Privacy & Cookie Policy
Privacy Policy
On 25th May 2018, the new General Data Protection Regulation 2016/679 (GDPR) is fully applicable. In order to correctly comply with the provisions and be compliant with the new Regulations, Imagicle S.p.A is particularly dedicated to protecting its Customers, Suppliers, Partners and Employees’ (or potential) privacy and data processing.
General
In compliance with the provisions of articles 13 and 14 of EU Regulation 2016/679 (hereinafter «GDPR»), in the context of the protection of personal data, Imagicle S.p.A. (hereinafter «Imagicle») provides Data Subjects with the following information.
Contact details of the Data Controller
The Data Controller of your personal data is Imagicle S.p.A, responsible for the lawful and correct use of your personal data, and who you may contact for any information or requests at the following addresses:
Registered office: Via Fondacci, 272 – 55054 – Massarosa
Other offices: Via Murri, 24 – int. 27/29 – 20013 – Magenta (MI), Via Sile, 17/B – 31057 – Silea (TV)
Telephone: +39.0584.943232
Fax: +39.0584.943325
E-mail: administration@imagicle.com
Certified Email: imagicle@legalmail.it
You may furthermore address the Data Protection Officer to acquire information and forward requests regarding your data or to communicate disservices or any problem you may have encountered at the following addresses:
Name: Aksilia S.r.l.
Registered office: Via Fontana 22 – 20122 – Milano (MI)
Telephone: +39.02.40703351
E-mail: aksilia@aksilia.com
Certified Email: consiliasrl@pec.it
in the person of the reference manager, Dr. Battaglia Chiara, reachable at the above mentioned contact data and at the following cellphone number: +39.3478267770.
Types of data processed purposes and legal basis
The personal data processed are collected as provided directly by the User / Data Subject or collected automatically through the site.
Data provided directly by the User/Data Subject
The data provided directly by the User / Data Subject are all personal data entered by the same within the site or which in any case are provided to the Data Controller in any manner. These data will be processed in compliance with the guarantees of privacy and security measures required by current legislation, including the help of electronic tools directly and/ or through third parties, for the purposes set out below together with the legal basis of reference:
PURPOSES | PROCESSED DATA | LEGAL BASIS | |
---|---|---|---|
A | Purposes strictly related to the execution of contractual and pre-contractual measures and to respond to specific requests from the Data Subject | • personal and contact data • payment data and other financial data • data relating to debt behavior, economic solvency and the presence of judicial measures • data relating to the activated services | Processing necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract. – Art. 6 paragr. 1 lett. b) |
B | Purposes related to the fulfillment of fiscal, accounting and other legal obligations | • personal and contact data • payment data and other financial data • data relating to debt behavior, economic solvency and the presence of judicial measures • data relating to the activated services | Processing necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract. – Art. 6 paragr. 1 lett. b) |
C | Exercise of rights of the Data Controller, e.g. the right of defence in court. | • personal and contact data • payment data and other financial data • data relating to debt behavior, economic solvency and the presence of judicial measures • data relating to the activated services | Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party. – Art. 6 paragr. 1 lett. f) |
D | Purposes related to the protection of credit and corporate assets | • personal and contact data • payment data and other financial data • data relating to debt behavior, economic solvency and the presence of judicial measures • data relating to the activated services | Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party. – Art. 6 paragr. 1 lett. f) |
E | Creation of statistics and archives of solved cases for analysis aimed at improving the services | • personal and contact data • payment data and other financial data • data relating to debt behavior, economic solvency and the presence of judicial measures • data relating to the activated services | Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party. – Art. 6 paragr. 1 lett. f) |
F | Direct marketing: communication and/ or sending, also with automated methods, of promotional, advertising and information material, surveys or market research through telephone channels, sms, e-mail, social networks, and online advertising platforms | • personal and contact data • data relating to the activated services | The Data Subject has given consent to the processing of his or her personal data for one or more specific purpose. – Art 6 paragr. 1 lett. a) |
G | Marketing on existing customers: sending of communications related to contracted products/ services and/ or in use to the End-Users and/ or products/ services similar to those already contracted (newsletters, webinars, events, training activities, product updates etc.). | • personal and contact data • data relating to the activated services | Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party. – Art. 6 paragr. 1 lett. f) |
H | Indirect marketing: communication of data to related and/ or associated companies, to commercial partners and third parties so that they can make you a recipient of marketing communications | • personal and contact data • data relating to the activated services | The Data Subject has given consent to the processing of his or her personal data for one or more specific purposes. – Art 6 paragr.1 lett. a) |
The Data Subject assumes responsibility for the personal data of third parties obtained, published or shared with the Data Controller and guarantees to have the right to communicate or disseminate them, freeing the Data Controller from any liability to third parties.
