Altea Federationa brand under which business consulting companies collaborate in a federative model providing their customers with a wide range of innovative consultancy, management solutions and IT solutions, has always considered the protection of personal data of its customers, potential customers, and anyone who wants to relate to it, to be of fundamental importance, ensuring that it occurs in full compliance with the regulations prepared for this purpose, as the latest EU Regulation 2016/679.
If necessary, this information may be supplemented by a consent form pursuant to Article 7 of the Regulation, prepared based on the use that will be made of Personal Data.
The company that will process your Personal Data for the purposes described in the following Article 3 of this Information and therefore will act as the data controller, as defined in Article 4 point 7) of the Regulation,“the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” is:
ALTEA S.p.A. with registered office in Feriolo di Baveno (VB), Strada Cavalli, 42, registered in the Verbania Companies Register, Tax Code and VAT 01440580031 (number 01440580031 (hereinafter the “Data Controller”).
For some processing activities identified in the following Article 4, other companies belonging to the Altea Federation (list available upon specific request) will act as joint controllers of the processing, which shall be understood as “two or more controllers jointly determining the purposes and means of processing” as provided for in Article 26 of the Regulation.
The Joint Controllers, by entering into the joint controller agreement, in accordance with Article 26 of the Regulation, undertake to:
• jointly determine some of the purposes and processing modalities of your Personal Data;
• jointly determine the procedures for providing you with a timely response if you wish to exercise your rights, as provided for in Articles 15, 16, 17, 18 and 21 of the Regulation, as well as in cases of portability of Personal Data provided for in Article 20 of the Regulation;
• jointly define this Information in the parts of common interest indicating all the information provided for by the Regulation.
The Data Controller, in order to allow the execution of one or more contracts or to allow the use of a specific service, needs to collect and process your Personal Data. In particular, Personal Data will be processed for the purposes of proper management of the contractual relationship/service provision and, where applicable, related obligations (administrative management, compliance with legal, accounting, tax, and any other obligations connected to the above purposes).
The Data Controller, with your express consent, may request additional data for the following purposes:
Direct marketing purposes: namely, the desire to carry out promotional and marketing activities towards you through communications related to services and products similar to those you have already used, initiatives, and related offers. It is specified that each email sent will allow you, by clicking on the appropriate link, to refuse further emails.
Indirect marketing purposes: namely, the desire to carry out promotional and marketing activities towards you for third parties through communications related to services and products provided by other subjects with whom the Data Controller has legal relationships.
Profiling purposes: namely, the desire to profile you by evaluating your preferences, needs, and consumption habits, also in relation to market research and statistical analysis. This allows us to better understand the needs of our interlocutors, provide personalized, high-performing offers and services, and, no less important, offer increasingly relevant and competitive products and services.
With regard to these purposes, it is specified that marketing actions may be managed both through traditional methods (e.g. postal mail, phone calls with operator, etc.) and through automated and/or similar methods (e.g. email).
The processing of Personal Data for the purposes indicated in points b) and c) will be conditioned upon obtaining your consent pursuant to Article 7 of the Regulation; the processing of Personal Data for the purposes indicated in point a) may instead be carried out on the basis of the Data Controller’s legitimate interest, regardless of consent and until opposition to such processing.
will take place in full compliance with the principles of confidentiality, correctness, necessity, relevance, lawfulness, and transparency in order to guarantee the security and confidentiality of the data, through the adoption of measures provided for by Article 32 of the Regulation in order to preserve the integrity of the processed data and prevent access to them by unauthorized subjects.
will be carried out by authorized and specialized personnel using paper, computer, electronic, and any other type of technologically suitable support.
The personal data collected and processed by the Data Controller and Data Co-Controllers are personal data (by way of example and not exhaustively: name, surname, company of belonging, email address, phone number, project data).
Personal Data may be communicated to specific subjects considered recipients under the terms and effects of art. 4 point 9 of the Regulation.
In particular, in order to correctly carry out the Processing and pursue the purposes described above, Personal Data may also be processed by the following recipients:
third parties who perform part of the processing activities and/or activities related to them on behalf of the Data Controller and/or Data Co-Controllers. Before processing, such subjects will be appointed as Data Processors;
employees, collaborators, or individual consultants of the Data Controller and/or Data Co-Controllers to whom specific Personal Data processing activities have been entrusted and as such identified, in accordance with art. 4 point “Authorized Persons”;
to judicial authorities or public entities, where required by law.
Personal Data will be processed by the Data Controller and Data Processors within the territory of the European Union. In case for technical and/or operational reasons it becomes necessary to use subjects outside the EU, the Data Controller and/or Data Processors will appoint them as processors under and for the purposes of Article 28 of the Regulation, ensuring from now on that any transfer of Extra EU data will take place in compliance with applicable law provisions. To protect your data during these transfers, appropriate guarantees will be adopted, including adequacy decisions and standard contractual clauses approved by the European Commission.
Personal Data will be stored by the Data Controller only for the time necessary to achieve the purpose described in point 3 above or until the relationship with the Data Controller ceases, subject to any additional retention period that may be imposed by law.
With regard to processing carried out for the purposes described in point 4 above, Data Processors may process your Personal Data until the revocation of consent for one or all the purposes for which it was requested.
The data subject may exercise at any time the rights provided for in Articles 15 to 22 of EU Regulations 2016/679, including:
receiving confirmation of the existence of their personal data, knowing the purposes of the processing or their circulation scope, and accessing their content;
updating, modifying, and/or correcting their personal data;
requesting the erasure, transformation into anonymous form, or blocking of data processed unlawfully or limiting the processing;
objecting, on legitimate grounds, to the processing of data, including profiling;
objecting to the processing of data for the purposes of sending advertising or direct sales material or for conducting market research or commercial communication;
revoking the consent, where given, without prejudice to the lawfulness of the processing based on the consent given before the revocation;
receiving a copy of the provided data and requesting that such data be transferred to another data controller.
It is emphasized that the data subject’s right to object to the processing of their personal data for commercial and marketing purposes carried out through automated contact methods also extends to traditional methods, while still allowing the data subject to partially exercise this right, for example, by objecting only to the sending of promotional communications carried out via automated tools.
To exercise the aforementioned rights, it is sufficient to contact the Data Controller and/or the Joint Data Controllers using the following methods:
Consent can always be revoked through a link integrated into emails received by the data subject, with the option “unsubscribe”, or by sending written communication to the Data Controller and/or the Joint Data Controllers indicated in this Privacy Notice.
If the data subject believes there has been a violation of their rights, they may contact the competent supervisory authority pursuant to Article 77 of the GDPR, while still having the option to address the judicial authority directly.
The data controller is ALTEA S.p.A. with registered office in Feriolo di Baveno (VB), Strada Cavalli, 42, registered in Registro delle Imprese di Verbania, tax code and VAT number01440580031 – Email: firstname.lastname@example.org.
The list of data processors and persons in charge of data processing is kept at the controller’s headquarters.
This information may be subject to changes. For any updates, we invite you to consult our websites and other channels made available by Altea Federation.