ICONT

Mod. ICONO
Update date 02/2024

Information on the processing of personal data Pursuant to Art. 13 of the EUROPEAN REGULATION No. 679/2016

Dear interested party,

UBGEN SRL as Data Controller pursuant to Art. nort. 13 of the European Regulation No. 679/2016 ‘General Data Protection Regulation (GDPR)’ (hereinafter EU Regulation), containing provisions on the processing of personal data, wishes to inform you about the processing of your personal data.

The legislation states that those processing personal data are obliged to inform the data subject about the data processed and the elements qualifying the processing, which must in any case be carried out in a lawful, correct and transparent manner, as well as to protect confidentiality. and guarantee the rights of the data subject.

Please note that data processing means any operation or set of operations concerning the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination and destruction of data.

1. Data controller

The data controller is UBGEN SRL with registered office in Via Regia 71, 35010, Vigonza (PD) and operational headquarters in Viale del Lavoro 14, 35010, Vigonza (PD), tax code and VAT number: 04750480289, contactable at the following addresses. telephone number: +39 049 628630, e-mail: privacidad@ubgen.it .

2. Nature of the data processed, Purpose and legal basis of the processing Nature of the data processed.

In relation to the purposes of the processing indicated below, we inform you that only ‘common personal data’ will be processed, such as:- company identification data (company name, VAT number, tax code, type, address, telephone number, e-mail, etc.)

– personal contact data of the company and the legal representative (name, surname, etc.);

– etc.

Purpose of processing. Your personal data will be processed for the following purposes:

A. reply to your enquiries: by voluntarily filling in the appropriate form in this contact area;

B. to fulfil legal obligations;

C. marketing: for sending advertising material, direct sales, market research and commercial and promotional communications;

Legal basis of the processing. Personal data, for the purposes set out in points 2A and 2B, will be lawfully processed to fulfil pre-contractual and contractual obligations between us and the user (Art. 6(1)(b)), to fulfil our legal obligations (Art. .6(1)(c)).

Your personal data, for the purposes set out in point 2C of this privacy statement, may only be lawfully processed with your specific, separate, express, documented, prior and entirely optional consent (Art. 6(1)(a) EU Regulation). The consent you have given may be revoked at any time, without affecting the lawfulness of the processing based on the consent given before revocation (Art. 7 para. 3 EU Regulation).

Furthermore, the data subject is informed that, pursuant to Article 21 of the EU Regulation, he or she has the right to object at any time to the processing of personal data concerning him or her carried out for direct marketing purposes (including profiling) and that, should the data subject object to the processing, the Personal Data may no longer be processed for such purposes.

Clarification: in keeping with the principle of maximum transparency towards the data subject that is distinctive of our Company, we wish to inform you that should you decide to give your consent to point 2C (marketing), you must be informed in advance and aware that the purposes of the processing that is pursued are specific commercial, advertising, promotional and marketing purposes in the broadest sense, such as:

1. sending advertising and informative material (e.g. Newsletter) of a promotional nature;

2. the sending of commercial information by paper, automated or electronic means and, in particular, by ordinary or electronic mail, telephone (e.g. calls, WhatsApp messages, SMS, MMS), fax and any other IT channel (e.g. websites, mobile phones). application);

3. sending invitations to events, events and meetings of an informative and promotional nature;

4. send updates on promotional initiatives or technical, service, training or support innovations and/or the measurement of quality satisfaction.

3. Data recipients and processing methods Existence of automated decision-making, including profiling

The processing of your personal data will be based on the principles of correctness, lawfulness and transparency and may be carried out by paper and electronic means both by the undersigned personnel of the company, authorised/provided with the personal data processing, and by external parties called upon to carry out specific tasks, on behalf of the Data Controller, in their capacity as Data Processors, pursuant to art. 28 of the EU Regulation, subject to our letter of appointment imposing on them the duty of confidentiality and security in the processing of personal data, as well as the adoption of appropriate security measures to prevent the loss of data, unlawful and incorrect use and unauthorised access, in accordance with the provisions in force on the protection of personal data.

For the sake of brevity, the detailed list of these figures is available at the Data Controller’s premises and is at your disposal.

Your personal data will not be disclosed and will not be transferred to third countries or international organisations, nor will they be communicated to third parties unless required by law or contractual obligations (it should be noted that the communication of data to the other two companies is also part of the Group’s contractual obligations and specifically to DENTIST EDUCATION SRL and ESSEMME COMPONENTS SRL, since the activity of the latter is indispensable for the realisation/execution of the request).

With reference to the provisions of Art. 13 of the EU Regulation at para. 2 lit. f) and Art. 14 of the EU Regulation at para. 2 lit. g) it is noted that the data controller does not currently have any automated systems or decision-making processes in place.

4. Data retention periods

Your personal data will be kept for a period of time not exceeding the fulfilment of the purposes for which they are processed, in compliance with the retention limitation principle laid down in the EU Regulation and/or for as long as necessary for legal and contractual obligations. or until revocation of the specific consent by the person concerned and thus,

– with reference to the purposes set out in points 2A-2B, the data will be kept for a period not exceeding the achievement of the purposes for which they are processed and/or for the time strictly necessary for the fulfilment of legal and contractual obligations;

– with reference to the purposes set out in point 2C, data processed for marketing purposes will be kept for a maximum of 24 months after their collection.

In order to guarantee the stated retention periods, a periodic annual check is carried out on the data processed and the possibility of deleting them if they are no longer needed for the intended purposes.

