INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679
APIcom GROUP, in the person of its legal representative (APICOM s.p.a. via Fratelli Bandiera n.1, Cento (FE), VAT no. 00959620386, Pec firstname.lastname@example.org), as Data Controller, pursuant to Regulation (EU) 2016/679 intends to protect privacy and Personal Data in the performance of its activities.
We therefore invite you, before transmitting any personal data to the Controller, to carefully read the following: the Policy contains important information on the processing of your Personal Data. Personal Data” shall mean any information related to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, by reference in particular to personal data, identification number, location data, online identifier or specific factors referred to his/her physical, physiological, genetic, mental, economic, cultural or social identity.
– is intended for the site www.api-com.group and forms an integral part of the said site;
– is given, pursuant to and for the purposes of Article 13 of the Regulations, to those who use the web services of the Data Controller, by consulting or using the services made available through the Site.
The Data Controller can be contacted for any information or request at the following address: email@example.com
https://api-com.group website, as well as to give free and informed consent to the processing of Personal Data, in compliance with the provisions of the Regulations and in accordance with the principles of lawfulness, correctness, transparency, purpose limitation and conservation, data minimisation, accuracy, integrity and confidentiality.
1. Data Controller
The Data Controller of the processing carried out through the Site APIcom GROUP is APICOM s.p.a., in the person of its legal representative, via Fratelli Bandiera n.1, Cento (FE), VAT no. 00959620386, Pec firstname.lastname@example.org
2. Personal Data Subject to Processing
Following your navigation of the Site, we inform you that the Data Controller will process your Personal Data, which may consist of an identifier such as your name, an identification number, an online identifier or one or more characteristic elements of your physical, economic, cultural or social identity capable of making the person concerned identified or identifiable.
Other Personal Data may also be processed freely provided by the data subjects. Any sensitive data, as referred to in Art. 9.1 Reg. 2016/679/EU should not be processed unless explicit consent is given by the data subject.
a. Navigation data
The computer systems and procedures used to operate the Site, acquire, during their operation, some Personal Data whose transmission is implied in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or the domain names of the computers used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the code indicating the status of the reply given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to asses responsibility in case of hypothetical computer crimes against the site or third parties: except for this possibility, at present, the data on web contacts do not persist for more than seven days.
b. Data provided voluntarily by the data subject
We may process personal and/or contact data such as name, surname, email and telephone number.
If the data subject communicates Personal Data of third parties, he/she shall ensure – assuming all responsibility – that this process is based on a suitable legal basis pursuant to art. 6 of the Regulation, which legitimizes the Data Controller to receive such data and carry out the processing operations thereof.
3. Purpose of processing
The data processing we intend to carry out may have the following purposes:
a. To enable the provision of the Services requested such as:
site content sharing;
b. reply for assistance or info request;
c. to fulfil any legal, accounting and tax obligations;
d. to assert or defend rights in court, in case of abuse of the Site and/or Services or for contractual or non-contractual disputes.
4. Legitimate and mandatory bases or optional processing
The lawful basis for the processing of Personal Data for the above purposes is art. 6.1.b) of the Regulation as the processing is necessary for the provision of the Services or to meet the requests of the data subject. The provision of Personal Data for these purposes is optional but failure to provide such data would make it impossible to activate the Services provided by the Site.
The purpose referred in section 3, letter c) represents a processing of Personal Data carried out pursuant to art. 6.1.c) of the Regulation, in order to comply with a legal obligation. Once the Personal Data has been provided, the processing is indeed necessary to comply with a legal obligation to which the Data Controller is subject. Processing for the purposes referred to section 3(d) would be carried out pursuant to Article 6.1(f) of the Regulation.
5. Recipients of Personal Data
Your Personal Data may be shared, for the purposes set out in section 3 above, with:
– a. subjects that typically act as external data controllers pursuant to art. 28 of the Regulations e.g. persons, companies or professional studios that provide assistance and consultancy to the Data Controller in accounting, administrative, legal, tax, financial and credit recovery matters related to the provision of Services; subjects whom it is necessary to interact with, for the provision of the web site services; subjects delegated to carry out technical maintenance activities of the IT devices and network systems; the list of external data controllers in charge of data process can be requested by the Data Controller.
– b. subjects, entities or independent authorities, as data controllers, to whom the communication of Personal Data is mandatory, in reason of legal provisions or authorities orders;
– c. persons authorised by the Data Controller to process Personal Data pursuant to article 29 of the Regulation necessary to perform activities strictly related to the provision of the Services, who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees).
6. Data Retention
The Personal Data processed will be kept for the time strictly necessary to achieve those purposes according to the principles of minimisation and limitation of storage pursuant to art. 5.1.e)
of the Regulation. In any case, the Controller will process Personal Data for the time necessary to fulfil contractual and legal obligations. Further information regarding data retention period and the used criteria to determine this period may be requested in writing to the Data Controller.
7. Rights of the Data Subjects
Pursuant to articles 15 and following of the Regulation, every data subject has the right to request at any time, access to his/her Personal Data, adjustment or cancellation of the same, process restriction in the cases provided by art. 18 of the Regulation and obtain a structured commonly used format, readable by automatic device, in the cases provided for by art. 20 of the Regulation. At any time, he/she may revoke the consent given; issuing a complaint to supervisor authority (for Italy is “Garante per la Protezione dei Dati Personali”), if he/she considers that the data processing is contrary to the legislation in force.
He/she may oppose the processing of his/her data by expressing justifying reason: in such case, the Data Controller will evaluate the request, rejecting it only in the presence of compelling obligations that legitimise the processing by overriding the rights and freedoms of the data subjects.
All requests must be addressed to the Data Controller in writing, at the addresses available on the web site, as well as indicated in this notice.
Data processing for commercial and promotional purposes
The Customer also gives his/her consent for his/her personal data to be used directly by the Data Controller for commercial, promotional and marketing purposes, including the automated processing of his/her tastes and preferences in order to receive better and more personalised services.
This consent is optional.