updated to Regulation (EU) 2016/679 (European General Data Protection Regulation)
A specific disclosure is normally published in the Website sections where the personal data of the Data Subject are collected in accordance with article 13 /15 of Regulation EU 2016/679.
Where provided under Regulation (EU) 2016/679, consent by the Data Subject will be requested before processing his/her personal data. If the Data Subject provides personal data of third parties, he/she must ensure that the communication of the data to Digital Group S.r.L. and the subsequent processing for the purposes specified in the applicable privacy disclosure complies with Regulation (EU) 2016/679 and applicable law.
Digital Group s.r.l. with registered office in Turin, via Spalato n. 59
email address of the data controller for the privacy communications: firstname.lastname@example.org
Processing personal data refers to any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other way of making it available, alignment or combination, restriction, erasure or destruction.
We hereby inform you that the personal data subject to processing may comprise - also in accordance with the Services used - an identifier such as the name or email address or an identification number or password or data on the location and/or other data that could identify it or make it identifiable in accordance with the type of Services used (hereinafter “Personal Data”).
More specifically, the Personal Data processed through the Website are as follows:
The ICT systems and software procedures that make the Website function acquire, during their normal operation, some Personal Data, whose transmission is implicit when using Internet communication protocols. This is information that is not collected to be associated with the data subjects identified, but information, that by its nature, could, through processing and association with data held by third parties, allow the users to be identified. IP addresses or domain names of the computers used by the users who connect to the Website belong to this category, along with the addresses with URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used when submitting the request to the server, the size of the file obtained in response, and the numerical code indicating the status of the data response from the server (successful, error, etc.) and the other parameters relating to the operating system or the IT environment of the Data Subject. The data are only used to obtain anonymous statistical information on the use of the Website and the websites of our customers, and to ensure that it is working properly to identify anomalies and/or misuse, and are erased immediately after processing. The data can be used to ascertain responsibility if there are any computer crimes that damage the website or third parties: subject to this possibility, as things stand the data on the web contacts do not last for longer than fourteen days, unless a request is made by the Data Subject (for example access to the personal pages of the Data Subject in Register.it that summarises the services used, the information published, etc.).
The personal data are stored and processed through both the computer systems owned by Digital Group S.r.L., and managed by third party suppliers of technical services located in the European Union; for more details, please refer to the section “Range of accessibility of the personal data ” below. The data are processed exclusively by authorised staff specifically in charge of processing, including the staff in charge of carrying out extraordinary maintenance operations.
Digital Group S.r.L. can process the common personal data of the Data Subject for the following purposes:
to send the Data Subject newsletters, promotional materials and/or marketing communications relating to the Company’s services, at the addresses indicated, both through and/or by means of traditional contacts (such as paper mail, telephone calls with operators, etc.) and automated methods (such as communication by Internet, fax, emails, SMS, applications for mobile devices such as smartphones and tablets - known as Apps -, social network accounts - for example through Facebook or Twitter or YouTube or LinkedIn -, etc.) and for market research.
The personal data are processed in paper form and electronically, and entered onto the company computer system in full compliance with Regulation (EU) 2016/679, including the security and confidentiality requirements and in accordance with the principles of honesty and lawfulness of the processing. In accordance with Regulation (EU) 2016/679, the data are stored and held for:
Digital Group S.r.L. undertakes to protect the security of the personal data of the Data Subject and comply with the security provisions as provided under applicable law in order to avoid the loss of data, unlawful or invalid use of the data and unauthorised access to the data. Additionally, the computer systems and computer programmes used by Digital Group S.r.L. are configured to minimise the use of personal data and identifiers; these data are processed only to achieve the specific purposes pursued each time. Digital Group S.r.L. uses multiple advanced security and procedural technologies to help protect the personal data of the Users; for example, the personal data are stored on secure servers located in places where access is protected and monitored and situated in Italy and/or the European Union. The Data Subject may help Digital Group S.r.L. update and keep his/her personal data correct, by informing it of any change of his/her address, job title, contact information, etc.
The personal data of the Data Subject may be communicated:
The personal data of the Data Subject may not be disclosed.
The Data Subject will have to give his/her personal data for the following reasons: to allow Digital Group S.r.L. to manage the communications and requests that come from the Data Subject or to contact the Data Subject again to follow up on his/her request. This type of data is marked by an asterisk [*] and in that case, the data must be provided so that Digital Group S.r.L. can follow up on the request which could not be fulfilled otherwise. On the other hand, the collection of any data that are not marked with the asterisk is optional; failure to provide the optional data will not result in any consequences for the Data Subject.
Giving the personal data by a Data Subject for marketing purposes, as specified in the section “Processing Purposes and Methods” is optional and the refusal to give it will not result in any consequences. The consent given for marketing purposes extends to sending communications through both automatic and traditional procedures and/or means of contact, as described above.
Art. 15 (right of access), 16 (right to rectification) of Regulation (EU) 2016/679
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) the existence of automated decision-making, including profiling, and at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Right pursuant to article 17 of Regulation (EU) 2016/679 - right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the Data Subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
c) the Data Subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of Regulation (EU) 2016/679.
Right pursuant to article 18 - Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1), Regulation (EU) 2016/679 pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right pursuant to article 20 - Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller
The Data Subject has the right to amend or withdraw consent to processing his or her personal data, sending a registered letter with notice of receipt to the following address: Digital Group S.r.L., via Spalato 59 10141 Turin, Italy, with a copy of your ID attached, and the following text: “I withdraw consent to processing all my personal data”. After this operation, your personal data will be removed from the files as quickly as possible.
The Data Subject also has the right to amend or withdraw consent to the processing with respect to receipt of the data for marketing purposes, via the Internet, using the applicable cancellation tool at the end of the newsletter and other marketing information received from the Digital Group S.r.L.
If the Data Subject wishes to obtain more information on the processing of his/her personal data or exercise the rights described in point 12 above, he/she may send a registered letter with notice of receipt to the following address: Digital Group S.r.L. Marketing office, 10141 Turin, via Spalato n. 59, Italy. Before providing or changing any information, it may be necessary to check your identity and answer some questions. A response will be given as soon as possible.