Who are we and what do we do with your personal data?
Arco Campus S.r.l. hereinafter the Data Controller, protects the confidentiality of your personal data and provides it with the necessary protection from any event that may put it at risk of violation.
For this purpose, the Data Controller implements policies and practices regarding the collection and use of personal data and the exercise of your rights under applicable law. The Data Controller is
responsible for updating the policies and practices adopted for the protection of personal data whenever necessary and in any case in the event of regulatory and organisational changes that may affect the processing of your personal data.
How does the Data Controller collect and process your data?
The Data Controller collects and/or receives information about you, such as:
Your personal information will be processed for:
1) the management of your relationship as a member and the consequent obligations, regulatory or otherwise
Your personal data is processed in order to carry out the preliminary activities and the activities resulting from the management of your relationship as a member of the Data Controller Company, such as for example: sending communications concerning the company’s activities, guaranteeing attendance at Company meetings, exercising rights as a member of the Company, as well as for the fulfilment of any other obligation arising from the contract, such as the recording and storage of your personal data.
The obligations to be fulfilled by the Data Controller under the contract and under specific regulations governing it are, among other things:
– the keeping of the accounts.
Your personal data is also collected from third parties such as, for example:
2) communication to third parties and recipients
Your personal data is processed under the contract and the legal and regulatory obligations resulting from it.
Your data will not be disclosed to third parties/recipients for their own purposes unless:
1. you authorise to do so.
Your data will be disclosed to third parties/recipient if:
1. it is necessary for the fulfilment of obligations under the contract and law regulations governing it (e.g. for the defence of your rights, for reporting to the supervisory authorities, etc.);
2. the communication is made to auditing companies of the financial statements; quality assurance companies; banks for managing collections and payments; companies and law firms to assist in the carrying out of corporate transactions; data processing and IT service companies (e.g. web hosting, data entry, management and maintenance of IT infrastructures and services, etc), members of the administrative body and members of the control body;
3. the communication is made to the tax authorities and to public supervisory and control bodies towards which the Data Controller must fulfil specific obligations deriving from the specific nature of the activity carried on.
Moreover, your personal data may be disclosed in order to comply with the legal obligations.
What happens if you do not provide your data?
If you do not provide your personal data, the Data Controller will not be able to carry out the processing operations related to the management of the contract and its services or the obligations that depend on it.
The intention of the Data Controller was to carry out certain processing operations in accordance with certain legitimate interests that do not affect your right to confidentiality, such as those that:
How and for how long is your data retained?
How
Data processing is carried out on paper or through IT procedures by internal subjects authorised and trained for this purpose. They are granted access to your personal data to the extent and within the limits required for carrying out the processing activities that concern you.
The Data Controller periodically checks the tools by means of which your data is processed and its security measures, which it constantly updates; it makes sure, also through the subjects authorised to process the data, that personal data for which processing is not necessary is not collected, processed, stored or retained; it makes sure that the data is retained with the guarantee of integrity and authenticity of its use for the purposes of the processing actually carried out.
Where
The data is retained on paper, computer and electronic files located within the European Economic Area, and appropriate security measures are ensured.
How long
The personal data processed by the Data Controller is retained for the time necessary for the carrying-out of activities related to the management of the relationship with the Data Controller and until ten years after its conclusion (art. 2946 of the Italian Civil Code) or from when the rights that depend on it can be enforced (pursuant to art. 2935 of the Italian Civil Code); as well as for the fulfilment of the obligations (e.g. tax and accounting obligations) that remain even after the conclusion of the relationship (art. 2220 of the Italian Civil Code), for the purposes of which the Data Controller must retain only the data necessary for their furtherance. This is without prejudice to the cases in which the rights deriving from the contract should be asserted in court, in which case your data, only that necessary for these purposes, will be processed for the time necessary to pursue them.
This is without prejudice to your right to oppose at any time the processing based on legitimate interest for reasons related to your particular situation.
What are your rights?
In substance, at any time and free of charge and without any special charges or formalities for your request, you can:
The Data Controller must do so without delay and, in any case, at the latest within one month of receipt of your request. The time limit can be extended by two months, if necessary, taking into account the complexity and the number of requests received by the Data Controller. In such cases, the Data Controller will inform you of the reasons for the extension within one month of receipt of your request.
For any further information and to send your request, please contact the Data Controller at privacy@gruppoigd.it
How and when can you oppose the processing of your personal data?
For reasons relating to your specific situation, you may oppose at any time the processing of your personal data if this is based on legitimate interest or if it is for marketing purposes (direct marketing, market surveys), by sending your request to the Data Controller at the email address privacy@gruppoigd.it.
You have the right to have your personal data erased if there is no legitimate reason overriding the one that gave rise to your request, and in any case if you have opposed the processing for marketing
purposes (direct marketing, market surveys).
Who can you complain to?
Without prejudice to any other administrative or judicial action, you may submit a complaint to the competent supervisory authority or to the authority that carries out its tasks and exercises its powers where you have your habitual residence or work or, if different, in the Member State where the violation of Regulation (EU) 2016/679 occurred.
Any update of this information will be communicated to you in a timely manner and by appropriate means and you will also be informed if the Data Controller will process your data for purposes other than those referred to in this information before carrying it out and in time to give your consent if necessary.