INFORMATION ON THE PROCESSING OF PERSONAL DATA
(EU Regulation 2016/679 art.13 on the processing of Personal Data)
the protection of personal data is a fundamental value for FOCUS SRL (hereinafter also the Data Controller).
Your personal information will therefore be treated in compliance with the law and the principles of correctness, lawfulness and transparency, and your rights guaranteed as established in the information.
The Data Controller protects the confidentiality of personal data and guarantees adequate security measures against events that could put personal data at risk of violation.
As required by Regulation (EU) 679/2016 of the European Parliament and of the Council (GDPR) and by Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, below are provided to the User, in the his capacity as “data subject”, the information required by law relating to the processing of personal data.
FOCUS SRL, based in Viale delle Milizie, 9 – Rome, operates as the Data Controller and can be contacted at:
firstname.lastname@example.org phone: +39 063723842
Collected data. Processing activities carried out, purposes and legal basis.
The data is collected through the website or in written form.
The categories of data collected are:
- personal data (for example: name, name, surname, physical address, landline and / or mobile telephone, tax code, VAT number, addresses and contacts);
- banking (for example: IBAN and bank / postal data);
- fiscal and economic in nature;
- telematic traffic data (for example logs, IP address of origin, domain names, etc.);
Personal data are freely and spontaneously provided by the data subject by completing the form for requesting information or otherwise when contacting the Data Controller for access to the services and / or products offered, browsing the website. The collection and processing of personal data are necessary for the establishment or execution of the contractual relationship or for the transmission of communications.
The data subject may also allow the processing of their personal data for further purposes.
The Data Controller processes the personal data of the ‘data subject’ (customers, suppliers, website users) for the following purposes:
- a) manage and execute the contact and information requests presented by the data subject;
- b) manage the contractual or pre-contractual relationship;
- c) provide after-market assistance;
- d) fulfill the legal and regulatory obligations to which the Data Controller is required according to the activity carried out;
- e) archiving and conservation;
- f) allow the Owner to exercise their rights;
- g) carry out marketing activities;
- h) carry out statistical analysis for internal use.
The processing of the data subject’s personal data is based on:
- for the purposes indicated under lett. a), b), c): execution of the contract;
- for the purposes indicated under lett. d), e): fulfillment of the Data Controller’s legal obligations;
- for the purpose indicated under lett. f): exercise of a right in court;
- for the purpose indicated under lett. g): the consent of the data subject;
- For the purpose under lett. h): legitimate interest of the owner.
In particular, the data of the subject will be processed, on the basis of the legitimate interest of the Data Controller, for:
- promotional communications on products or services offered that are similar and better than those purchased by the data subject or in which he has expressed an interest;
- conservation to protect rights in the event of a dispute;
- statistical analysis with only anonymized navigation data on institutional sites;
- aggregation of data for the purposes of market research and monitoring of the quality of services;
- georeferencing (meaning the location in which the customer or user exercises his profession with indication on a geographical map);
- sending information and institutional communications via newsletters;
- conservation of a customer / supplier history;
In particular, the data of the data subject will be processed, on the basis of his explicit and specific consent, for:
- promotional communication activities, including newsletters, text messages, mail, telephone contacts and chats on Services / Products other than those purchased by the data subject or towards which the data subject has expressed an interest (only if the data subject has authorized the processing and does not object to this) offered by Partners and brand dealers;
- communication of contact data to Partners, Sponsors, Brand Dealers, as Autonomous Owners.
For such treatments, the data subject has the right to freely revoke the consent given.
Data retention times.
- Contractual data and related to services / products: 10 years following the completion of the contract or longer limitation period;
- Contact details for the newsletter: until unsubscribed;
- Marketing data based on the consent of the data subject: as long as the law allows and, in this case, 24 months for promotional communication purposes, without prejudice to the right of the data subject to withdraw consent even earlier;
- Personal data whose processing is necessary for the pursuit of the legitimate interest of the Data Controller: until the interest is exhausted or the opposition of the data subject is successful;
- Data that integrate accounting records: 10 years from the date of the last registration.