5. Access to data (categories of recipients to whom the data may be disclosed)

We also inform you that the data collected will never be transferred or communicated without your explicit consent, except for necessary communications that may involve the transfer of data to public bodies, consultancy companies or other entities for the fulfilment of tax and legal obligations. or for the fulfilment of the purposes (where authorised), subject to our letter of assignment imposing on them the duty of confidentiality and security in the processing of personal data.

With reference to Art. 13(1)(e) of the EU Regulation, we indicate the entities or categories of entities (duly identified and qualified) that may become aware of your personal data in their capacity as data controller or processor, and a specific list by category is provided below:

– Partners, employees, collaborators and suppliers of the Data Controller in Italy and abroad, in their capacity as managers/authorised and/or appointed persons in charge of processing (e.g. offices: commercial, technical, administrative, legal, press; system administrators, external professionals, suppliers of various services, etc.).

– Companies that collaborate and/or are directly connected to the undersigned, their activity being indispensable for the execution of the request.

Your personal data may also be communicated to external parties who are recipients of the files concerning you, in the performance of their activities, and to external parties who interact with the writer, provided that and exclusively for activities functional to the purposes described above, external parties called upon to perform specific tasks, on behalf of the Controller, in their capacity as Data Processors, pursuant to Art. 28 of the EU Regulation.

For the sake of brevity, the detailed list of these figures is available at our office and is at your disposal.

6. and 7. Communication and transfer of data

Without the need for express consent (Art. 6, paragraph 1, subparagraphs b), (c) and (f) of the EU Regulation), the Data Controller may communicate your data for the purposes set out in points 2A to 2F to Supervisory Bodies, Judicial Authorities, as well as to those subjects to whom communication is compulsory by law for the fulfilment of the above-mentioned purposes.

These parties will process the data as autonomous data controllers.

Personal data are stored on devices located at the Data Controller’s premises or at suppliers within the European Union. Your data will not be transferred.

In order to guarantee the security of these transfers, we only use entities that offer the necessary guarantees to implement the appropriate technical and organisational measures so that the processing carried out complies with the provisions of EU Regulation 679/2016.

Both with regard to data in its own devices and data in providers, the data controller has put in place appropriate technical and organisational measures to ensure an adequate level of security, in full compliance with the provisions of the EU Regulation.

8. Consequences of non-disclosure of data

The personal data referred to in points 2A-2B of this notice are necessary, without which it would be impossible for us to proceed with the registration (creation of your personal account) and fulfil our contractual and legal obligations.

The personal data in point 2C, on the other hand, are optional. Refusal to provide them will have no consequence and will not affect your request to proceed to registration and fulfilment of contractual and legal obligations. You may therefore decide at any time not to provide any data or subsequently refuse to process data already provided.

9. Rights of the data subject

As a data subject, you have the rights set out in Articles no. 15 to n. 22 of the EU Regulation below and specifically has the right to:

– obtain confirmation of the existence and processing of personal data concerning you and, in that case, obtain access to your data (so-called right of access);

– obtain information on the purposes of the processing, the categories of data concerned, the recipients or categories of recipients to whom the data have been or will be disclosed, in particular if the recipients are third countries or international organisations, the expected period of retention of the data or the criteria used to determine that period; and if the data have not been collected from the data subject, obtain all available information on their origin;

– obtain rectification of the data concerning him/her (the so-called right of rectification); and

– obtain the deletion of data concerning him/her (the so-called right to be forgotten);

– obtain restriction of processing (the so-called right to restriction of processing);

– obtain data portability, i.e. receive the data from a data controller in a structured, commonly used and machine-readable format and transmit them to another data controller without hindrance (so-called right to data portability);

– object to the processing at any time (the so-called right to object).

We inform you in particular, as required by Art. 21 of the EU Regulation, that if personal data is processed for direct marketing purposes (including profiling), the data subject has the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, and that if the data subject objects to the processing for direct marketing purposes, the personal data may no longer be processed for such purposes;

– be aware (with the possibility to object) of the existence of an automated decision-making process concerning natural persons, including profiling;

– withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal;

– file a complaint with a supervisory authority (Data Protection Authority).

Please note that there may be conditions or limitations to the rights of the data subject. Therefore, you do not necessarily have the right to data portability in all cases, as this depends on the specific circumstances of the processing activity.

Another example: if you decide to object to the processing of your data, the controller has the right to evaluate your request, which may not be accepted if there are compelling legitimate grounds for processing that override your interests, rights and freedoms.

10. How to exercise your rights

You may exercise your rights at any time, without any formality, clearly and explicitly, by sending

– a registered letter with acknowledgement of receipt addressed to the undersigned (see address on letterhead);

– an e-mail to privacidad@ubgen.it .

Or by contacting the Data Controller directly on: +39 049 628630.

11. Minors

The data controller’s offer and the purposes of the existing relationship with you do not provide for the intentional acquisition of personal data relating to minors. In the event that data relating to minors are unintentionally recorded, the data controller will delete them immediately upon request or notification by the data subject.

12. DPO – Designated/Authorised Persons – Data Processors

Below we provide you with some information that you should be aware of, not only to comply with legal obligations, but also because transparency and fairness towards those concerned is a fundamental part of our business.

DPO (Data Protection Officer) – DPO (Data Protection Delegate).

You can contact the Data Protection Officer to obtain information and make requests concerning your data or to report inefficiencies or problems.

The Data Controller has appointed Mr Nicola Ghinello as Data Protection Officer, who can be contacted at the following addresses: telephone +39 348 3165267, e-mail: nicola.ghinello@dpo-rpd.com .

Designated/Authorized. The updated list of data processors/processors is kept at the Controller’s office. Data Processors.

For the sake of brevity, the detailed list of these figures is available at our office.