Ersel SIM S.p.A. provides a newsletter service. The data controller collects personal data such as the data subject's e-mail address through a specific section of its website.
Processing shall be consistent with the criteria set out in the European Regulation on the processing of personal data, Reg. 2016/679/EU, in force since 25 May 2018 (hereinafter "GDPR"). According to the legislation concerned, data must be processed in accordance with the principles of fairness, lawfulness, transparency and protection of the data subject's privacy and rights.
1. Data controller
The data controller is Ersel Sim S.p.A., in the person of its legal representative pro tempore, with its registered office at Piazza Solferino, 11 – 10121 Turin, Italy, tel. 0115520111, e-mail email@example.com.
2. Purposes of processing
The personal data shall be collected with the data subject's consent (pursuant to Article 6.1(b) GDPR) and shall be used for the following purposes:
a) to provide periodic information to keep the data subject informed of the data controller's activities, for which consent is not required, since it is functional to providing a service requested by the data subject;
b) the periodic transmission of e-mail messages for commercial marketing purposes, for which express consent is required.
3. Processing methods
The personal data shall be processed by the data controller and duly designated data processors in fair pursuit of the purposes set out in point 2), through the use of electronic systems and paper archives, subject to security measures suited to ensuring the privacy of the personal data and preventing undue access by unauthorised persons. The data controller shall not make use of automated processes, including profiling, to achieve the purposes set out in this policy statement.
4. Disclosure of data
The data may be disclosed to duly authorised internal and external parties responsible for performing activities on the data controller's behalf. The data shall not be transferred to third countries or disseminated (e.g., via social networks, websites, etc.). The data controller shall not make use of automated processes, including profiling, to achieve the purposes set out in this policy statement.
5. Length of processing
The Data Controller shall process the personal data for as long as is necessary to achieve the purposes set out above, and, in any event, for no more than two years from termination of the relationship.
6. Data subject's rights
The data subject has the right to request that the data controller grant access to, rectify, delete and restrict processing of his or her personal data, as well as the rights to object to the processing of his or her data and to request data portability. Such requests may be submitted by e-mail, fax or registered letter indicating in the subject line “request from the data subject” and specifying the right that the data subject wishes to exercise (erasure, rectification, portability, to be forgotten), along with a valid standard or certified e-mail address to which to send the reply. The data controller, or person engaged by the data controller, shall fulfil the request within 30 days of when it is received. If the response is complex, the time required could be extended by an additional 30 days, subject to timely notification of the data subject. If you wish to exercise your rights, you may lodge a complaint with the competent supervisory authority, in Italy the National Privacy Authority, located at Palazzo Monte Citorio 121, Rome.
7. Data Protection Officer (DPO)
The data controller has designated Tiziana Rossi, based in Turin, Piazza Solferino 11, as Data Protection Officer pursuant to Article 37 of Reg. 2016/679/EU. The deed of designation of the DPO is appended to the record of processing kept by the data controller.