Informazioni e dati di contatto del titolare del trattamento
Art. 13, paragrafo 1, lett. a) e b) Reg. UE n. 679/2016
BlueIT S.p.A. S. B., con sede legale in Via Santa Maria Valle 5, 20123 Milano (MI), C.F./P.I. 06357190963, iscrizione Registro imprese Milano Monza e Brianza e Lodi REA 1886930, capitale sociale euro 400.000,00 i.v.
Contact details of the Data Controller
Data Protection Officer contact details
Blueit S.p.A. S.B., registered office in Via Santa Maria Valle 5, 20123 Milan (MI), P.I. 06357190963, as your Data Controller of your personal Data (later also “Controller”), informs you, pursuant to artt. 12 and 13 of Regolamento UE n. 679/2016 (General Data Protection Regulation, later also “GDPR”), that your personal Data will be treated by specifically authorized subjects and limited to the purposes and with the methods that will be specified later, with reference to the functionalities of the web portal http://www.blueit.it/.
Object and purpose of the treatment
The Data Controller informs you that, specifically, will treat your (i)common personal Data, name and surname, e-mail, telephone number/fax, accounting, tax and banking data, and (ii) identification and IP addresses or domain names, with the methods that will be specified later.
Personal Data of Users of the Website will be treat in accordance with the provisions of the GDPR, for the performance of the features of this Website, with particular reference to the data collection procedures for completing the form “Newsletter”.
In particular, the Personal Data provided to the Data Controller will be treated for the pursuit of the following purposes: sending newsletters, or communications relating to opportunities for participation or participation in events, programs, courses offered directly by Blueit S.p.A. S. B. on which there is a direct or indirect participation of the same.
This information is effective only with reference to the web portal http://www.blueit.it/, but not with reference to others Web portals o Website possibly consultable through the links therein, of which the Data Controller is in no way liable.
Legal basis of the treatment
Except for what specified for navigation Data, your communication to the Data Controller of your personal Data has as a basis for the lawfulness of treatment the following legal bases:
– Art. 6, par. 1, letter a) of GDPR, for the marketing and newsletter purposes;
– Art. 6, par. 1, letter b) and f) of GDPR for the site’ s management and functionality;
– Art. 9, par. 2, letter a) of GDPR, concerning your explicit consent, for the purposes referred above.
Methods of treatment
The treatment of personal Data communicated by you is carried out by means of the operations indicated in art. 4 n. 2) of the GDPR, namely: “Collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, cancellation and destruction of Data”.
The Personal Data communicated by You are subjected to automated treatment for the time strictly necessary to achieve the purposes for which they were collected, with technical and organizational methods adopted to prevent the loss of Data, illicit and / or incorrect use and unauthorized access, and such, therefore, to guarantee a level of security appropriate to the risk pursuant to art. 32 of the GDPR, by persons specifically authorized, in compliance with the provisions of art. 29 of the GDPR, or of employees and / or collaborators of the Data Controller in their capacity as authorized subjects and / or system administrators, who can carry out operations of consultation, use, processing, comparison and any other appropriate operation in compliance with the provisions of the law necessary to guarantee, inter alia, the confidentiality and security of the Data as well as the accuracy, updating and relevance of the Data in accordance with the stated purposes and methods.
It should be noted, in particular, that the personal Data you provide will be treated only at the headquarters of the Data Controller. The Data will not be disseminated, and, pursuant to art. 13, paragraph 1, lett. (e) may be treated only by authorized persons and / or by any external Data Controllers pursuant to art. 28 of the GDPR (in the case of individual professionals and / or complex professional associations), and / or by persons operating as independent Data Controllers, whose list is available at the Data Controller’s office and is provided following a written request from you the Interested person, and among which are explicitly listed hosting companies and / or technical personnel in charge of the management and / or maintenance of the Website, but only and exclusively for the purposes expressly and specifically indicated above.
Data Controller uses external service ‘mailchimp’ to manage process, whose specifications are attached.
Distribution of personal data
In relation to the purposes indicated above, the Data may be communicated to the following persons and / or categories of persons indicated below, or may be disclosed to companies and / or persons, who provide services, including external ones, on behalf of the Data Controller.
Among these people are indicated for greater clarity: professionals and consultants also in an associated form; persons that the company uses for the acquisition of commercial information related to contractual or pre-contractual requirements; companies, entities, external consortia, banks and credit institutions, non-bank financial intermediaries, insurance operators in compliance with regulatory limits; persons that carry out activities of control, revision and certification of the activities carried out by the company, possibly also in the customers’ interests; subjects providing services for the management of the information system and telecommunications networks (including e-mail and management of Web portals and Websites – cloud storage services – hosting); competent authorities and / or Supervisory Bodies for the fulfillment of legal obligations; accounting and tax consulting firm; labor consultants; companies and law firms for the protection of contractual rights; subjects that carry out checks, audits and certification of the activities carried out by the Data Controller who act as external data processors pursuant to art. 28 of the GDPR, or in complete autonomy as subjects distinct from the Data Controller.