Data collected automatically through the site
The automatically collected data are the information collected automatically through the site also from third-party applications integrated therein, including for example: the IP addresses or domain names of the computers used by the User / Data Subject who connects to this site, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the Application, with particular reference to the sequence of pages consulted, to the parameters relating to the operating system and the IT environment of the User / Data Subject. Complete details on each type of data collected are provided in the dedicated sections of the cookie policy of this site.
The automatically collected data are processed exclusively for the purposes for which they are collected, as described below.
The Data Controller processes the data provided by the Data Subject to allow the site to function, to allow the display of content from external platforms, for statistical purposes, optimization and distribution of traffic and marketing in addition to the additional purposes described in this Document and in the Cookie Policy.
Compulsory or optional nature of the provision of data and consequences of a refusal to provide
The nature of the provision of your personal data is mandatory so that the Data Controller can fulfill the obligations deriving and arising from the contractual and/ or pre-contractual relationship, as well as those imposed by law or regulations. Failure to provide your personal data may determine the impossibility to establish or continue the contractual and pre-contractual relationship to the extent that such data are necessary for its execution. If the processing of data is based on your consent, the provision of your data is optional and the non-acceptance and provision does not entail any consequences. In case of lack of consent, your data cannot be processed for the purpose described. Unless otherwise specified, all the data required for browsing the site are mandatory, if the User / Data Subject refuses to communicate them, it may be impossible for this Application to provide the Service. In cases where some data are indicated as optional, Users / Interested parties are free to refrain from communicating such data, without this having any consequence on the availability of the Service or on its operation. When accessing any page of the Site, there is a Banner through which the User / Data Subject can give their consent to the use of cookies.
If you have any doubts about which data is mandatory, we encourage you to contact us.
Processing methods
The Data Controller adopts the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data.
The processing is carried out using IT and/ or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
Recipients of the personal data
Your data may be communicated, in addition to the personnel assigned to the processing, also to the following subjects also appointed, if necessary, as Data Processors by the Data Controller:
- Private and public entities for the performance of administrative and legal practices in compliance with the provisions of EU Reg. no. 679/2016
- Consultants and companies that assist the Data Controller from an IT, infrastructural point of view and for the management of communication networks
- Professionals, consortia and service companies and professional firms in the field of assistance and consultancy relationships (e.g. from a tax, commercial, legal, communication point of view, etc.)
- Banks and credit institutions
- Other companies and professionals who collaborate with the Data Controller for the performance of the services covered by the contract/ assignment
- Insurance companies
- Subsidiary or associated companies
The updated list of Data Processor can always be requested from the Data Controller. The data will not be subject to other methods of dissemination.
Place processing
The data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located.
The data provided directly by the User / Data Subject and collected automatically could be transferred in a different country than the one in which the User / Data Subject is located outside the European Economic Area. In this case Imagicle Spa ensures that the processing of your personal data by these subjects to whom the data is transferred takes place in compliance with the European Regulation 679/2016, all always in compliance with the principles indicated in art. 45 of the GDPR 2016/679 relating to the existence of an adequacy decision by the European Commission, or in the absence of such decisions in compliance with art. 46 relating to the transfer in the presence of appropriate safeguards or in compliance with Article 49 paragraph 1 letter b) – transfer necessary for the execution of a contract concluded between you and the Data Controller or for the execution of pre-contractual measures.
For more information, please contact the Data Controller.
Retention period
Data provided by the user/Data subject
The personal data provided directly by the User / Data Subject collected for the purpose referred to the scopes letters A, B, C and D will be processed and stored for the period of time necessary to pursue the aforementioned purposes and in any case no longer than the legal retention times provided for by law, currently 10 years from the time of termination of the contractual relationship if there is one active or no later than 10 years from collection for all other Data Subjects. In the event of a pending trial, the data will be processed until they are terminated. Furthermore, the Data Controller may be obliged to keep personal data for a longer period in compliance with a legal obligation or by order of an authority.
