16 November 2022
The Data Controller on this Website is Complife group, based in Via Guido Rossa 1, 20024 Garbagnate Milanese (MI), Italy.
How Personal Data Is Being Processed
The Personal Data provided or acquired will be subject to processing based on the principles of correctness, lawfulness, transparency and protection of confidentiality in accordance with current regulations. The Data Controller processes your Personal Data by taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The Processing is carried out through IT and /or telematic tools, with organizational methods and with logics closely related to the indicated purposes.
Purposes of the Processing of Personal Data and law fullness
The data controller, in relation to his purpose, may collect user data spontaneously provided (ex. contact forms) or through automated tools (cookie); after processing, the data will be deleted immediately or, in case of persistent cookies, after the period necessary for their operation.
The purposes (Below)
User data will be processed:
a) to follow up the specific requests addressed to the Data Controller by the User for communications of an informative nature related to the Services of the same Data Controller, through e-mails. This processing is optional and based on your consent, however failure to communicate one or more Data will make it impossible to respond to the request for information and to use the services offered by the Data Controller;
b) To provide a quote if you request it;
c) To collect the join of voluntary users if they want to collaborate with the company;
d) to carry out statistical analysis on aggregated and anonymous data to analyze the User’s behaviors to improve the products and services provided by the Data Controller as well as to meet the expectations of the User;
e) for other finalizations linked to those indicated above and in any case included in the activities of the Website;
Lawfullness of processing:
1) Consent to answer to requests for general information;
2) pre-contract to answer to requests of quote;
3) Consent, pre contract, legitimate interest, legal obligation ? to collect data relating to volunteers.
Categories of Data processing
In this website there are different data processing, in particular related to: Email, surname e name, telephon number, address, IP address. Personal Data may be provided voluntarily by the User when using the Website, by completing the contact form. The optional, explicit and voluntary sending of e-mails via the Contact Form or by means of the addresses indicated on this Website, entails the subsequent acquisition of the sender’s address, necessary to respond to requests, formalize a quote and collect spontaneous applications for the position of volunteer. The consent to the provision of data by the User is necessary to be involved in the Data Controller’s database and for the purposes of establishing and properly carrying out what it offers to its Users, as well as to third parties, for the fulfillment of the individual activity requested. Failure to provide consent, therefore, prevents registration in the Data Controller’s databases, the completion of any contracts, as well as the execution of the same and any other possible activity of this website.
Categories of recipients to whom the personal data are disclosed
In addition to the Data Controller, in some cases, may have access to the Data:
a) categories of specially persons involved in the organization of the website (administrative, commercial, marketing, legal, system administrators)
b) external subjects (such as third party technical service providers, hosting providers, IT companies, communication agencies) also appointed as Data Processors by the Data Controller pursuant to art. 28 GDPR. The updated list of Data Processor, if appointed, can always be requested from the Data Controller;
c) public or private subjects who can access the Data in compliance with legal obligations;
Retention period of personal data
As expressly provided for by the art. 5, co. 1, lett. e) of the GDPR, the Data are kept for the time necessary to process them in relation to the performance of the service requested by the User, or required by the Purposes described in this document and in particular:
a) The data collected for purposes related to the legitimate interest of the Controller will be retained until this interest is satisfied;
b) The Data collected on the basis of the User’s Consent may be kept until this Consent will be revoked;
c) The data collected for fiscal / administrative obligations or contractual obligations will be kept for the time necessary to carry out the purposes and in accordance with the provisions of the law, for a period not exceeding the dispositions of civil law and in any case for a period not exceeding 10 (ten) years;
d) The User can always request the interruption of the processing or the cancellation of the data.
Transfer of personal data outside the EU.
The data is processed in the structures in which the Data Controller operates.
In cases of data transfer within non-EU countries, the Controller will ensure that valid contractual protection is put in place in order to safeguard user data.
Tools used for the processing of personal data
Mailing list and management
These services can manage a database of email contacts to communicate with users. These services may allow access to the data relating to the data and the time the messages are displayed by the User, as well as the User’s interaction with them, such as information on clicks on links inserted in messages. The site does not use a newsletter service; consequently the data accessed through the form will be retained for the sole purpose of accomplish the user’s request. If the user is already a customer, on the basis of legitimate interest, communications may be sent by e-mail but no later than a period of 24 months if the user has no commercial relations with the company during this time.
Security of data processing
This website has an SSL certificate and uses the HTTPS protocol to make sure the moment in which Personal Data is entered. With the use of this protocol, transactions and data that are transmitted on websites take place with maximum security and the content of the communication is not read or manipulated in any way by third parties.
The statistical service allows the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior. This website uses the following services:
Open-source analytics platform that provides relevant and reliable insights into user behaviour. Matomo ensures GDPR compliance:
- Data anonymization
- GDPR Manager
- Users can opt-out of all tracking
- First-party cookies by default
- People can view the data collected
- Capabilities to delete visitor data when requested
- The data is not used for any other purposes (compared to Google Analytics)
- IP anonymization
- Visitor log and profiles can be disabled
- Data is stored in the EU (Matomo Cloud) or in any country of your choice (Matomo On-Premise)
Exercising the personal data access right and other rights
The data controller will provide to ensure that the requests of data subjects relating to the exercise of their rights are dealt within 30 days (if the conditions exist). After this period, the data subject may lodge a complaint with the authority.
Right of access (art. 15 GDPR)
Users will be able to request a copy of their data from the Controller and be informed on the duration and criteria used for their conservation.
Right to rectification (art. 16 GDPR)
The data subject has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay.
Right to erasure (‘right to be forgotten’) (art. 17 GDPR)
Users can request the deletion of their data. The Controller, for his part, will have to communicate to other subjects (controllers, processors, etc.) involved in the processing of the data, the manifest request of the user, in order to they can delete the data too.
Right to restriction of processing (art. 18 GDPR)
If one of the following situations exist:
- data subjects disputes the accuracy of personal data
- the processing is unlawful and the data subjects opposes the cancellation of personal data
- the data are necessary for the data subject to ascertain, exercise or defend a right in court, while the data controller no longer serves the purposes of the processing
- the data subject opposed the processing and are awaiting the necessary checks to determine whether the legitimate reasons of the data controller prevail over those of the data subject
Right to data portability (art.20 GDPR)
If the conditions exist, the data subject has the right to receive in a structured format, commonly used and legible, the information relating to personal data concerning him provided to a Controller and transmit them to a second Controller without hindrance.
Methods of exercising rights
Users can exercise the rights:
mail to: Complife Italia SRL, con sede in Via Guido Rossa 1, 20024 Garbagnate Milanese (MI), Italy.
e-mail to: [email protected]