View All
Perossidi
Uniche

PRIVACY POLICY

RESERVED AREA REGISTRATION

As required by the current legislation concerning personal data protection (art. 13 General Data Protection Regulation, hereafter also GDPR), Schalcon S.p.a. (hereafter also indicated as “Data Controller” or “Company”) provides the users interested in registering to area of the website www.schalcon.com called “MY SCHACON” with the information regarding the processing of the data acquired.

ABOUT THE DATA CONTROLLER AND HOW TO CONTACT IT

The Data Controller is Schalcon S.p.A., with registered office in Viale Enrico Ortolani, 195 - 00125 Rome, VAT reg. no. 01137561005. Use the e-mail address info@schalcon.com to contact the Company.

WHICH DATA IS PROCESSED

The data processed is the identification and billing data provided by filling in the form and the browsing data regarding the authentication procedure.

WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?

The personal data provided is used to allow the registration and the use of the services reserved for registered users. Therefore, the legal bases are the execution of pre-contractual measures and the obligations deriving from the contract. Should it be deemed necessary, the data may also be used for the legitimate interest of the data controller to carry out defensive activities or to assert or defend a right in court.

HOW IS THE DATA MANAGED?

The data collected is processed with IT tools. Suitable security measures are adopted to prevent the loss of data, illicit or incorrect use and unauthorised access. For the processing of data connected to the services of the website, servers located inside the European territory are used. The data is stored for as long as the user decides to keep his/her account active and for 24 months following the last access. This is without prejudice to any defensive requirements, based on which the data may be stored beyond the terms specified.

WHAT HAPPENS IF THE DATA IS NOT PROVIDED?


The provision of data is optional. Its refusal makes it impossible to register and use the reserved services.

WHO MAY KNOW THE DATA?

The data will be processed by the personnel of the Data Controller authorised for the processing. The data may be known by the competent Authorities in the case of specific requests that the data controller is obliged to fulfil by law, by the consultants or the companies that provide IT provision and support services for the activities carried out on the behalf of the data controller and by consultants for litigation management purposes and for legal assistance in case of disputes that need its involvement. It is hereby specified that some of the subjects stated above work as data processors and that the communication to those who work as independent data controllers is made to fulfil some legal obligations or because it is needed to comply with the obligations deriving from the contractual relationship or in the legitimate interest of the data controller, consisting in maintaining the security of the IT systems though maintenance intervention by the competent personnel and performing the defensive activities through legal consultants. The data subject may request from the Data Controller the list of the external subjects that perform their activity as data processors. In any case the communication is limited only to those data categories whose transmission is necessary in order to carry out the activities and achieve the purposes pursued.

WHAT ARE THE DATA SUBJECTS’ RIGHTS?

The law grants the data subjects the right to ask the data controller to access the personal data and to adjust or erase it or to restrict the processing that concerns them or to object to its processing, in addition to the right to data portability.

The data subject may assert his/her rights at any time, without formalities, by contacting the data controller at the e-mail address privacy@schalcon.com

The data subject may assert his/her rights at any time, without formalities, by contacting the data controller at the e-mail address privacy@schalcon.com

  • The right of access, i.e. the right to obtain from the data controller the confirmation that personal data that concerns him/her is being processed and in this case, to obtain access to the personal data and the following information: a) the purposes of the processing; b)  the data categories in question; c) the recipients or the categories of recipients to which the personal data was or will be communicated, in particular if these are recipients from third party countries or international organisations; d)  when possible, the set period of retention of the personal data or, if it is not possible, the criteria adopted to determine this period; and)  the existence of the right of the data subject to ask the data controller to rectify or erase the personal data or to restrict the processing of the personal data that concerns him/her or to object to its processing; f)  the right to put forward a complaint to a supervisory authority; g)  if the data is not collected at the data subject’s, all the information available on its origin; h)  the existence of an automated decision-making process, including profiling and, at least in these cases, significant information on the logic used, as well as the importance and the consequences that such processing has for the data subject. Should the personal data be transferred to a third country or to an international organisation, the data subject then has the right to be informed about the existence of appropriate safeguards relating to the transfer.
  • The right to rectification, i.e. the right to obtain from the data controller the rectification of the incorrect personal data that concerns him/her without undue delay. Considering the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration.
  • The right to erasure, i.e. the right to obtain from the data controller the erasure of the personal data that concerns him/her without undue delay if: a)  the personal data is no longer necessary to achieve the purposes for which it was collected or otherwise processed; b) the data subject revokes the consent on which the processing is based and if there is no other legal principle for the processing; c)  the data subject objects to the processing carried out as this is necessary for the execution of a task of public interest or connected to the exercise of public powers granted to the data controller or to pursue the legitimate interest and there is no legitimate prevailing reason to proceed with the processing, or objects to the processing for direct marketing purposes; d)  the personal data was processed unlawfully; e)  the personal data must be erased to fulfil a legal obligation under the law of the European Union or of the Member State to which the Data Controller is subject; f)  the personal data was collected in relation to the supply of services of the information company to minors. However the erasure request may not be accepted if the processing is necessary: a)  to exercise the right to freedom of expression and information; b)  to fulfil a legal obligation that requires the processing required by the law of the European Union or of the Member State to which the Data Controller is subject or for the execution of a task performed in the public interest or in the exercise of public powers granted to the data controller; c) for reasons of public interest in the public healthcare sector; d)  for archiving purposes in the public interest, in the interest of scientific or historic research or for statistical reasons, to the extent that the deletion may risks making impossible or seriously jeopardising the achievement of the objectives for such processing; or e)  to ascertain, exercise or defend a right in court.
  • The right to restriction, i.e. the right to obtain that the data be processed, except that for retention purposes, only with the consent of the data subject to ascertain, exercise or defend a right in court or to protect the rights of another natural or legal person or for reasons of relevant public interest in the Union or another Member State if: a)  the data subject challenges the accuracy of the personal data, for the period needed by the data controller to verify the accuracy of such personal data; b) the data processing is unlawful and the data subject objects to the erasure of the personal data and instead asks that its use be restricted; c)  even though the data controller no longer needs it for processing purposes, the personal data is necessary for the data subject to verify, exercise or defend a right in court; d)  the data subject objected to the processing carried out because it is necessary for the execution of a task of public interest or connected to the exercise of public powers granted to the data controller or to pursue the legitimate interest of the data controller or of third parties, while awaiting the check concerning the possible prevalence of the legitimate reasons of the data controller over those of the data subject.
  • The right to data portability, i.e. the right to receive in a structured, commonly used format that can be read by an automatic device, the personal data concerning him/her, provided to the data controller, with the right to forward such data to another data controller with no barrier by the data controller it was provided to, as well as the right to obtain the direct transmission of the personal data from one data controller to the other, if technically feasible, should the processing be based on the consent or on a contract and the processing is performed with automated means. This right is without prejudice to the right to erasure.
  • The right to object, i.e. the right of the data subject to object at any time, for reasons connected to his/her particular situation, to the processing of the personal data that concerns him/her, performed because it is necessary in order to execute a task of public interest or connected to the exercise of public powers granted to the data controller or to pursue the legitimate interest of the data controller or of third parties. Should the personal data be processed for direct marketing purposes, the data subject has the right to object at any time to the processing of the personal data that concerns him/her carried out for these purposes, including profiling to the extent that it is connected to this direct marketing.

The data subject is then informed that, in the event he/she deems the processing of his/her personal data to be taking place in breach of GDPR provisions, he/she has the right to lodge a complaint before a supervisory authority, as provided for by art. 77 of the Regulation or to bring the issue before the competent courts (art. 79 of the Regulation).