Categories of Recipients of Personal Data
The personal data processed by the Data Controller can be communicated to:
- Freelancers and consultants, within the limits strictly necessary to carry out the tasks entrusted to them, such as, for example, the keeping of accounting books, the correct execution of tax obligations required by law, legal and regulatory assistance, compliance activities.
- External subjects in order to carry out auxiliary activities such as, for example, suppliers of third party technical services, postal couriers, banks, post offices, hosting providers, IT companies, in their capacity as independent Data Controllers or Data Processors.
- Public bodies (such as the Revenue Agency, or Sogei spa) for the fulfillment of legal obligations.
- External parties Partners, Sponsors, Brand Dealers or organizers of the activities sponsored by the Owner such as, for example, conferences, meetings, meetings, conferences, congresses, activities on social platforms.
The updated list of data processors is available at the headquarters of the Data Controller.
Place of processing of the collected data
The data are stored in paper, computerized and telematic archives and processed at the headquarters of the Data Controller and in any other place where the parties involved in the processing are located and in any case in the EEA territory. For more information, you can contact the Data Controller at the addresses indicated.
The transfer of data to a third country or to an international organization is not envisaged, except for the possible use of providers located in the United States and in the presence of an adequacy decision pursuant to art. 45 GDPR.
Rights of the Data Subject
To ensure correct and transparent processing of personal data, we report the list of rights that the data Subject can exercise:
- the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form;
- the right to obtain access to personal data and the following information:
- the purposes of the processing;
- the categories of personal data in question;
- the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
- when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period;
- if the data are not collected from the data subject, all available information on their origin;
- the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject;
- the right to withdraw consent to the processing of personal data previously expressed, at any time;
- the right to obtain a copy of the personal data being processed, provided that this right does not affect the rights and freedoms of others;
- the right to obtain from the Data Controller the correction of inaccurate personal data and the integration of incomplete data concerning him without undue delay;
- the right to obtain from the Data Controller the deletion of personal data concerning him without undue delay, in the event that they are no longer necessary for the purposes of the processing or if this is assumed to be illegal, as long as the conditions envisaged for law and in any case if the processing is not justified by another equally legitimate reason;
- the right to obtain from the Data Controller the limitation of the processing, where its accuracy is disputed, for the period necessary for the Data Controller to verify its accuracy;
- the right to obtain communication from the Data Controller of the recipients to whom the requests for any corrections or cancellations or limitations of the processing carried out have been sent, unless this proves impossible or involves a disproportionate effort;
- the right to receive personal data concerning him in a structured format, commonly used and readable by an automatic device and the right to transmit such data to another Data Controller without impediments by the Data Controller to whom he provided them, in the cases provided for by art. 20 of the GDPR, and the right to obtain the direct transmission of personal data from one Data Controller to the other, if technically feasible.
The data subject can lodge a complaint with the supervisory authority for the protection of personal data, pursuant to art. 77 of the Regulation or to act in court, if it considers that the processing took place in a way that does not comply with the Regulation.
Details on the right to opposition
For reasons relating to the particular situation of the data subject, the same may oppose at any time to the processing of their personal data if it is based on legitimate interest or if it occurs for commercial promotion activities, by sending the request to the Data Controller at the address:
How to exercise your rights
To exercise the rights listed above, the data subject can direct a request to the contact details of the owner indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month of receipt of the request. This deadline can be extended by two months, taking into account the complexity and number of requests. The Data Controller informs the Data Subject of the extension and the reasons for the delay within one month of the request.
Further information in relation to the processing of personal data may be requested at any time from the Data Controller using the contact details.
Further information regarding the rights of the data subject on the protection of personal data can be found on the website of the Guarantor for the Protection of Personal Data, at the web address https://www.garanteprivacy.it/.
Updates to this information
The Data Controller updates this information and each update produces immediate effects on the Data Subject in accordance with the principle of transparency without the need for a specific communication from the Data Controller to that effect.