Privacy Policy
PRIVACY NOTICE art. 13 – ART. 14 | General Data Protection Regulation (GDPR) UE 2016/679
Altea Federation is a brand under which some business consulting companies collaborate in a FEDERATIVE MODEL by providing their clients with a wide range of consultancy services, MANAGEMENT AND INNOVATIVE INFORMATION SOLUTIONS.
Altea Federation is committed to protecting and respecting the personal data of Clients and of anyone who relates to it, ensuring the compliance with current legislation such as the Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”).
“Personal data”, are “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”; as per GDPR art. 4.1
The GDPR provides that before proceeding with the processing of Personal data (where “Processing” means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”, as per GDPR art. 4.2) the natural person to whom the Personal data refers, is duly informed about reasons for which such data are requested and how they are used.
With this Privacy Notice we want to tell you the purposes of the processing for which your personal data are intended, how we may use your personal data and how we protect them, according to GDPR.
Where necessary, this notice may be supplemented by a form for the release of your consent pursuant to and for the purposes of art. 7 of GDPR.
2 – Who will process Personal Data
The company that will process your Personal Data for the purposes outlined in the following Article 3 of this Privacy Policy, and thus will act as the data controller as defined in Article 4, point 7) of the Regulation, “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” is:
EFFICIENTO S.r.l. with registered office in Milan, via Benigno Crespi 24, registered with the Companies Register of Milan Monza Brianza Lodi, Tax Code and VAT number n. 03660221205 (hereinafter the “Data Controller”).
The Data Controller, for some processing activities as identified within the following Article 4, will be joined by other companies belonging to the Altea Federation (list available upon specific request) which will act as joint data controllers, to be understood as “two or more companies that jointly determine the purposes and means of processing” as provided for in Article 26 of the Regulation.
By entering into the joint data controller agreement, pursuant to Article 26 of the Regulation, the Joint Data Controllers commit to:
jointly determining certain purposes and methods of processing your Personal Data;
jointly determining procedures to provide you with a timely response should you wish to exercise your rights, as provided for in Articles 15, 16, 17, 18, and 21 of the Regulation, as well as in cases of personal data portability provided for in Article 20 of the Regulation;
jointly defining this Privacy Policy in the parts of common interest, indicating all the information required by the Regulation.
The list of Joint Data Controllers and a summary of the respective Agreement they have entered into are available here.
The Controller / Joint controller will process your Personal data that are necessary for the performance of one or more contracts to which you are party, or in order to take steps at your requests even before entering into a contract (e.g. downloading of informative material, participation in events and webinars, etc.) (GDPR, art. 6.1.b) and for compliance with legal obligations to which the Controller and the Jont Controllers are subject (e.g. administrative, accounting and tax obligations) (GDPR, art. 6.1.c).
The following additional Processing will be performed by the Controller / Joint controller without your consent, as it is necessary for the purposes of the legitimate interests pursued by the Controller / Joint controller, as per GDPR, art. 6.1.f:
- Direct marketing: promotional and marketing activities performed by the Controller / Joint controllers, through communications relating to services, products, initiatives and offers similar to those you have already received by the Controller / Joint controllers.
Each email sent to you will contain the link to click to refuse further submissions.
The following data processing by the Controller / Joint controllers, will be performed only with your consent, as per GDPR, art. 6.1.a and 7:
- Indirect marketing: promotional and marketing activities performed by the Controller / Joint controllers, through communications relating to services and products provided to you by third parties with whom the Controller has legal relations
- Profiling: evaluation of your personal preferences, needs and consumer habits, also in relation to market surveys and statistical analysis. This data processing will be done to better understand your needs, to provide you customized offers and services and to offer you ever more relevant and competitive products and services.
Direct and Indirect marketing can be carried out both with traditional methods (e.g. paper mail, call from an operator, etc.) and with automated methods and/or assimilated (es. e-mail).
