Newsteca S.r.l., Via Larga, 6 – 20122 Milan, ITALY, VAT no. 13171520151 (hereinafter, the “Controller”), as the Controller in terms of processing personal data, hereby informs you, pursuant to article 13 of EU Regulation no. 2016/679 (hereinafter, the “GDPR”), that your data, in relation to your browsing of our internet site, will be processed with the following methods and for the following purposes: activities connected to sending newsletters, promotional communications and advertising messages.
1) Data subject to processing
The Controller will process personal data, including identifying and non-sensitive data (such as, purely by way of example but not limited to: first name, last name, address, telephone number, email address – hereinafter “personal data” or simply “data”), that you provide when making an online request for clarification or when making a request to subscribe to a newsletter or when attending an organised event or training course.
2) The purposes for which data is processed
Your personal data will be processed:
A) without your express consent (article 6 letters b) and e) of the GDPR) for the following purposes:
To process a contact request;
Legal basis: To provide a service.
To fulfil the obligations established by current laws and regulations, including European Union ones;
Legal basis: Legal obligation.
To manage disputes regarding contractual breaches, transactions, debt recovery, judicial disputes;
Legal basis: Use in a court of law.
B) Only with your prior, specific and explicit consent (article 7 of the GDPR) for the following marketing purposes:
To send you, by email, periodic newsletters and attendance at awards and events (sites: missionline.it, www.italianmissionawards.it, www.missionfleetawards.it) offered by the Controller.
Legal basis: Consent (optional and may be revoked at any time).
3) The methods by which data is processed
Your personal data will be processed by means of the operations indicated in article 4 of the Privacy Code and article 4 no. 2) of the GDPR and, specifically, the: collection, recording, organisation, storage, consultation, treatment, modification, selection, extraction, alignment, use, combination, block, communication, erasure and destruction of data. Your personal data will be subject to processing by both paper and electronic and/or automated means.
4) Period for which the data processed will be stored
The Controller will process personal data for the time strictly necessary to achieve the purposes indicated above, in compliance with the civil and tax obligations regarding holding data and the limits established by law. At the end of this storage period, personal data will be erased. Therefore, at the end of this period, the rights of access, erasure, rectification and the right to data portability can no longer be exercised.
5) Security measures
The Controller has adopted a wide range of security measures to protect your data against the risks of loss, abuse and alteration. Specifically, the Controller has adopted those measures referred to in articles 32-34 of the Privacy Code and article 32 of the GDPR; it uses data encryption technology and protected data transmission protocols.
6) Access to data
Your data may be made available for the purposes referred to in article 2.A) and 2.B):
to the Controller’s employees and contractors, in their capacity as appointed parties and/or internal Processors;
to third parties or other parties who perform outsourcing activities on behalf of the Controller, in their capacity as Processors.
The updated list of processors and appointed parties is kept and may be consulted at the Controller’s headquarters.
7) Communicating data
Without your express consent (pursuant to article 24 letters a), b) and d) of the Privacy Code and article 6 letters b) and c) of the GDPR), the Controller may communicate your data to a Supervisory Body, a Judicial Authority as well as to any other party to which such communication is required by law in order to achieve the aforementioned purposes.
8) Transferring data
Managing and storing personal data will be done in Europe, on servers located in Italy, managed by the Controller and/or by third parties duly appointed as Processors.
9) The nature of providing data and the consequences for not complying
Providing data for the purposes referred to in article 2A is mandatory since the data is needed in order to be able to respond to a contact request.
On the other hand, for the purposes referred to in article 2B, providing data is optional. You may decide, therefore, not to provide any data or to subsequently decide not to allow the data already provided to be processed: in this case, you will not be able to receive newsletters or advertising materials but you will continue to be entitled to the Services referred to in article 2A.
10) A data subject’s rights
In compliance with Chapter III, Section I of the GDPR, you may exercise those rights indicated therein and, specifically:
Right of access – To obtain confirmation as to whether or not personal data concerning you is being processed and, where this is the case, to receive information regarding, in particular: the purposes for which processing is done, the categories of personal data that are processed and the storage period, the recipients to whom such data may be communicated (article 15 of the GDPR);
Right to rectification – To obtain, without undue delay, the rectification of inaccurate personal data and to have incomplete personal data supplemented (article 16 of the GDPR);
Right to erasure – To obtain, without undue delay, the erasure of the personal data that concerns you, in those cases provided for by the GDPR (article 17 of the GDPR);
Right to restrict processing – To obtain from the Controller restriction of processing in those cases provided for by the GDPR (article 18 of the GDPR);
Right to data portability – To receive the personal data that concerns you and provided to the Controller in a structured, commonly used and machine-readable format, as well as to have this data transmitted to another controller without hindrance in the cases provided for by the GDPR (article 20 of the GDPR);
Right to object – To object to the processing of the personal data that concerns you, unless there are legitimate reasons for Joint Controllers to continue such processing (article 21 of the GDPR);
The right to lodge a complaint with a Supervisory Authority – To lodge a complaint with the Italian Data Protection Authority based at Piazza di Montecitorio no. 121, 00186, Rome (RM), Italy.
11) How to exercise a right
You may, at any time, exercise your rights by sending:
– a registered letter with return receipt to the registered offices of Newsteca S.r.l. Via Larga, 6 – 20122 Milan, Italy
– an email to: firstname.lastname@example.org
12) Changes to this policy
Last updated on 31 May 2022.