ICONT

Mod. ICONT
Update date 05/2025

Information on the processing of personal data pursuant to Art. 13 of EUROPEAN REGULATION No. 679/2016

Dear interested party,

UBGEN SRL as the Data Controller in accordance with Art. No. 13 of the European Regulation No. 679/2016 “General Data Protection Regulation (GDPR)” (hereinafter EU Regulation), laying down provisions on the processing of personal data, intends to inform you about the processing of your personal data.

The regulation establishes that any entity processing personal data is required to inform the data subject regarding the data being processed and the key elements of such processing, which must always be carried out in a lawful, fair, and transparent manner, while also protecting confidentiality and ensuring the rights of the data subject.

It is specified that “processing of data” refers to any operation or set of operations related to the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, or destruction of the data.

1. Data controller

The data controller is UBGEN S.R.L. with registered office in Via Regia 71, 35010, Vigonza (PD) and operational office in Viale del lavoro 14, 35010, Vigonza (PD), C.F. and VAT no.: 04750480289, contactable at the following addresses: phone +39 049 628630, e-mail: privacy@ubgen.com

2. Nature of Data Processed, Purpose and Legal Basis for Processing

Nature of data processed. In relation to the purposes of processing below, we inform you that only “common personal data” will be processed, such as:

  • company identification data (company name, VAT number, tax identification number, type, address, telephone number,
    e-mail, etc.);
  • master data corporate contact person and legal officer (first name, last name, etc.);
  • etc.

Purpose of processing. Your personal data will be processed for the following purposes:

  1. give feedback on your requests: by filling out, voluntarily, the appropriate form found in this contact area;
  2. Fulfilling legal obligations;
  3. Marketing: to send you advertising material, direct sales, fulfillment of market research and commercial and promotional communications;

Legal basis for processing. Personal data, for the purposes mentioned in 2A and 2B will be lawfully processed to fulfill pre-contractual and contractual obligations between us and you (art.6, par.1 lett. b), to fulfill our legal obligations (art.6 par.1 lett. c).

Your personal data, for the purposes referred to in points 2C of this notice may be lawfully processed only with your consent (art. 6. parag.1 lett. a EU Regulation), which is specific, separate, express, documented, prior and entirely optional.

The consent you have given may be revoked at any time, without affecting the lawfulness of the processing based on the consent given before revocation (Art.7 parag.3 EU Regulation).

In addition, we inform the data subject, that pursuant to Article 21 of the EU Regulation, the data subject has the right to object at any time to the processing of personal data concerning him or her carried out for the purposes of direct marketing (including profiling) and that, if the data subject objects to the processing, the personal data may no longer be processed for such purposes.

Clarification: following the principle of maximum transparency towards the Data Subject distinctive of our Company, we would like to inform you that in case you decide to give consent to point 2C (marketing), you must be informed in advance and aware that the purposes of the processing pursued are of a specific commercial, advertising, promotional and marketing nature in a broad sense, such as:

  1. Send advertising and informational materials (e.g., newsletters), promotional in nature;
  2. to send commercial information by paper, automated or electronic means and, in particular, by regular mail or e-mail, telephone (e.g., calls, WhatsApp messages, SMS, MMS), fax and any other computer channel (e.g., websites, mobile app);
  3. Forward invitations to events, events and meetings of an informative and promotional nature;
  4. forward communications for updates on promotional initiatives or technical news, for services, training or assistance, and/or quality satisfaction surveys.

3. Data recipients and Processing methods Existence of automated decision making, including profiling

The processing of your personal data will be based on the principles of correctness, lawfulness and transparency and may be carried out by means of paper and electronic instruments both by the staff of the undersigned Company, authorized/charged with the processing of personal data, and by external parties called upon to carry out specific tasks, on behalf of the Data Controller, as Data Processors, pursuant to Art. 28 EU Regulation, subject to our letter of assignment imposing on them the duty of confidentiality and security of the processing of personal data, and the adoption of appropriate security measures to prevent data loss, illicit and incorrect use, and unauthorized access, in compliance with current provisions on the protection of personal data.

For brevity, a detailed list of these entities is available at the Data Controller’s headquarters and is at your disposal.

Your personal data will not be disseminated and will not be transferred to third countries or international organizations, nor will it be communicated to third parties except for legal or contractual obligations (it should be noted that contractual obligations also include the communication of data to the other Group Company, specifically to ZIACOM ITS S.R.L., as the activities of these are essential to the completion/execution of what you have requested).

With reference to the provisions of Art. 13 of the EU Regulation at para. 2 letter f) and Art. 14 of the EU Regulation at para. 2 letter g), it is hereby made known that the Data Controller at present does not have any automated system or decision-making process in use.

4. Data retention periods

Your personal data will be retained for a period no longer than necessary to achieve the purposes for which they are processed, in compliance with the principle of storage limitation provided by the EU Regulation, and/or for the time required by legal and contractual obligations, or until the specific consent of the data subject is revoked.

  • with reference to the purposes indicated in 2A-2B, the data will be retained for the time not exceeding the achievement of the purposes for which they are processed and/or for the time strictly necessary for the fulfillment of legal and contractual obligations;
  • with reference to the purposes indicated in 2C, data processed for Marketing purposes will be retained no longer than 24 months after collection.

To guarantee the declared retention periods, a periodic review will be conducted annually to assess whether the processed data can be deleted if they are no longer necessary for the intended purposes.

5. Access to data (categories of recipients to whom the data may be disclosed)

We also inform you that the data collected will never be disseminated and will not be communicated without your explicit consent, except for necessary communications that may involve the transfer of data to public bodies, consultants or other parties for the fulfillment of tax and legal obligations or for the fulfillment of purposes (where authorized), subject to our letter of assignment imposing on them the duty of confidentiality and security of the processing of personal data.

