are data that are sent from the website and stored by the internet browser on the user’s computer or other device (e.g. tablet or mobile phone).
Technical cookies and third-party cookies may be installed by our website or its subdomains.
Nonetheless, the user can manage or request the general deactivation or deletion of cookies by changing the settings of his/her internet browser.
However, deactivation may slow down or prevent access to some sections of the site.
The settings to manage or disable cookies may vary depending on the internet browser used, therefore, for more information on how to perform these operations, we suggest the User to consult the manual of his/her device or the “Help” function of his/her internet browser.
Below are the links that explain how to manage or disable cookies for the most popular internet browsers:
ï Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
ï Google Chrome: https://support.google.com/chrome/answer/95647
ï Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
ï Opera: http://help.opera.com/Windows/10.00/it/cookies.html
ï Safari: https://support.apple.com/kb/PH19255
Technical cookies
The use of technical cookies, meaning cookies necessary for the transmission of communications over an electronic communications network or cookies strictly necessary for the supplier to provide the service requested by the customer, allows the safe and efficient use of our site.
Session cookies may be installed in order to allow access and stay in the reserved area of the portal as an authenticated user.
Technical cookies are essential for the proper functioning of our website and are used to allow users to navigate normally and to take advantage of the advanced services available on our website. The technical cookies implemented, are divided into session cookies, which are stored exclusively for the duration of the browsing activity until the browser is closed, and persistent cookies that are saved in the memory of the user’s device until their expiry or deletion by the user. Our site uses the following technical cookies:
ï Technical navigation or session cookies, used to manage normal browsing activities and user authentication;
ï Functional technical cookies, used to store user-chosen customizations, such as, for example, the language;
ï Technical analytics cookies, used to know how users use our website so as to be able to evaluate and improve its functioning.
Third party cookies
Third-party cookies may be installed: these are analytical and profiling cookies of Google Analytics, Google Doubleclick, Criteo, Rocket Fuel, Youtube, Yahoo, Bing and Facebook.
These cookies are sent from the websites of said third parties, external to our site.
Third-party analytical cookies are used to detect information on user behaviour on the site.
Detection takes place anonymously, in order to monitor performance and improve the use of the site. Third-party profiling cookies are used to create user profiles, in order to propose advertising messages in line with the choices made by the users.
The use of these cookies is governed by the rules set forth by third parties, hence Users should read the privacy policies and instructions for managing or disabling the cookies published on the following web pages:
For Google Analytics cookies:
ï privacy policy: https://www.google.com/intl/it/policies/privacy/
ï instructions to manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it
ï For Google Doubleclick cookies:
ï privacy policy: https://www.google.com/intl/it/policies/privacy/
ï indications to manage or disable cookies: https://www.google.com/settings/ads/plugin
For Criteo cookies:
ï privacy policy: http://www.criteo.com/it/privacy/
ï indications to manage or disable cookies: http://www.criteo.com/it/privacy/
For Facebook cookies:
ï privacy policy: https://www.facebook.com/privacy/explanation
ï indications to manage or disable cookies: https://www.facebook.com/help/cookies/
For CrazyEgg cookies:
ï privacy policy: https://www.crazyegg.com/privacy/
ï indications to manage or disable cookies: https://www.crazyegg.com/cookies/
For Rocket Fuel cookies:
ï privacy policy: http://rocketfuel.com/it/privacy/
ï indications to manage or disable cookies: http://rocketfuel.com/it/cookie-policy/
For Youtube cookies:
ï privacy policy: https://www.youtube.com/intl/it/yt/about/policies/#community-guidelines
ï indications to manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it
For Yahoo cookies:
ï privacy policy and indications to manage or disable cookies:https://policies.yahoo.com/ie/it/yahoo/privacy/euoathnoticefaq/
For Bing cookies:
ï privacy policy and indications to manage or disable cookies: https://privacy.microsoft.com/it-it/privacystatement
Profiling cookies
Profiling cookies can be installed by the Website Owner(s), using the so-called web analytics software, which are used to prepare detailed and real-time analysis reports relating to information on: website visitors, search engines of origin, keywords used, language of use, most visited pages.
They can collect information and data such as IP address, nationality, city, date / time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of the visit, number of visits made.
These data may be transferred to each of the Companies of Secur & Secur Group pursuant to and according to the limitations imposed by current legislation and by the provisions set forth by this Privacy Policy.
