Privacy Policy for users of web monitoring platforms.
HIGECO S.r.l., with registered office in Viale Europa N°71 – 32100 – Belluno (BL) – Italy, Fiscal Code and VAT number 01067950251 (afterwards, “Holder1”), as data controller, pursuant to art. 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”), relating to the processing of personal data INDIVIDUAL PERSONS, in accordance with the national legislative framework governed by Legislative Decree 196:2003 integrated by the amendments introduced by Legislative Decree 101:2018, wishes to inform you, as “Interested”, that the personal data you provide will be processed in compliance with privacy legislation and the principles of fairness, lawfulness, transparency, and protection of your privacy and your rights. In particular, that your data will be processed in the manner and for the purposes set out in the following paragraphs.
TYPES OF DATA, PURPOSES AND LEGAL BASIS OF THE PROCESSING
As part of the monitoring activities guaranteed by the HIGECO CLOUD, VISION, and similar services to which you have access, personal identification data corresponding to email address, name and surname, residential/office address, and tax code are processed for the following purposes:
fulfill pre-contractual and contractual obligations related to the requested service (guarantee the functionality of the service such as, for example, sending alerts, account management);
fulfill obligations established by laws or regulations (e.g. tax obligations), by community legislation, by requests from the judicial authorities;
exercise the Data Controller’s rights, including, for example, the right to defense in court;
The legal basis for processing the data referred to in point 1 is the performance of the contract to which the customer is a party, or the performance of pre-contractual activities at the customer’s request; for point 2, the legal basis is the fulfillment of legal or regulatory obligations; for point 3, the legal basis is the pursuit of the data controller’s legitimate interest.
The data provided will not be processed for marketing purposes.
NATURE OF THE CONTRIBUTION
Providing personal data for processing is optional. However, failure to provide this data, whether partial or total, may make it partially or totally impossible to establish or continue the relationship with the Customer, to the extent that such data is necessary for the performance of the relationship (for example, without a mobile phone number, it will not be possible to send SMS alerts).
RECIPIENTS OR POSSIBLE CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Customer data is processed by the Data Controller’s internal personnel (employees, collaborators, etc.) who are identified and authorized to process data according to instructions provided in compliance with current legislation on privacy and data security.
If necessary for the purposes listed above, the Customer’s personal data may be processed by third parties appointed as Data Processors (pursuant to Article 28 of the GDPR) or “independent” Data Controllers, namely:
technical service providers (cloud hosting, IT services);
by professionals, companies, associations or professional firms that provide the Data Controller with assistance or consultancy for administrative, accounting, tax, technical (IT) purposes;
by all public institutions established by law and, more generally, by all bodies envisaged by current accounting and tax legislation as recipients of mandatory communications;
In any case, the Customer’s personal data will not be disclosed.
TRANSFER OF DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATIONS
No transfer of data to third countries outside the EU or to international organizations is foreseen.1)
DATA RETENTION PERIOD
For the purposes referred to in points 1., 2., and 3., the customer’s personal data will be processed and stored by the Data Controller for the entire duration of the contractual relationship and, at the end of the same for any reason, for the period established by current accounting, tax, civil, and procedural legislation.
Where the controller intends to transfer personal data to a third country or to an international organization, the existence or absence of an adequacy decision by the Commission must be indicated or, in the case of transfers referred to in Articles 46 or 47, or in the second subparagraph of Article 49, paragraph 1, of the Regulation, reference to the appropriate or suitable safeguards and the means by which to obtain a copy of such safeguards or the place where they have been made available.
MORE INFORMATION
The data communicated are not subject to automated decision-making processes (including profiling).
The data provided will not be processed for purposes other than those for which they were collected, unless prior and comprehensive communication is provided in accordance with the provisions of Article 13, paragraph 2 of the GDPR.
RIGHTS OF THE INTERESTED PARTY
In your capacity as Data Subject and in relation to the processing described in this Policy, the customer has the rights set forth in Articles 7, 15 to 21 and 77 of the GDPR and, in particular, the following:
right of access– Article 15 GDPR: right to obtain confirmation as to whether or not personal data concerning the Customer are being processed, and, where that is the case, to obtain access to such personal data, including a copy thereof;
right of rectification– Article 16 GDPR: right to obtain, without undue delay, the rectification of inaccurate personal data concerning the Customer and/or the integration of incomplete personal data;
right to erasure (right to be forgotten)– Article 17 GDPR: right to obtain, without undue delay, the deletion of personal data concerning the Customer; specifically, the interested party may request the deletion of their account and associated data at any time by sending an email to info@higeco.com; effective deletion will occur within 30 days, except for data that must be retained by legal obligations.
right to restriction of processing– Article 18 GDPR: right to obtain restriction of processing when: the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data; the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead; the personal data is required by the Data Subject for the establishment, exercise, or defense of legal claims; the Data Subject has objected to processing pursuant to Art. 21 GDPR, pending the verification whether the legitimate grounds of the Controller override those of the Data Subject;
right to data portability– Article 20 GDPR: the right to receive the personal data concerning the Customer, which he or she has provided to the Data Controller, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another Data Controller without hindrance, if the processing is based on consent and is carried out by automated means. Furthermore, the right to have the Customer’s personal data transmitted directly to another Data Controller, if technically feasible;
right to object– Article 21 GDPR: the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on legitimate interest or the performance of a task carried out in the public interest or in the exercise of official authority, including profiling, unless the Controller demonstrates compelling legitimate grounds for continuing the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. Furthermore, the right to object at any time to processing of your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing;
right of withdrawal– Article 7 GDPR: The Customer has the right to withdraw their consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal;
right to complain– Article 77 GDPR: the Customer has the right to lodge a complaint with the Italian Data Protection Authority, Piazza Venezia 11, 00187, Rome (RM).
HOW TO EXERCISE YOUR RIGHTS REGARDING DATA PROCESSED BY HIGECO srl
You may exercise your rights at any time by sending:
-a registered letter with return receipt to HIGECO Srl – Operational headquarters in via Cal longa N°48 – 32030 – Paderno (BL) – Italy;
an email to the address privacy@higeco.com with the subject line “privacy communications”.
The exercise of these rights is free of charge pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, including due to their repetitive nature, the Data Controller may charge you a reasonable fee based on the administrative costs incurred in handling your request, or refuse to comply with your request.
OWNER, RESPONSIBLE AND PERSONS IN CHARGE OF THE DATA PROCESSED BY HIGECO srl
The Data Controller is HIGECO S.r.l. with registered office in Viale Europa N°71 – 32100 – Belluno (BL) – Italy
The updated list of data controllers and processors is kept at the Data Controller’s operational headquarters in Via Cal longa N°48 – 32030 – Paderno (BL) – Italy
DATA SECURITY
The Data Controller adopts rigorous technical and organizational security measures to protect personal and sensitive data from unauthorized access, disclosure, alteration or destruction.
Data is transmitted securely via encrypted protocols (e.g., HTTPS/SSL) and access is limited exclusively to authorized personnel required to provide the service.
NOTE
1. Where the controller intends to transfer personal data to a third country or to an international organization, the existence or absence of an adequacy decision by the Commission must be indicated or, in the case of transfers referred to in Articles 46 or 47, or in the second subparagraph of Article 49, paragraph 1, of the Regulation, reference to the appropriate or suitable safeguards and the means by which to obtain a copy of such safeguards or the place where they have been made available.