Pursuant to Article 13 of Legislative Decree No. 196 of 30 June 2003 laying down the Personal Data Protection Code (hereinafter, the “Privacy Code”) and Article 13 of Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereinafter, “GDPR” or the “Regulation”), we wish to inform you that:
Tradenet Services S.r.l.
Via Marconi, 3
36015 Schio (VI)
Hereinafter referred to as Tradenet (“Tradenet”) is the Data Controller and that the personal data you provide will be processed in compliance with the above mentioned regulation.
We also inform you that Tradenet is required to provide information regarding the use of personal data provided by users who use the Tradenet platform (the “Clients” or “Data Subjects”). Tradenet has appointed a Data Protection Officer (“Data Protection Officer” or “DPO”), whom you may contact to exercise your rights listed in paragraph 8 below, as well as for any inquiries regarding this Policy.
The DPO of Tradenet is Mr. Enrico Talin
E-mail address: dpo@Tradenet.it
Postal address: Via Marconi, 3 36015 Schio (VI)
CATEGORIES OF DATA SUBJECT TO PROCESSING
1.In relation to the purposes and methods described in the following paragraph (see below, par. 4), we collect and store the following categories of personal data
– identification data, such as name and surname, tax code, date of birth ;
– contact data, such as the address of residence, billing address if different from the address of residence, e-mail address and telephone number;
– transaction data, such as details of purchase transactions on the wallet;
– location and online identification data, such as IP address, pages visited, content clicked, operating system and browser used and traffic data, etc..
2. Tradenet does not request and does not process on its own initiative “sensitive data” (personal data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade-unionist character, as well as personal data disclosing health and sex life). However, it is possible that in order to carry out specific requests for services and operations inherent to the relationship with the Client, we may also process such data.
PURPOSES AND METHODS OF DATA PROCESSING
Purpose of processing.
The personal data held by Tradenet, are processed as part of its normal activity in order to:
(a) assess the adequacy of the services offered by Tradenet with respect to the personal characteristics of the Customer, as required by current legislation;
b) comply with the obligations of identification and adequate verification provided for by the regulations on combating money laundering and terrorist financing;
c) establish the contractual relationship for the supply of Tradenet’s services and carry out the obligations strictly connected with and instrumental to the management of relations with Customers, tax, accounting and administrative fulfilments, and any credit recovery activity
d) to submit questionnaires, also with the help of third parties, in order to improve Tradenet’s services;
e) provide information on the services provided by Tradenet;
f) to send newsletters and commercial communications, updates and promotional offers based on the communication preferences of the Client
g) to carry out customer segmentation activities according to non-intrusive logic and criteria and, in any case, in such a way as not to affect the fundamental rights and freedoms of Customers (for example, differentiated communications between registered and non-registered users).
Profiling for marketing purposes is carried out using parameters in such a way that the Client receives only commercial information of his/her interest. To do this, the Data Controller will rely on personal data (age ranges), responses to questionnaires, navigation data (for example, if you have searched for information on a particular service, the Data Controller may ensure that you receive information on the same or similar services).
Legal basis for processing.
With reference to the activities described above, it should be noted that, in accordance with the Regulation:
– the processing referred to in letters a) and b) is necessary to comply with a legal obligation to which the Data Controller is subject (see Article 6(1)(c));
– the processing referred to in letter c) is necessary for the performance of a contract to which the data subject is party (see Article 6, paragraph 1, letter b));
– the processing referred to in points d) and e) is necessary for the pursuit of the legitimate interest of the Data Controller (see Article 6(1)(f));
– The processing referred to in letter f) is carried out exclusively on the basis of the consent given by the Data Subject (see Article 6, paragraph 1, letter a).
CATEGORIES OF PERSONS TO WHOM THE DATA MAY BE COMMUNICATED OR WHO CAN LEARN ABOUT THEM AS MANAGERS OR AGENTS
Personal data may be communicated by the Data Controller only and exclusively for the purposes indicated and where necessary, to the following categories of subjects:
1. service providers with whom the Tradenet platform has a contractual relationship and who collaborate in the business activities of the Data Controller (such as providers of affiliate programs, accounting and administrative management, mailing, payment or statistical analysis services);
2. service providers with whom Tradenet has a contractual relationship for its own legitimate interest to receive feedback from customers for the service provided. In this case, data is never transferred for commercial purposes, but only for the purpose of receiving customer reviews;
3. IT service providers;
4. consulting companies, law firms and accountants;
5. where required, the competent Judicial Authorities;
6. where required, public administrations and supervisory and control authorities. Personal data will not be disclosed to unspecified subjects.