In accordance with Article 13, paragraph 1, letter e) of the EU Regulation, the following is a list of entities or categories of entities (duly identified and instructed) that may have access to the user’s personal data as Data Processors or Authorized Persons:

  • Partners, employees, collaborators and suppliers of the Data Controller in Italy and abroad, in their capacity as designated/authorized officers and/or data processors (e.g., offices: commercial, technical, administrative, legal, printing; system administrators, external professionals, various service providers, etc.).
  • Partner companies and/or directly connected with the writer, the activities of these being essential to the completion/execution of what you requested.

Your personal data may also be communicated to external recipients of the files that concern you, in the performance of activities and to external parties that interact with the writer, always and exclusively for activities functional to the purposes described above, external parties called upon to carry out specific tasks, on behalf of the Data Controller, as Data Processors, pursuant to Art. 28 of the EU Regulation.

For the sake of brevity, the detailed list of these figures is available at our office and is at your disposal.

6. and 7. Communication and transfer of data

Without the need for express consent (Art. 6 par. 1(b), (c) and (f) of the EU Regulation), the Data Controller may disclose your data for the purposes set out in points 2A to 2F to supervisory bodies, judicial authorities, as well as to those entities to whom disclosure is mandatory by Law for the fulfillment of the above purposes.

These subjects will process the data as independent data controllers.

Personal data are stored on devices located at the Data Controller’s headquarters or with service providers within the European Union.

Your data will not be disclosed.

To ensure the security of such transfers, we rely solely on entities that provide the necessary guarantees to implement appropriate technical and organizational measures, ensuring that the processing complies with the requirements of EU Regulation 679/2016.

Both for data stored on internal devices and for any data hosted by third-party providers, the Data Controller has implemented appropriate technical and organizational measures to guarantee an adequate level of security, in full compliance with what is indicated in the EU Regulation.

8. Consequences of non-disclosure of data

The personal data in items 2A-2B of this policy are necessary, without such data it would be impossible for us to proceed with registration (creation of your personal account), fulfill contractual and legal obligations.

The personal data, on the other hand, referred to in points 2C are optional the refusal to provide them will not entail any consequences and will not affect your request to proceed with the registration as well as to perform your contractual and legal obligations. You may therefore decide not to provide any data or subsequently deny at any time the possibility of processing data already provided.

9. Rights of the data subject

In your capacity as a data subject, you have the rights set forth in Articles No. 15 to 22 of the EU Regulation below, namely, you have the right to:

  • obtain confirmation of the existence and processing of personal data concerning him or her, and if so, obtain access to his or her data (so-called right of access);
  • Obtain information about the purposes of the processing, the categories of data concerned, the recipients or categories of recipients to whom the data have been or will be disclosed, particularly if recipients in third countries or international organizations, the expected data retention period or the criteria used to determine this period; and where the data are not collected from the data subject, obtain all available information about their origin;
  • Obtain the rectification of data concerning him or her (so-called right of rectification)
  • Obtain the deletion of data concerning him or her (so-called right to be forgotten);
  • Obtain limitations on processing (so-called right to restriction of processing);
  • Obtain portability of data, i.e., receive them from a data controller in a structured, commonly used, machine-readable format and transmit them to another data controller without hindrance (so-called right to data portability);
  • object to the processing at any time (so-called right to object). We specifically inform you, as required by Article 21 of the EU Regulation, that where personal data are processed for direct marketing purposes (including profiling), the data subject has the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, and that where the data subject objects to the processing for direct marketing purposes, the personal data may no longer be processed for such purposes;
  • Be made aware (with an opportunity to object) of the existence of automated decision-making regarding individuals, including profiling;
  • To revoke consent at any time without affecting the lawfulness of the processing based on the consent given before revocation;
  • Propose a complaint to a supervisory authority (Data Protection Authority).

It is important to note that there may be conditions or limitations to the rights of the data subject. For example, the right to data portability may not apply in all cases, as it depends on the specific circumstances of the data processing.

Another example: if you choose to object to data processing, the Data Controller has the right to evaluate your request, which may be denied if there are compelling legitimate reasons for continuing the processing that override your interests, rights, and freedoms.

10. Ways of exercising rights

Without any formality you may at any time exercise your rights clearly and explicitly by sending:

– a registered letter with return receipt to the writer (see the address on the letterhead);

– an e-mail to the address privacy@ubgen.com

Or by contacting the Data Controller directly at: +39 049 628 630.

11. Minors

What is offered by the Data Controller and the subject of the existing relationship with you does not involve the intentional acquisition of personal information referring to minors. In the event that information about minors is unintentionally recorded, the Data Controller will delete it in a timely manner upon request or notification by the data subject.

12. DPO – Designated/Authorised Persons – Data Processors

Below we provide you with some information that it is necessary to bring to your attention, not only to comply with legal obligations, but also because transparency and fairness towards the Interested Parties is a founding part of our activity.

  • D.P.O. (Data Protection Officer) – R.P.D. (Data Protection Officer) .. You may also contact the Data Protection Officer to obtain information and submit requests about your data or to report inefficiencies or any problems you may encounter.

The Data Controller has appointed Mr. Nicola Ghinello as Data Protection Officer who can be contacted at the following numbers: phone +39 348 3165267, e-mail: nicola.ghinello@dpo-rpd.com

  • Appointees/Authorized. An up-to-date list of the Data Processors/Authorized Processors is kept at the Data Controller’s office.
  • Data Processors. For brevity, the detailed list of these figures is available from our office.