Your Personal data will be processed:
- in full compliance with the principles of confidentiality, correctness, necessity, relevance, lawfulness and transparency so as to guarantee the security and confidentiality of data, through the adoption of the measures envisaged by article 32 of GDPR in order to preserve the integrity of the processed data and prevent access to the same by unauthorized parties
- by authorised and specialized persons, by means of paper, IT and electronic tools and with any other type of suitable technology.
The data processed by the Controller / Joint controllers will be personal data such as: name, surname, your company, your professional email and phone numbers.
The Controller / Joint Controller may communicate your data to the following Recipients.
A “Recipient” is “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not”, as per GDPR, art. 4.9:
- Third parties who carry out part of the data processing and / or activities related to them on behalf of the Controller / Joint controllers. Prior to processing, these third parties will be appointed as “Data processors”. A “Data processor” is “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller”, as per GDPR, art. 4.8
- Employees, collaborators or individual consultants of the Controller / Joint controllers, to whom specific processing activities have been assigned; these persons are identified as “Authorised persons”.
- Legal authorities and other public authorities, where required by law.
Personal data will be processed by the Controller / Joint controllers within the EU.
In the event that any technical and/or operational reasons makes it necessary, it may be necessary to make use of subjects which are outside the EU. In this case, the Controller / Joint controllers will designate these subjects as “Personal data Processor” as per GDPR, art. 28. Any transfer of Personal data outside EU will be done in compliance with the applicable laws. To protect your Personal data, appropriate guarantees will be adopted, including the “Adequacy Decisions” and the “Standard Contract Terms” approved by the European Commission.
Your data will be retained by the Controller to the extent necessary and sufficient for the accomplishment of the purposes described in Art. 3 above, or until the termination of the relationship with the Controller except for a further retention period which may be imposed by law.
With reference to the purposes described in Art. 4 above, the Joint controllers will process your Personal data until you communicate your will to revoke your consent to one or all of the purposes for which it was requested.
Under GDPR, you have rights we need to make you aware of. They are described in GDPR, art. 15-22 (click here to view them). Here is a summary:
- Your right of access (art. 15 GDPR). You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access your personal data and ask to us a copy of your personal data.
- Your right to rectification (art. 16 GDPR). You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure (art. 17 GDPR). You have the right to ask us to erase your personal information in certain circumstances (“right to be forgotten”).
- Your right to restriction of processing (art. 18 GDPR). You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to data portability (art. 20 GDPR). This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
- Your right to object to processing (art. 21 GDPR). You have the right to object to processing for legitimate reasons, including, direct and indirect marketing, surveys, profiling.
- Your right to not be subject to a decision based solely on automated processing, including profiling, in certain circumstances (art. 22 GDPR).
- Your right to withdraw your consent at any time (art. 7, para 3 GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before the withdrawal.
Your object to processing your Personal data for marketing purposes by automated means (e.g. email), will also be extended to the traditional means (e.g. paper mail), unless specific requests.
To execute any of these rights, please contact the Controller / Joint controllers
- by e-mail: altea@alteanet.it
- by phone: +39 0323 280811
Finally, you have the right to lodge a complaint with a supervisory authority and the right to brigde if you think that the processing of your personal data is not compliant with the relevant laws.
It is always possible to withdraw your consent to receive commercial information from us, using the dedicated link in the e-mails we send you, or by sending a written communication to the Controller / Joint controllers.
The data controller is EFFICIENTO S.r.l. with registered office in Milano, via Benigno Crespi 24, registered with the Companies Register of Milan Monza Brianza Lodi, Tax Code and VAT number n. 03660221205 (hereinafter the “Data Controller”). – Email: privacy@alteanet.it.
The Data Protection Officer (DPO) can be reached at the following email address: privacy@alteanet.it.
The list of data processors and those in charge of processing is kept at the data controller’s headquarters.
This Privacy Notice may be changed.
For update, we invite you to consult our websites and other channels made available by Altea Federation.