( Rev 002/2018 – update 24/09/2018 )
Cartes S.r.l. is very attentive to privacy and to the protection of personal data.
We hereby intend, therefore, to inform you about the modalities with which we will treat your personal data that will be collected during the use of our websites and our applications or during interactions with our operators (collectively, the “Platforms”).
For example, we can collect information about you on the occasion:
· requesting a quote or a visit to Our Office;
· the use of other services through the Platforms;
· of telephone calls with our operators.
In particular, we need to process the data provided when registering or requesting a service. With your consent, we may also use other information you freely provide us at the time of registration or relating to the ways in which you interact with us (hereinafter collectively, the “Data”).
1. What data will we use?
We may collect and process the following Data:
1.1.Data collected through the application or registration form
For a request for a quote or for the use of additional services that require your prior registration, we may ask you to provide us with some personal data concerning you, including your personal data (name and surname) and your contact details (ex. Postal code, telephone number, e-mail address).The communication of the requested data with the appropriate form is optional, however, where the data marked with an asterisk are not provided to us, it will not be possible to complete the registration process and/or provide the requested services. With your consent, we will also be able to use further information freely provided by you through the appropriate form, such as: date of birth, tax exempt number, fiscal code, profession, educational qualification.
1.2.Data collected from social media
Our Platforms may offer you the possibility to fill in the request and/or registration forms using the authentication process through social media (e.g. Facebook). In this case, if you decide to use the authentication methods through social media, we will be able to access certain data (e.g. name, surname, public profile picture, e-mail) that you have published in your account based on the conditions of use of these social media platforms and your privacy settings.
1.3.Data collected through the use of the Platforms
During the use of our Platforms, we will process the necessary Data to guarantee the use of the same and related services, such as, for example, the data related to the log-in and the websites visited and your requests, preferences for a particular product (also indicated through the appropriate function on our application), the product detail sheets, other additional information that you can freely provide to make aesthetically complete the experience within our Platforms (such as: personal profile photo). These informations – in the absence of your specific consent to the processing for further purposes – are used only to allow the use of the platforms and provide the information and services requested.
Even in the absence of log-in, the computer systems used to ensure the correct operation of our websites and applications acquire during their normal operation, some personal data whose transmission is implicit for the use of electronic communication.
These informations are not collected to be associated with identified data, but, by their nature, could, through processing and association with data held by third parties, allow your identification. This category includes, for example, IP addresses or domain names of the computers you use to access our websites and applications, the type and version of the browser, the types and versions of the browser plug-ins, the identifier of the mobile device (IDFA or AndroidID) and other parameters related to your operating system and computer environment, the URI (Uniform Resource Identifier) of the requested resources, the time of the request, the size of the file obtained in response and the numerical code indicating the status of the response given by the server. These data, in the absence of your specific consensus to the processing for further purposes, are used for the sole purpose of obtaining anonymous statistical information on the use of sites and applications and to optimize their use and correct functioning and are deleted immediately after the processing.
With your consent, we may also use other information that you have freely provided us when completing the request and/or registration form or when using the Platforms, as well as further information on how you interact with our operators, sales consultants and us.
2. What purposes will we use your data and on the basis of what legal conditions?
We will use your data, also by means of electronic instruments:
a) to enable you to use our Platforms. Your Data will be used to provide you with the related services provided on your behalf and, more generally, for all related contractual and administrative obligations;
b) to provide you with estimates and/or information requested;
c) for the fulfillment of legal obligations or to comply with any orders of the judicial authority;
d) for statistical purposes, in a completely anonymous and aggregate form.
With your consent, we may also use your Data for the following purposes:
e) to send you commercial and/or promotional information as well as to send advertising material or to carry out direct sales activities or interactive commercial communications about products, services and other activities of Cartes S.r.l. or third parties, or perform market research. For example, we may send you emails or instant messages (e.g. SMS and WhatsApp), or contact you by telephone via operator to submit commercial offers, initiatives and promotions related to products and services (even different from those you requested) our and/or third parties;
f) to examine your preferences and the ways in which you interact with us. In particular, in order to better understand your tastes and interest in our services and our communications, we will be able to examine – even through the use of automated systems – the information provided at the time of your registration to the Platforms and to other services provided by the Platforms, your interest in communications and the newsletters that we will send you, how our Platforms are used and the interest in our social channels (e.g. Facebook),Finally, we can enrich your profile with statistical information that we can acquire lawfully from other sources: for example, in relation to your area of residence (such as demographic information, geo-referenced data, etc.) or electronic tools that you use to interact with us. In any case, you will not be subject to automated decision-making processes with the effects of art. 22 of the GDPR.
g) to communicate your Data to our Commercial Partners for autonomous marketing purposes; The use of the Platforms and the use of the related services, including the evasion of requests for quotation, are in no way conditioned by the provision of the aforementioned consent.