This Website may share some of the Data collected with services located outside Italy and the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) also through the social plugin and the Google Analytics service. The transfer outside the EU is authorized on the basis of specific decisions of the European Union Commission and the Guarantor for the protection of personal data, in particular the decision 1250/2016 (Privacy Shield), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
In any case, in the event that extra-EU transfer of personal Data should be necessary, the Data Controller ensures that the data will be transferred in accordance with the applicable legal provisions and in particular in accordance with articles 44 – 45 – 46 – 47 – 48 and 49 of the GDPR.
Period of conservation of personal data
We point out that, in compliance with the principles of lawfulness, limitation of purposes and the storage and minimization of Data, pursuant to art. 5 of the GDPR, the retention period of your personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and traited, or for the entire duration of the fulfillment of the aforementioned purposes, and therefore, exhausted the purposes of the processing, your Data will be deleted from any physical and IT support.
Automated decision-making processes and profiling
The Data Controller informs You that, for the purposes of processing your personal Data, it does not make use of automated decision-making processes, those aimed at making decisions based solely on technological means based on predetermined criteria (without human involvement), or performing profiling, or the one aimed at using your personal Data to analyze or predict aspects of professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or travel etc.
Rights of the interested part
Right of access pursuant to art. 15 of the GDPR and Right of Rectification pursuant to art. 16 of the GDPR
As interested person, pursuant to art. 15 of the GDPR, You have the right to obtain from the Controller Data confirmation of the existence or otherwise of the treatment of personal Data concerning you, to obtain access to them and to all the information referred to in the same art. 15, paragraph 1, letters from (a) to (h), by issuing a copy of the Data treated in a structured format, in common use, readable by an automatic and interoperable device.
You, pursuant to art. 16 of the GDPR, you also have the right to obtain from the Data Controller and / or inaccurate and / or incomplete.
Cancellation right pursuant to art. 17 of the GDPR and the right to limit the processing pursuant to art. 18 of the GDPR
As interested person, you have the right to obtain, without undue delay, from the Data Controller, exclusively in the cases referred to in art. 17, paragraph 1, letters from (a) to (f) of the GDPR, the deletion of data concerning them – with the exception of the cases specifically provided for by art. 17 paragraph 3.
As an interested party, pursuant to art. 18 paragraph 1, letters from (a) to (d), of the GDPR, you have the right to request and obtain from the Owner, the limitation of the treatment of your personal Data, or that such Data are not subject to further processing and can no longer be changed. The Data Controller ensures that the limitation of the treatment is implemented through appropriate technical devices that guarantee its inaccessibility and not modifiable.
Right to Data Portability pursuant to art. 20 of the GDPR
As Interested person, You have the right to receive, pursuant to art. 20 of the GDPR, by the Data Controller of your personal Data, whose processing is carried out by automated means, in a structured format, commonly used and readable by automatic device, and also has the right to transmit such data to another owner of the processing, or obtaining from the Data Controller, where technically feasible, the direct transmission of such Data to another data controller specifically identified.
Right to oppose treatment pursuant to art. 21 of the GDPR
You have the right to oppose at any time to the treatment of personal Data concerning You pursuant to art 21 of the GDPR.
Methods of exercising the rights of the interested part
You may exercise the rights listed above by request to be sent to the e-mail address email@example.com or by registered mail with the address “Via Santa Maria Valle 5, 20123 Milano (MI)“, at the c.a. of the Legal Manager, internal contact person in matters of privacy and protection of personal Data.
The Data Controller will confirm the receipt of your request and provide you with information on the action taken, with reference to the exercise of your rights under articles 15 to 22 of the GDPR, within 1 (one) month from receipt of the request. If necessary, and taking into account the complexity and the number of requests, the Data Controller may extend this term of 2 (two) months, subject to a reasoned communication to be sent within 1 (one) month from receipt of the request.
The Data Controller will communicate any correction, cancellation, limitation, opposition to all recipients, as identified by the art. 4, paragraph 1, n. 9 of the GDPR, to which such Data have been transmitted, unless this proves impossible and / or involves a disproportionate effort.
Following the sending of your request for rectification, cancellation, limitation, opposition, if the Data Controller has reasonable doubts about your identity will request further information to confirm it. These communications will be sent by email from firstname.lastname@example.org and will be treated by persons specifically authorized for the purpose.
In the event that the Data Controller fails to comply with your request within the period of 1 (one) month from receipt of the request, the latter will inform you of the reasons for the non-compliance, informing you from now on your right to propose a complaint to the Authority of Control (Guarantor for the Protection of Personal Data), as specified in accordance with art. 13, paragraph 2, letter (d) and governed by Articles 77 et seq. of the GDPR and 141 et seq. of Legislative Decree 196/2003, as amended by Legislative Decree n. 101/2018.