Privacy Policy
(version 2.0 - April 2023)
This Privacy Policy is designed to provide information on the processing of personal data by Serviceplan Group Italia S.r.l. when the User accesses and browses this website (as specified below)
1. INTRODUCTION - WHO WE ARE
Serviceplan Group Italia S.r.l., with registered office in Milan, via Roncaglia 12, Tax code/VAT No. 08618840964 (hereinafter, the 'Controller'), the owner of the website https://www.house-of-communication.com/it/en.html (hereinafter, the 'Website'), in its capacity as controller of the personal data of users browsing the Website (hereinafter, 'Users'), hereby provides this Privacy Policy pursuant to Art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter, ‘Regulation’ or ‘Applicable Law’).
2. HOW TO CONTACT US
The Controller attaches utmost importance to the right to privacy and the protection of personal data of its Users. For any information in relation to this Privacy Policy, Users may contact the Controller at any time, by sending:
· A registered letter with return receipt to the Controller's place of business: via Roncaglia 12, Milano;
· An email to: serviceplan-group-italia@house-of-communication.com
· Within the group of companies in Italy of which Serviceplan Italia Group S.r.l. is the holding company, a Data Protection Officer (DPO) has been appointed, whom Users can contact using the contacts below: Shibumi S.r.l. - e-mail: dpo@serviceplan.com
3. WHAT WE DO - PURPOSES OF PROCESSING
By browsing the Website, Users can stay up-to-date on the services and activities developed and/or promoted by the Controller, ask for information from the Controller with the ‘Contact us’ form, send requests to the Controller, apply for job positions and/or subscribe to the Controller's newsletter.
In connection with the activities that may be carried out on the Website, the Controller collects personal data concerning Users.
This Website and any services offered on the Website are reserved for persons aged eighteen and over. The Controller therefore does not collect personal data on persons under 18. At the request of Users, the Controller shall promptly delete all personal data involuntarily collected concerning persons under 18.
In particular, Users' personal data will be lawfully processed by the Controller for the following purposes:
a) contractual obligations and provision of the requested service, i.e. to allow Website browsing and to execute specific requests from Users, including generic, business, commercial and press requests, received by the Controller. Users’ data collected by the Controller for these purposes include:
- Website browsing: all personal data whose transmission is implicit in the use of Internet communication protocols, acquired by the computer systems and software procedures used to operate the Website during their normal operation: IP addresses or domain names of Users’ computers, URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to Users’ operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and ensure its regular operation;
- ’Contact us’ section: the name, surname, email address, telephone number, as well as any information and personal data voluntarily entered by the User in any field in the form. Users’ personal data will be processed by the Controller for the sole purpose of ascertaining their identity (also by validating their email address), thus avoiding any act of fraud or abuse, and of contacting Users for service purposes only in order to follow up the their requests;
- ’Contact us’ section – application: the name, surname, email address, telephone number, as well as any information and personal data voluntarily entered by the User in any field in the form. The data provided by Users will be processed for the purpose of ascertaining their identity (also by validating their email address), thus avoiding any act of fraud or abuse, and of processing Users’ requests regarding the possibility of establishing a work relationship/collaboration with the Controller.
b) administrative-accounting purposes, i.e. to carry out organisational, administrative, financial and accounting activities, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;
c) legal obligations, i.e. to fulfil obligations laid down by law, authority, regulation or European law.
Unless Users give the Controller a specific and optional consent to the processing of their data for the further purposes set out in paragraph 4 below, Users’ personal data will be used by the Controller for the exclusive purpose of contacting Users for service reasons in accordance with the latter’s requests (e.g. sending the information requested by Users), as specified above. Subject to any other provision of this Privacy Policy, under no circumstances shall the Controller make the personal data of Users accessible to other Users and/or third parties.
The provision of personal data for the above-mentioned processing purposes is optional though necessary, as failure to provide such data will prevent Users from contacting the Controller.
Personal data that are necessary for the processing purposes described in this paragraph 3 are indicated with an asterisk in the data collection form on the Website.
4. FURTHER PROCESSING PURPOSES
Marketing (sending of advertising material, direct sales, commercial communications, newsletters)
Subject to Users’ free and optional consent, some personal data concerning them (name, surname, email address) may also be processed by the Controller for marketing purposes (to send advertising material, direct sales, commercial communications or newsletters containing information on sector news relating to Website activities and services offered by the Controller), or to contact Users by email to offer products and/or services sold by the Controller itself and/or third-party companies, to present offers, promotions and commercial opportunities.
If consent is not given, the possibility of browsing the Website and contacting the Controller will not be affected in any way.
If consent is given, Users may withdraw it at any time by sending a request to the Controller in the manner indicated in paragraph 8 below.
