INFORMATION FOR THE PROCESSING OF PERSONAL DATA

Pursuant to art. 13 and 14 of the Regulation (EU) 2016/679 (also called GDPR) on the protection of personal data and in relation to your personal data, we inform you that their treatment will be based on the principles of correctness, lawfulness and transparency by the company Veos Spa, as well as the protection of your privacy and the protection of your rights. In relation to this we inform you of the following:

a) Identity and contact details of the Data Controller
The Data Controller is Veos Spa, with operational headquarters Via G. Fara, 20, 20124 Milan, hereinafter the “Controller”. Your contact details are as follows: info@veosgroup.it or the telephone number +39 02 49484500.

b) Type and method of data collection
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. By browsing the website www.veosgroup.it, and in particular in the personal reserved area, the following types of personal data concerning you can be collected:

Contact details – information relating to name, telephone / mobile number, email address;
Other personal data – information you provide to us about your company or business
Interests – information you provide to us about your interests, including the products you are interested in;
Use of the website – information on how to consult the site, including information collected through cookies (here you can find our Cookies Policy).

c) Purpose and legal basis of the processing
The navigation data are used to obtain anonymous statistical information on the use of the website, for site security purposes and to check its correct functioning and could be used to ascertain responsibility in case of any computer crimes against the site. web.

The personal data provided by the user on an optional basis are used only to process any requests made and to execute legal obligations and / or pre-contractual obligations and / or contractual obligations deriving from the relationship in the established case.

The processing to which your personal data will be subjected, collected at the time of registration on the website www.veosgroup.it, will be carried out for the following purposes:

collection of information which, by their very nature, could allow users to be identified; these data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site – (Legal basis of the processing: Execution of the contract);
operational management for the registration procedure and compilation of data collection forms in order to view the documents relating to the products or services purchased, request information, make reports and contact the Data Controller – (Legal basis of the processing: Execution of the contract);
sending, exclusively to the e-mail address you provided during the purchase of a product or service on the website www.veosgroup.it, of promotional messages on goods or services similar to those you purchased, provided that you do not object to the processing in the manner indicated below, in accordance with the provisions of Recital 47 of Regulation (EU) 2016/679 and by art. 130, paragraph 4, of the New Privacy Code 2018 (Legislative Decree 196/2003 coordinated with Legislative Decree 101/2018) and subsequent amendments and additions – (Legal basis of the processing: Legitimate interest);
fulfill a legal obligation, regulations or provisions of the judicial authority, as well as to defend a right in court in accordance with legally binding requests and / or to defend one’s right in court – (Legal basis of the processing: Legal obligations);

Where the legal basis is the execution of the contract or the legal obligation, the provision of data is mandatory to manage the contractual relationship; failing that, we will not be able to process you. If, on the other hand, your consent to the processing is required, failure to provide it does not have consequences on contractual relationships.

The processing is also necessary for the pursuit of the legitimate interest of the Data Controller regarding its legal and commercial protection, for compliance with legal, administrative and regulatory obligations to which the Data Controller is subject.

d) Legal basis of the processing and legitimate interest
The legal basis for the processing of personal data relating to each of the purposes indicated above is specified alongside each of them.

When consent is indicated as the legal basis of the processing, it is understood that the data will be processed by the Data Controller for these purposes only after obtaining your consent in this regard.

As for the legitimate interests indicated, they relate to the fact that the interested party has already expressed interest in the product sector in question, by purchasing certain products or services, and the Data Controller has a specific and justified interest in continuing to send him communications in relation to services or goods similar to those purchased, as well as the owner’s interest in making the user navigate.