Personal data collected for marketing purposes on existing customers referred to the scope letter G will be processed and stored for the period of time necessary to pursue the aforementioned purposes and in any case no later than the termination of the contract. In the case of perpetual licenses, the data will be kept until the consent is revoked by the User / Data Subject.
The personal data collected for the purposes of creating statistics and archives of the resolved cases, referred to the scope letter E, will be processed and stored for the period of time necessary to pursue the aforementioned purposes and in any case no later than 3 years from their collection.
The personal data collected for direct and indirect marketing purposes, referred to the scopes letters F and H, will be processed and stored for the period of time necessary to pursue the aforementioned purposes and in any case no later than 2 years from their collection.
At the end of the retention period, the personal data will be deleted. Therefore, at the end of this term the rights of access, cancellation, rectification and the right to data portability can no longer be exercised.
Data collected automatically through the site
The automatically collected data will be retained for the period better specified in the Cookie Policy.
At the end of the retention period, the personal data will be deleted. Therefore, at the end of this term the rights of access, cancellation, rectification and the right to data portability can no longer be exercised.
Rights of the user/data subject
We inform you that as Data Subject you have, in addition to the right to submit a complaint to the Supervisory Authority, the rights listed below, which you can exercise by making a specific request to the Data Controller and/or the Data Processor, contacting him at the addresses indicated in point “Contact details of the Data Controller”.
GDPR REGULATORY REF. | RIGHTS OF THE DATA SUBJECT |
Art. 13, 14 – Right to be informed | You have the right to be informed about the rules, guarantees and rights in relation to the processing of your personal data and how to exercise your rights in relation to such processing. In particular, you have the right to have information regarding the specific purposes for which personal data are processed, the legal bases and the expected retention times |
Art. 15 – Right of access | You have the right to obtain from the Controller, confirmation as to whether or not your personal data are being processed, and where this is the case, access to the personal data and information regarding the processing. |
Art. 16 – Right of rectification | You have the right to obtain from the Controller without undue delay, the rectification of inaccurate personal data. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, also by means of providing a supplementary statement. |
Art. 17 – Right of erasure (right to be forgotten) | You have the right to obtain from the Controller, the erasure of your personal data without undue delay and the Controller is obliged to erase the personal data without undue delay. |
Art. 18 – Right to restriction of processing | You have the right to obtain from the Controller, restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data b) the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims d) the data subject has objected to processing pursuant to Art. 21, paragraph 1, pending the verification whether the legitimate grounds of the controller override those of the data subject |
Art. 20 – Right to data portability | You have the right to receive data in structured, commonly used and machine-readable format automatized devices, and have the right to transmit such data to another Controller without hindrance from the Controller to which the data has been given. In exercising your rights regarding data portability, you are entitled to have the data transmitted directly from one Controller to the other, where technically feasible. |
Art. 21 – Right to object | You have the right to object at any time to the processing of your personal data on grounds relating to your personal situation, based on Art. 6, paragraph 1, letters e) or f), including profiling based on those provisions. If you provided your consent to one or more specific objectives, you have the right to revoke that consent any time. |
Art. 22 – Right to automated decision making, including profiling | You have the right not to be subjected to a decision based solely on automated processing including profiling, which produces legal effects concerning yourself or similarly affecting you. |
Data Subject/Access Request
A Data Subject Access Request can be made via any of the following methods: email, fax, post, contact form from corporate website or any other method. To make this process easier, data subjects can reach out to us at the following email address: dpo@imagicle.com or via PEC at imagicle@legalmail.it.
Upon receiving a request, Imagicle commits to providing information regarding the request without unnecessary delay and within a maximum of 30 days from the date of receipt. If required, due to the complexity or volume of requests, this period may be extended by an additional 60 days.
Any information provided by the data subject, as well as any communications and actions undertaken, are free of charge.
In cases where Imagicle has reasonable doubts about the identity of the individual making the request, we may ask for additional information to confirm the identity of the data subject. If more details are needed on the request, we will provide a template form to facilitate the process.