Users may also easily object to further promotional email communications by clicking on the appropriate link to withdraw their consent, which is indicated in each promotional e-mail. Once consent has been withdrawn, the Controller will send the User an email confirming that consent has been withdrawn.
The Controller informs Users that, following their exercise of the right to object to the sending of promotional communications by email, Users may continue to receive further promotional messages for technical and operational reasons (e.g. contact lists completed shortly before the Controller’s receipt of Users’ objection). Should Users continue to receive promotional messages 24 hours after exercising the right to object, they may report the problem to the Controller, using the contact details indicated in paragraph 8 below.
5. LEGAL BASIS
Contractual obligations and provision of the requested service (as described in paragraph 3(a) above): the legal basis is represented by Art. 6(1)(b) of the Regulation, i.e. processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract.
Administrative-accounting purposes (as described in paragraph 3(b) above): the legal basis is represented by Art. 6(1)(b) of the Regulation, insofar as processing is necessary for the performance of a contract and/or to take steps at the request of the User prior to entering into a contract.
Legal obligations (as described in paragraph 3(c) above): the legal basis is represented by Art. 6(1)(c) of the Regulation, since processing is necessary for compliance with a legal obligation to which the Controller is subject.
Further processing purposes: for processing relating to marketing activities (as described in paragraph 4 above), the legal basis is represented by Art. 6(1)(a) of the Regulation, i.e. the data subject has given consent to the processing of his or her personal data for one or more specific purposes. For this reason, the Controller asks Users to give their specific, free and optional consent to pursue this processing purpose.
6. DATA PROCESSING METHODS AND STORAGE PERIODS
The Controller will process Users' personal data using manual and computerised tools, with logics strictly related to the purpose of processing and otherwise in such a way as to ensure data security and confidentiality.
Browsing data are not retained for more than 2 weeks (except in the case of criminal investigations by judicial authorities).
The personal data of Website Users collected via the form in the ‘Contact us’ section shall be kept for the time strictly necessary to fulfil the primary purposes illustrated in paragraph 3 above, or otherwise as long as necessary to protect the interests of both Users and the Controller in civil proceedings, unless the User has also given the Controller his/her free and optional consent to the processing of his/her personal data for marketing purposes.
The personal data of Users collected via the form in the ‘Contact us’ section with specific reference to job applications will be kept for the time strictly necessary to fulfil the primary purposes set out in paragraph 3 above, and otherwise for no more than 12 months.
In the case set out in paragraph 4 above, Users' personal data shall be kept for the time strictly necessary to fulfil the purposes set out therein and, in any case, until consent is withdrawn.
7. SCOPE OF COMMUNICATION AND DISSEMINATION OF DATA
Users’ personal data may be transferred outside the European Union. In this case, the Controller shall ensure that such transfer is carried out in compliance with Applicable Law and, in particular, in accordance with Arts. 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the Regulation.
The Controller's employees and/or collaborators in charge of managing the Website and Users' requests may become aware of the latter’s personal data. Such persons, who have been duly instructed by the Controller pursuant to Art. 29 of the Regulation, will process Users' data exclusively for the purposes indicated in this Policy and in compliance with Applicable Law.
Users' personal data may also be acquired by third parties processing personal data on behalf of the Controller in their capacity as Data Processors, such as suppliers of IT and logistics services functional to Website operation, suppliers of outsourcing or cloud computing services, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Controller, by sending a request to the Controller in the manner indicated in paragraph 8 below.
8. RIGHTS OF DATA SUBJECTS
Users may exercise the rights granted to them by Applicable Law by sending:
· A registered letter with return receipt to the Controller's place of business: via Roncaglia 12, Milano;
· An email to: serviceplan-group-italia@house-of-communication.com
· Within the group of companies in Italy of which Serviceplan Italia Group S.r.l. is the holding company, a Data Protection Officer (DPO) has been appointed, whom Users can contact using the contacts below: Shibumi S.r.l. - e-mail: dpo@serviceplan.com
Pursuant to Applicable Law, Users have:
a. the right to withdraw consent at any time, if processing is based on their consent;
b. the right of access to personal data;
c. (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format), the right to restriction of processing of personal data, the right to rectification and the right to erasure ('right to be forgotten');
d. the right to object:
i. in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even if pertinent to the purpose of collection;
ii. in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communications;
e. if they consider that the processing concerning them infringes the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State of their habitual residence, place of work or place of the alleged infringement). The Italian supervisory authority is the Garante per la protezione dei dati personali, based in Piazza Venezia, no. 11, 00186 - Roma (RM) (www.garanteprivacy.it).
***
The Controller is not responsible for updating all the links displayed in this Policy; therefore, whenever a link is not working and/or updated, Users acknowledge and accept that they shall always refer to the document and/or section of the websites referred to by that link.