More

Contact

  • ITALY Via Artigiani, 37
    23874 Montevecchia (LC)
  • CONTACT tel. +39 039 578 051
    mail@amarc.com

Privacy Policy – To Customers

WHO IS THE DATA CONTROLLER? HOW TO CONTACT HIM?

The Data Controller is Amarc S.r.l., with registered office in Montevecchia (LC), via Artigiani n. 37, in the person of its pro‐tempore Legal Representative, whom you can contact for any information by telephone 039 578051, e‐mail privacy@amarc.com.

 

MAIN DEFINITIONS

Personal data: any information relating to an identified or identifiable natural person (‘data subject‘); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological identity of that natural person, genetic, mental, economic, cultural or social.
Contractor/User Data.
‐ ‘contractor’ means any natural person, legal person, body or association which is a party to a contract with a provider of publicly available electronic communications services for the provision of such services, or otherwise recipient of such services by means of prepaid cards;
‐ ‘user’ means any natural person who uses a publicly available electronic communications service, for private or commercial reasons, without necessarily being a subscriber to it.

 

PURPOSE OF THE PROCESSING, LEGAL BASIS, RETENTION PERIOD, NATURE OF THE PROVISION

PURPOSE OF THE PROCESSING

A) Fulfilment of contractual obligations and administrative‐accounting and legal purposes related to the establishment, execution and termination of the contractual relationship.
B) Direct marketing, automated “soft‐spam” via e‐mail: the data controller will use, for the purpose of direct sales of its products or services, the e‐mail coordinates provided by the data subject in the context of the sale of a product or service, without requiring the consent of the data subject, for promotional and commercial communications and newsletters on  services similar to those subject to the sale and the data subject, adequately informed, does not refuse such use, initially or on the occasion of subsequent communications. The interested party, at the time of collection and on the occasion of sending any communication made for the purposes referred to in this paragraph, is informed of the possibility of objecting to the processing at any time, easily and free of charge.
In order to compare and possibly improve the results of   communications, the Data Controller uses systems for sending newsletters and promotional communications with reports. Thanks to the reports, the Data Controller will be able to know, for example: the number of readers, openings, unique “clickers” and clicks; the devices and operating systems used to read the communication; details of individual users’ activities; the details of e‐mails sent, e‐mails delivered  and undelivered, of those forwarded. All this data is used for the purpose of comparing,  and possibly improving, the results of the communications.
C) Preventing and conducting litigation and other legal matters and for the defense in the event of a lawsuit.
D) Management of requests regarding the protection of personal data and requests from other data subjects, pursuant to Articles 15 et seq. of the GDPR (rights of the data subject).
E) Management control aimed at guiding management towards the achievement of the objectives established during operational planning, detecting, through the measurement of specific indicators, the deviation between planned objectives and results achieved and informing the responsible bodies of these deviations, so that they can decide and implement the appropriate corrective actions.

LEGAL BASIS

A) The data processing is necessary for the performance of a contract (C44). Art. 6 (1) (b) GDPR.
B) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (C47‐C50). Art. 6 (1) (f) GDPR and Article 130, paragraph 4 of Legislative Decree 196/2003.
C) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (C47‐C50). Art. 6 (1) (f) GDPR.
D) The processing is necessary for compliance with a legal obligation to which the controller is subject (C45). Art. 6 (1) (c) GDPR.
E) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (C47‐C50). Art. 6 (1) (f) GDPR.

PERIODO DI CONSERVAZIONE DATI

A) 10 years. Article 2220 of the Italian Civil Code, except for contractual and non‐contractual issues that may arise and unless otherwise required by law.
B) Until Opposed (opt‐out).
C) 10 years, unless objectiond and without prejudice to the time necessary for the defence in court.
D) 5 years from the closing of the request, except for litigation.
E) Maximum 10 years, unless objectioned.

