Information note on the processing of personal data collected from the data subject (Art. 13 of EU Regulation 2016/679.
Agile Lab S.r.l. (below “Agile Lab” or the “Company”), with principal office in Via Alessandro Manzoni, 30 20121 Milano (Italy) Vat number 10963790018 is the Controller pursuant to art. 4, n. 7) and 24 of Regulation (EU) 2016/679 (below “Regulation” or “GDPR”) of all the personal data acquired and processed accessing and using the platform “Vodafone Analytics” and related applications.
“Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. OBJECT OF PROCESSING
The Controller processes personal data both sensitive and non-sensitive, in particular, name, surname, e-mail address, company name, business role, telephone number(below “personal data” or even “data”) that You have communicated.
3. PURPOSES OF PROCESSING
Your personal data are processed:
A) without Your explicit consent ex art. 6 lett. b) and e) of GDPR, for the following Service Purposes:
- execute the services of the Controller;
- fulfil the pre-contractual, contractual and tax obligations deriving from the agreements;
- fulfil the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering);
- exercise the rights of the Controller, for example the right to defence in court;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
B) Only subject to Your specific and distinct consent (Article 7 GDPR), for the following Marketing Purposes:
- marketing: send via e-mail, newsletters, commercial communications and / or advertising material on products or services offered by the Controller and recognition of the degree of satisfaction on the quality of services;
- mailing and profiling: send by e-mail, mail commercial and / or promotional communications of third parties (for example, business partners), the Controller avails himself of an address and communication managing software, offered by the provider Mailchimp (USA – The Rocket Science Group LLC), which allows to collect data concerning users’ habits related to timing and modes of reception;
4. PROCESSING AND PERIOD OF STORAGE
Processing of Your personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR and precisely: collection, recording, organisation, geo-localization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Your personal data are processed either on paper or electronic and / or automated.
The Controller will process the personal data for the time necessary to fulfil the aforementioned purposes and however for no more than 2 years from the acquisition or consent of the User.
5. DATA FLOWS
Your data may be made accessible for the purposes referred to in art. 3.A) and 3.B):
- to employees and coworkers of the Controller in Italy and abroad, in their capacity as persons in charge and / or internal managers of processing;
- to third-party companies or other subjects who carry out outsourced activities on behalf of the Controller, in their capacity as external managers of processing.
6. DATA COMMUNICATION
Without Your express consent (pursuant to Article 6 letter b) and c) GDPR), the Controller may communicate your data for the purposes referred to in art. 3.A) to Supervisory Authorities, Judicial Authorities and to all the other subjects to whom the communication is mandatory by law for the fulfilment of said purposes. Your data will not be released to the public.
7. DATA TRANSFER
The management and storage of personal data will be carried out:
- on servers of the Controller located within the European Union;
- only under Your express consent, on servers of third-party companies, located outside the European Union, that may not meet the same data protection standards provided by the EU Regulation 2016/679.
8. NATURE OF THE DATA COMMUNICATION AND POSSIBILE CONSEQUENCES OF A DECLINE
The communication of data for the purposes of art. 3 A) is mandatory. In their absence, we will not be able to offer You the services of art. 3 A).
The communication of data for the purposes of art. 3 B) is not mandatory. Therefore, You can choose whether to refuse to confer any data or to later deny the treatment of previously communicated data. In this case, You will not receive any commercial advertising related to online services offered by the Controller, or You will not have Your pictures, videos, or audio recordings posted on the Controller’s or third-parties companies’ appointed websites. Services under art. 3 A) will remain granted.
9. RIGHTS OF THE DATA SUBJECT
Pursuant to art. 15 GDPR You have the following rights:
- obtain confirmation as to whether or not personal data concerning You are being processed, even if not yet registered, and their communication in intelligible form;
- obtain the indication of: a) the source of personal data; b) the purposes and methods of the processing; c) the logic applied in case of treatment carried out with the aid of electronic instruments; d) the identity and the contact details of the Controller, Processors and, where applicable, of the Controller’s representative; e) the subjects or the categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State or processors;
- obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfilment is it proves impossible or involves a use of means manifestly disproportionate to the protected right;
- to object, in whole or in part: a) for legitimate reasons, the processing of personal data concerning You, even if pertinent to the purpose of the collection; b) to the processing of Your personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
Where applicable, You have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right of complaint to the Data Protection Authority.
10. TERMS FOR EXERCISE OF RIGHTS
You may exercise these rights by:
– registered mail to: [•]
– e-mail to: email@example.com
– certificated email to: [•]