3. Until when will we keep your Data?
Your Data will be processed for the time necessary to provide the requested services. In case you have not given consent to the processing for further purposes, your Data will be deleted or made anonymous for 12 months from the date of receipt of your request. The information associated with your account will remain, however, stored until the same account is active. In case you decide to cancel the account, your data will be deleted from the same account no later than 30 days. In any case – for the purposes referred to in point 2, letters (e) and (f) – the information related to the details of the services you use and your interactions with us will be processed no later than 12 months from the date of the collection.
4. To whom we will communicate your Data?
Your Data may be shared, for administrative purposes, with the parent companies, controlled by and connected to Cartes S.r.l. and, for the purposes of the management of the Platforms and for the provision of the requested services, with our suppliers of instrumental services to the services rendered by Cartes S.r.l. (e.g. IT services). These subjects will operate as data controllers. In case of quotation request, your Data may also be communicated by Cartes S.r.l. to its commercial partners, whose collaborations are necessary for the provision of the requested services and, in particular, the financial or insurance companies or the companies delegated by them to the management of the contacts involved from time to time (hereinafter, the “Business Partners”), based on requests for quotations and/or services that you send us. Our Commercial Partners will act as independent data controllers and in compliance with the respective privacy policies, which will be sent by the same together with the quotations or information requested. A complete list of the subjects to whom your data may be communicated will be made available by sending a written request to the contacts indicated below.
5. Will your Data be transferred to non-UE countries?
Your Data will not be transferred outside the territory of the European Union.
6. What rights can you exercise?
You have the right to request access to the Data, to correct or cancel the data, limit the processing and to oppose their use by us, as well as the right to request delivery of some of these. Rights of the interested party:
Right of access
The interested party has the right to obtain from the data controller confirmation that it is or is not undergoing the processing of personal data concerning him and in this case, to obtain access to personal data and the following information;
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations and, in this case, the existence of adequate guarantees;
d) when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
e) the existence of the right of the interested party to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
f) the right to submit a complaint to the supervisory authorities;
g) if the data are not collected from the party, all informations available on their origin;
h) the existence of an automated decision-making process, including profiling, which produces legal effects concerning him or which significantly affects his person and, at least in such cases, significant information on the logic used, as well as the importance and the expected consequences of this treatment for the data subject
Right of rectification
The interested party has the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay.
The data subject has the right to obtain from the data controller the deletion of personal data concerning him without undue delay and the data controller is obliged to cancel the personal data without undue delay if one of the following reasons exists:
a) personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
b) the interested party revokes the consent on which the treatment is based and there is no other legal basis for the treatment;
c) the interested party opposes the processing, and there is no legitimate overriding reason to proceed with the processing;
d) personal data have been processed unlawfully;
e) personal data must be deleted in order to fulfill a legal obligation under the law of the European Union or of the law of the Member State to which the data controller is subject;
Rights limiting treatment
The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:
a) the interested party disputes the accuracy of personal data for the period necessary for the data controller to verify the accuracy of such personal data;
b) the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited;
c) although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to verify, exercise or defend a right in court;
d) the interested party opposed the processing, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
The interested party has the right to oppose at any time the processing of personal data concerning him/her based on the legitimate interest of the owner, including profiling. The interested party has the right to object at any time to the processing of personal data concerning him/her for direct marketing purposes, including profiling in so far as it is connected to such direct marketing.
Right to data portability
The data subject has the right to receive, in a structured, commonly used and automatically readable form, the personal data concerning him/her provided to a data controller and has the right to transmit such data to another data controller without impediments from part of the data controller to whom he has provided them: a) the processing is based on consent or on a contract; and b) processing is carried out by automated means. In exercising its rights to data portability, the data subject has the right to obtain direct transmission of personal data from one data controller to another, if technically feasible
7. How can you change your preferences or cancel agreements?
At any time, you can check, modify or cancel your consent in relation to the purposes referred to in paragraph 2, letters (e), (f), and (g), (also stating that you do not want to receive commercial information via e-mail and/or via instant messaging). It will be enough to contact Cartes S.r.l.
8. How to contact the dealer for the exercise of your rights?
You can exercise your rights by writing to the data controller, at the following addresses:
telephone: 0376 511511
9. How to contact the competent Supervisory Authority for the presentation of any complaints?
Any complaints may be presented to the competent supervisory Authorities:
Guarantor for the Protection of Personal Data
Piazza di Monte Citorio n. 121 00186 Rome Italy
Fax: (+39) 06.69677.3785 Tel: (+39) 06.696771
E-mail: firstname.lastname@example.org Certified mail: email@example.com