Updated to EU Regulation 2016/679 (European General Data Protection Regulation )
2) Data Controller identification details CAEN quantum Security s.r.l. with registered office in Via Vetraia, 11, 55049 – Viareggio (LU) – Italy (hereinafter: the “Data Controller”). Data Controller’s email for privacy related communications: email@example.com
3) Browsing Data Enables anyone accessing the www.caenqs.it website a better browsing experience.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data (or log files) whose transmission is implicit in the communication protocols of the Internet.
This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow to identify users.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, time of request, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the status of response from the server (successful, error, etc.) and other parameters regarding the operating system and computer environment.
The data is used only to obtain anonymous statistical information about the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Website and can be used as evidence before a judicial authority, wherever explicitly requested.
5) Voluntary Information provided by the Interested Party Optional, voluntary and explicit sending of emails to the addresses indicated on the Website, involves the automatic acquisition of the Interested Person’s personal data and email address, necessary in order to respond to their requests.
6) Contact and information request handling procedures Allows CAEN quantum Security s.r.l. to gather data on the Interested Party, in order to contact and/or reply to their request.
7) Purposes and methods of data processing Personal data supplied to us by the Interested Person, is used by CAEN quantum Security s.r.l. to send the Interested Person, newsletters, promotional material and /or commercial communications related to the Website’s services. Using the contact information provided, such information is sent either by traditional means (ie: by traditional postal service, phone, etc), or by automated means (ie: communication via the internet, fax, e-mail, sms, smartphones or tablet apps, – so called APPS – social network accounts ie: Facebook, Twitter, YouTube or LinkedIn – etc.).
8) Personal data storage Your personal data is collected and processed by CAEN quantum Security s.r.l.-owned information systems, and managed by third party technical services suppliers based in Italy; for further details please refer to the “Scope of communication and access to data” section below. The data is processed only and exclusively by authorized personnel, including personnel specifically authorized to carry out occasional maintenance operations.
9) Data Retention Policy Personal data is processed either in printed form or online, and will be stored on the company’s information system in accordance with EU Regulation 2016/679, and in accordance with the security and confidentiality requirements, based on the principles of fairness and legality. In compliance with Regulation (EU) 2016/679, the data will be kept and stored as follows:
– Use by the Interested Party of the Website’s features and services (browsing data): two years
– Information and contact request: until request process completion
– Marketing purposes: Until the Interested Party revokes the consent and requests the withdrawal of the service.
10) Data quality and security CAEN quantum Security s.r.l. will protect the security of the Interested Party’s personal data and will respect the security provisions of the applicable laws, to prevent the loss of data, its unauthorised use or unauthorised access. Furthermore, the information systems and computer programs used by CAEN quantum Security s.r.l. are configured in such a way as to minimise the use of personal and identifying data; such data is only processed to fulfil specific purposes in each case. CAEN quantum Security s.r.l. uses multiple advanced security technologies and procedures to keep users’ personal data secure; for example, personal data is stored on secure servers located in protected areas with controlled access, situation in Italy and/or the European Union. The Interested Party can help CAEN quantum Security s.r.l. to keep their personal data up-to-date by giving notice of any changes of address, qualifications or contact details.
11) Scope of communication and access to data – Dissemination of data The Interested Party’s personal data may be disclosed to:
– CAEN quantum Security s.r.l. Staff and collaborators – in connection with their duties;
– any individual and/or legal entity, public and/or private body if necessary or functional to the fulfilment of CAEN quantum Security s.r.l. activities in the ways and for the purposes illustrated above.
– anyone who has the right to access the data by law.
Personal data related to the Interested Party cannot be disclosed.
12) Provision of Personal Data The Interested Party is required to provide certain personal data to allow CAEN quantum Security s.r.l. to deal with correspondence and queries or to contact the Interested Party to follow up a request.
The provision of personal data by the Interested Party for marketing purposes, as specified in the section “Purposes and methods of data processing” is optional, and the refusal to provide it will not have any consequences. Consent given for marketing purposes extends to the sending of communications using automated or traditional means and/or methods, as listed above.
13) Rights of the Interested Party Art. 15 (right of access) and Art. 16 (right to rectification) of EU Regulation 2016/679
The Interested Party has the right to obtain confirmation from the Data Controller as to whether or not their personal data is being processed and, in such case, the right to obtain access to that data and to the following information:
a) the purposes of processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
d)the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the Data Controller, rectification or cancellation of personal data or restriction of processing of personal data concerning the Interested Party or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Interested Party..
Right as set out in Art. 17 of EU Regulation 2016/679 – Right to cancellation (“right to be forgotten”)
The Interested Party has the right to obtain from the Data Controller the cancellation of his or her personal data without undue delay, and the Data Controller is obligated to erase that data without undue delay, for one of the following reasons:
a)The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) The Interested Party withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of EU Regulation 2016/679, and where there is no other legal ground for the processing;
c) The Interested Party objects to the processing pursuant to Article 21(1) of EU Regulation 2016/679 and there are no overriding legitimate grounds for the processing, or the Interested Party objects to the processing pursuant to Article 21(2);
d) The personal data has been unlawfully processed;
e) The personal data has to be erased for compliance with a legal obligation in European Union or Member State law to which the Data Controller is subject;
f) The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of EU Regulation 2016/679
Right as set out in Art. 18 – Right to restriction of processing
The Interested Party may obtain a limitation of the data processing, from the Data Controller, in one of the following cases:
a) The Interested Party disputes the accuracy of the personal data, for the period required by the Data Controller for checking such accuracy;
b) The processing is unlawful and the Interested Party opposes the cancellation of the personal data and requests the restriction of its use instead;
c)The Data Controller no longer needs the personal data for the purposes of the processing, but it is required by the Interested Party for the establishment, exercise or defence of legal claim;
d)The Interested Party has objected to processing pursuant to Article 21(1) of EU Regulation 2016/679, pending verification whether the legitimate grounds of the Data Controller override those of the Interested Party.
Right as set out in Article 20 – Right to data portability
The Interested Party shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller to which the personal data has been provided
14) Revocation of consent to processing You may revoke consent to the use of your personal data by sending an email to firstname.lastname@example.org. The letter should be worded as follows: “Revocation of consent for the processing of all personal data”. After this, your personal data will be removed from our archives as quickly as possible.
You also have the right to modify or revoke your consent for the processing of your personal data for marketing purposes, using the appropriate cancellation link at the bottom of every CAEN quantum Security s.r.l. newsletter or commercial communication.