NATURA DEL CONFERIMENTO

A) The provision of personal data is necessary for contractual purposes. Failure to provide the necessary personal data will make it impossible to establish a contractual relationship with the data subjects.
B) The provision of data is optional. Failure to provide the necessary data will make it impossible to receive direct marketing communications via e‐mail (soft‐spam).
C) The provision of data is necessary.Failure to provide data will prevent the achievement of the legitimate interest of the Data Controller indicated in the purposes of this point. The refusal must be balanced with the legitimate interest of the Data Controller indicated in the purposes of this point.
D) The provision of personal data is mandatory, as it is essential to be able to comply with legal obligations.
E) The provision of data is necessary to allow the Data Controller to carry out management control. Failure to provide data will prevent the achievement of the legitimate interest of the Data Controller indicated in the purposes of this point. The refusal must be balanced with the legitimate interest of the Data Controller indicated in the purposes of this point.

 

 TO WHOM WILL THE PERSONAL DATA BE COMMUNICATED? DATA RECIPIENTS

The data will not be disseminated. Personal data will be communicated to subjects who will  process the data as independent Data Controllers, or Data Processors (Article 28 of the  GDPR) and processed by natural persons (Article 29 of the GDPR) who act under the authority of the Data Controller and the Data Processors on the basis of specific instructions provided regarding the purposes and methods of the processing. The data will be communicated to recipients belonging to the following categories:

  • subjects, based in Italy, who manage/support/assist, even if only occasionally, the Data Controller in the administration of the Information System and telecommunications networks (including e‐mail, websites and/or web platforms);
  • entities, based in Italy, provided for by current accounting and tax legislation as recipients of mandatory communications;
  • banking institutions and equivalents, based in Italy;
  • subjects, based in Italy, with whom the Data Controller has entered into economic agreements;
  • firms or companies, based in Italy, in the context of tax assistance and consultancy and administrative/accounting management;
  • certification bodies and companies, based in Italy;
  • for direct marketing to subjects for the management of marketing and communication activities, based in Italy;
  • Competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request.

The list of Data Processors under Article 28 is available by writing to privacy@amarc.com. or to the other contact details indicated above.

 

IS THERE A DATA TRANSFER TO A COUNTRY OUTSIDE THE EEA?

Personal data will not be transferred to non‐EEA countries. It should be noted, in particular, that the data will be stored in Italy and that the recipients of the data are based in Italy.

 

IS THERE AN AUTOMATED PROCESS?

Personal data will be subject to traditional, electronic and automated manual processing. It should be noted that fully automated decision‐making processes are not carried out.

 

RIGHTS OF THE DATA SUBJECTS

The interested parties will be able to assert their rights as expressed by art. 15 et seq. GDPR, by contacting the Data Controller at the e‐mail address: privacy@amarc.com., or by writing to the contacts indicated above. The Data Controller guarantees data subjects the possibility of requesting, at any time, access to their personal data (art.15), rectification (art.16), cancellation of the same (art.17), limitation of processing (art.18). The Data Controller shall communicate (art. 19) to each of the recipients to whom the personal data have been transmitted, any rectifications or cancellations or limitations of processing carried out. The Data Controller shall notify the data subjects who request such recipients.

The Data Controller guarantees the right to portability (Article 20) and, in the event of requests pursuant to Article 20, will provide data subjects with the data in a structured, commonly used and machine‐readable format.

Data subjects have the right to object (art.21), at any time, to the processing of data based on legitimate interest, by writing to the contacts indicated above with the subject “opposition”. In the event of exercising the right to object to processing based on legitimate interest, the Data Controller recognises the possibility for data subjects to obtain, upon request, information on the balancing test carried out.

If you no longer wish to receive automated direct marketing communications (e‐mail), please send an e‐mail to the address privacy@amarc.com. with the subject “Automated unsubscribe” or to use the automatic unsubscribe systems provided for e‐mails only (opt‐ out). In the event that data subjects believe that the processing of personal data carried out by the Data Controller is in violation of the provisions of Regulation (EU) 2016/679, they are free to lodge a complaint with the National Supervisory Authority, in particular in the Member State in which they habitually reside or work, or in the place where the alleged violation of the Regulation occurred (Garante Privacy https://www.garanteprivacy.it/) or to bring the matter before the courts.

 

POLICY CHANGES

The owner may change, modify, add or remove any part of this Privacy Policy. In order to facilitate the verification of any changes, the information will contain an indication of the date on which the information was updated.