TRANSFER OF DATA TO THIRD COUNTRIES
The Data Controller reserves the right to transfer your personal data to third countries. Data transfers outside the European Economic Area are subject to a special regime under the Regulation and are only made to parties located in countries that ensure a level of protection of personal data deemed adequate on the basis of an adequacy decision by the Commission or through the adoption of appropriate safeguards (including standard contractual conditions provided by the European Commission), provided that the data subjects have effective rights and remedies.
RIGHTS OF THE DATA SUBJECT
a. SPECIFIC RIGHTS OF THE DATA SUBJECT
Listed below are the rights of Data Subjects pursuant to Articles 15 through 21 of the Regulations:
1) Right of Access (Article 15): The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him/her are being processed and, if so, to obtain access to such personal data;
2) Right of rectification (art.16): the data subject has the right to obtain from the Data Controller the rectification of any inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration;
3) Right to erasure or “right to be forgotten” (art.17): the data subject has the right to obtain from the Data Controller the erasure of personal data concerning him/her without undue delay and the Data Controller has the right to obtain the erasure of personal data concerning him/her without undue delay.
delay and the Data Controller is obliged to delete the personal data.
4) Right to restriction of processing (art.18): the data subject has the right to obtain from the Data Controller the restriction of processing when one of the following cases occurs:
(i) The data subject disputes the accuracy of the personal data, for the period necessary for the Data Controller to verify the accuracy of such data;
ii) the processing is unlawful and the data subject objects to the erasure of the data but requests the restriction of its use
iii) although the Data Controller no longer needs the data for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court
(iv) The data subject has objected to the processing of the data pursuant to Section 21(1), pending verification as to whether legitimate reasons of the Data Controller prevail over those of the data subject.
5) Right to data portability (art.20): The data subject has the obligation to receive in a structured, commonly used and machine-readable format the personal data concerning him/her provided to a Data Controller and has the right to transmit such data to another Data Controller without impediment from the Data Controller to whom he/she provided them.
6) Right to object (art.21): The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f), including profiling on the basis of these provisions. The Data Controller shall refrain from further processing the personal data unless he demonstrates the existence of compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
7) Processing for direct marketing purposes. If personal data are processed for direct marketing purposes, the data subject has the right to withdraw the consent given or to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling insofar as it is related to such direct marketing.
b. PROCEDURES FOR THE EXERCISE OF RIGHTS AND FEEDBACK
In accordance with the provisions of Article 12 of the Regulation, with reference to the rights of the data subject listed above :
1. the Data Controller shall provide the data subject with information regarding the action taken with respect to the data subject’s request within one month of receipt thereof. This term may be extended by two months, if necessary, taking into account the complexity and number of requests. In the latter case, the Data Controller shall inform the data subject of such extension and of the reasons for the delay, within one month of receipt of the request;
2. the response provided to the data subject is concise, transparent and easily accessible; the language must be clear and simple. The form of the response shall be written and accessible. It is up to the Data Controller to assess the complexity of the response to the data subject and to decide whether to request a contribution, but only if the request is manifestly unfounded or excessive.
In order to make use of the rights available to you, you may contact the Data Protection Officer at the e-mail address dpo@Tradenet.it or in the other ways indicated in paragraph 1 above. We will take care of your request and provide you, within 30 days of receiving it, with information regarding the actions we have taken in this regard.
7. DATA RETENTION
For the purposes of the execution of the contract and regulatory compliance, we will keep your personal data only for the time necessary to manage the relationship in place, as well as for the fulfillment of legal obligations under applicable law. In any case, in accordance with our data retention policy, your data will be kept for a maximum period of 10 years from the termination of the contract.
8. CONTROL AUTHORITY
Without prejudice to any other administrative or jurisdictional recourse, you will have the right to lodge a complaint with a Control Authority if you believe that the processing of your personal data is in violation of the Regulation. Within the Tradenet Group, the leading Supervisory Authority is the Privacy Guarantor in Italy. Further information is available on the website http://www.garanteprivacy.it .
In any case, we are interested in being informed of any grounds for complaint and we invite you to contact our Data Protection Officer before referring the matter to the Supervisory Authority, so that we can prevent and resolve any disputes in an amicable and timely manner, with the utmost courtesy, seriousness and discretion.