CUSTOMER, SUPPLIER AND PARTNER MARKETING PRIVACY POLICY
PURSUANT TO EU REGULATION 2016/679
Finwave SpA hereby informs you of the following in accordance with the European Data Protection Regulation (EU Regulation No. 2016/679, hereafter GDPR) and the relevant national legislation.
Data Processor and Data Protection Officer (DPO)
The data controller is Finwave SpA with registered office in Corso Italia, 22 - 20121 Milan.
Finwave SpA has appointed its own Personal Data Protection Officer, who can be contacted at the following e-mail address: dpo-finwave@finwave.it
Legal Basis and Processing Methods
The legal basis underlying the processing operations described below is your consent, which you - as the Data Subject - are free to give or withhold and may revoke at any time.
Your personal data will be processed in accordance with the principles of fairness, lawfulness, transparency and protection of your privacy and rights.
Personal data will be processed by authorised and appropriately instructed Finwave personnel through communications sent by various channels (e-mail, sms, paper mail, etc.) or by phone calls.
As established by Article 12 of the GDPR, Finwave SpA hereby informs you that your personal data, indicated in the table, will be processed by paper, computer or electronic means for the following purposes:
Purposes |
Personal Data |
Recipient Categories |
Advertising, promoting and marketing, also by sending Finwave SpA and its Partners advertising/information/promotional material, products and services |
Common data including biographical data, residential address, telephone numbers and e-mail addresses |
|
Economic and statistical analyses (e.g. telephone interviews relating to the services provided or solutions offered) including the conduct of market research or surveys |
Common data including biographical data, residential address, telephone numbers and e-mail addresses |
|
Sending updates on new initiatives such as events/workshops/webinars as well as technical and/or commercial training initiatives |
Common data including biographical data, residential address, telephone numbers and e-mail addresses |
|
Transfer of personal data
For all the purposes indicated in this privacy statement, your data may be transferred outside the European Union, only for processing purposes, using systems that by their nature and security may also reside abroad, in compliance with the rights and guarantees provided for by the regulations in force and subject to verification that the country in question guarantees an "adequate" level of protection.
The Data Controller requires its suppliers (Third Parties) and Processors to comply with security measures that are equal to those enacted against the Data Subject, while limiting the scope of the Processor's activities to the processing related to the service requested.
The personal data provided will not be subject to further dissemination to recipients other than those specified in the above table.
Security Measures
Consistent with the provisions of Preamble 49 of the GDPR, the Data Controller processes the Data Subject's personal data, including through its suppliers (third parties and/or recipients), to the extent strictly necessary and proportionate to ensure network and IT security, i.e. the ability of a network or IT system to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted. The Data Controller will promptly inform the Data Subject if there is a particular risk of a breach of his or her personal data, without prejudice to the obligations under Article 33 of the GDPR concerning personal data breach notifications.
Rights of the Data Subject
In addition to guaranteeing the right to lodge a claim with the Supervisory Authority, which for Italy is the Italian Data Protection Authority, the GDPR grants the following rights:
- Right of access (Article 15): Possibility for the Data Subject to obtain from the Controller confirmation as to whether or not his or her personal data is being processed and to obtain further information, including the purposes of the processing, the categories of personal data and the recipients.
- Right to rectification (Article 16): Possibility for the Data Subject to obtain rectification of inaccurate personal data from the Data Controller.
- Right to be forgotten (Article 17): Possibility for the Data Subject to request the deletion of his or her personal data if one of the reasons provided for in the article exists, including: revocation of consent, unlawful processing and exercising the right of defence.
- Right to restriction of processing (Article 18): Possibility for the data subject to obtain the restriction of processing, which can be configured as a total or partial suspension of the processing of the data or also, in some cases, as a blocking of the same. This can only be requested in exceptional cases expressly determined by the rule, including the period necessary to establish the accuracy of personal data, unlawful processing, the exercise of a right in a court of law.
- Right to data portability (Article 20): The Data Subject has the right to request that his or her data be disclosed to him or her, when exercising his or her rights, in an easily comprehensible format.
- Right to object (Article 21): Possibility for the Data Subject for reasons relating to his or her particular situation to object to the processing of his or her data pursuant to Article 6, paragraph 1, letters e) and f).
- Right not to be subject to automated decision-making (Article 22) Possibility for the data subject to object to processes based solely on automated processing if they have legal effects on him or her or significantly affect him or her.
If you have any doubts or need clarification, or if you wish to exercise your rights, please contact the Data Controller at the following address: dataprivacy@finwave.it
We inform you that should you decide to exercise one or more of the above-mentioned rights, the Data Controller will disclose your personal data to the processors for related fulfilments (Article 19 GDPR).
Personal Data Retention Times
Your personal data will be kept for three (3) years, which is the minimum time that allows for secure and correct management of the data (in terms of confidentiality and integrity); after this period it will be deleted or anonymised. If you request that your personal data be deleted, it will be deleted from our databases, within the 30 days provided for in EU Regulation 679/2016.
Granting and Revoking Consent
The provision of consent for the processing of your personal data is not mandatory and the refusal to provide such data does not result in any consequences, except for the impossibility of receiving commercial and promotional communications (such as trade fair and event participation, webinars, promotional campaigns, etc.) from Finwave in connection with the products and/or services offered.
You may give your consent for one or more of the above purposes at any time by logging on to the website www.finwave.it.
In the same way, you can also revoke your consent at any time by sending an e-mail in response to the marketing communications you have received.