e) Recipients or categories of recipients of personal data
We limit access to your personal data only to those who need to use them for relevant purposes; in particular, the data relating to the processing in question and for the aforementioned purposes, may be communicated or disclosed:

to those within the organization of the owner who need it due to their duties or hierarchical position. These subjects are the persons authorized to process under the direct authority of the Data Controller, whose number will be limited to the maximum, who, in relation to their job, will have access only to the data relevant to that job and will be suitably trained in order to avoid loss, destruction, unauthorized access or unauthorized processing of the data;
to those subjects to whom the provisions of the law give the right to access, or to whom the transfer of data is necessary for the obligations provided for by laws or regulations;
to subjects whose activity is necessary for the execution of the contracts of which you are a party or to fulfill requests before the conclusion of the contract (eg: transporters, suppliers of goods and services and both domestic and foreign subcontractors within the EU, Companies and institutions in the banking, credit and insurance sectors, factoring companies, financial intermediaries, companies that provide commercial information, mail delivery companies);
to third parties to whom the Data Controller may outsource certain activities and who provide instrumental services related to the treatments and purposes described above, such as, for example, companies that provide commercial information, correspondence delivery companies, call centers. These third parties carry out treatments on behalf of the Data Controller and are authorized to process them as Data Processors in accordance with the provisions of art. 28 and 29 of Regulation (EU) 2016/679, as “External Data Processors” and will process the User’s data exclusively for the purposes indicated in this information and in compliance with the provisions of the applicable legislation.
Your data is not disclosed.

f) Retention period
The data collected are processed with IT tools and only in a residual way with paper methods. Adequate security measures are adopted to prevent data loss, illicit or incorrect use and unauthorized access.

We keep your personal data only for the time necessary to achieve the purposes for which it was collected or for any other legitimate related purpose. Therefore, if personal data are processed for two different purposes, we will keep such data until the purpose with the longer term ceases, however we will no longer process personal data for that purpose whose retention period has expired. Your personal data that are no longer necessary, or for which there is no longer a legal prerequisite for its conservation, are irreversibly anonymised (and in this way they may be kept even for a period exceeding the purpose for which they were acquired) or securely destroyed.

Below are the storage times in relation to the different purposes listed above:

Operational management and purposes strictly connected to this for accessing the website: the data processed for this purpose may be kept for the entire duration of the contract and in any case no later than the following 10 years.
Fulfillment of contractual obligations: the data processed to fulfill any contractual obligation may be kept for the entire duration of the contract and in any case no later than the next 10 years, in order to verify any pending issues including accounting documents.
Marketing purposes, including profiled ones: personal data processed for marketing purposes may be kept for 24 months from the date on which we obtained your last consent for this purpose (with the exception of the opposition to receiving further communications); for the purpose of profiled marketing, however, they will be kept for 12 months
In the event of disputes: in the event that it is to defend or act or even make claims against you or third parties, we may keep the personal data that we reasonably deem necessary to process for these purposes, for the time in which this claim can be prosecuted.

g) Your rights
The GDPR recognizes the following rights in relation to your personal data that you can exercise within the limits and in compliance with the provisions of the law:

Right to access your personal data (Article 15);
Right of rectification (Article 16);
Right to delete data (Article 17 – “right to be forgotten”) for which there is no longer any legal prerequisite for processing;
Right to limitation of processing (Article 18) within the limits established by the legislation for the protection of personal data;
Right to data portability (Article 20);
Right to object (Article 21) where required by applicable law;
Right to object to a decision based solely on automated processing (Article 22);
Right to revoke the consent given at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation;
The exercise of these rights is subject to some exceptions aimed at safeguarding the public interest (for example the prevention or identification of crimes) and our interests. In the event that you exercise any of the aforementioned rights, it will be our responsibility to verify that you are entitled to exercise it and we will reply, as a rule, within one month.

For any complaints or reports on how your data is processed, we will make every effort to respond to your concerns. However, if you wish, you can forward complaints or reports to the Data Protection Authority, using the relevant contact details: Guarantor for the protection of personal data – Piazza di Monte Citorio n. 121 – 00186 ROME – Fax: (+39) 06.69677.3785 – Telephone: (+39) 06.696771 – e-mail: garante@gpdp.it – Certified mail: Protocol@pec.gpdp.it – website: www.garanteprivacy .it