Information notice pursuant to Art. 13 of the Regulation (EU) 2016/679 (“GDPR”) – Information to be provided where personal data are collected from the data subject

 

According to Regulation (EU) 2016/679 (General Data Protection Regulation) we provide you with the due information concerning the processing of the collected personal data. This information is not valid for other web sites which might be visited through links contained in all the web sites of data controller’s domain name. The data controller shall not be considered responsible for third parties’ web sites.

This privacy policy is given pursuant to art. 13 Regulation UE 2016/679 ( General Data Protection Regulation) and it’s inspired also to Directive  2002/58/CE, updated with Directive 2009/136/CE related to Cookies and in accordance with Italian D.P.A. Decisions 08.05.2014 about cookies.

Personal data that can be treated: “ personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30 Reg. UE 679/2016).

Specific Information: specific information may be find on the Site page in relation to particular services or processing of the data provided.

Cookies

The specific policy regarding cookies is available to the following link: cookies policy.

 

  1. DATA CONTROLLER, pursuant to art. 4 and 24 of the Regulation (EU) 2016/679, is STONEX SRL, with legal headquarters in 20900 Monza (MB) – Italia, Via dei Mille 1 and operational headquarters in Viale dell’Industria 53 | 20037 Paderno Dugnano (MI) – Italy, Tax number 06830030968, as represented by the pro tempore legal representative, email: privacy@stonex.it.

 

  1. PURPOSES AND LAWFULNESS OF THE PROCESSING

Your personal data shall be processed in accordance to the requirements for the lawfulness of processing set forth by Art.  6 lett. b) del of the Regulation (EU) 2016/679 for the following purposes:

  1. A) Data processing for (art.6.b):

– browsing on this website;

– to fill in the form with the required personal data to answer to your contact request and to send you the required information;

– to register on the current website and to access to reserved areas for using  some contents in the website;

– for administrative and accounting activities in general. Data processing for administrative and accounting purposes are those related to organizational, administrative, financial and accounting activities regardless of the nature of data processed. In particular, internal organizational activities, those following contractual obligations’ fulfilment and information activities are related to these purposes.

  1. B) Data processing for (art.6.a):

– prior consent and until opposition, for newsletter subscription in order to receive communication relating to products, events and novelty of STONEX SRL. The data will be entered in the CRM of the company to compare and possibly improve the results of communications, to use systems for sending newsletters and promotional communications with reports. Thanks to the reports, the Data Controller will be able to know, for example: the number of readers, openings, unique “clickers” and clicks; the devices and operating systems used to read the communication; the detail on the activity of individual users; the details of the emails sent, e-mail delivered or not, of those forwarded. All these data are used for the purpose of comparing, and possibly improving, the results of communications.

 

  1. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Personal data provided by you may be communicated to recipients, appointed pursuant to art. 28 of the Regulation EU 2016/679, which shall process your data as processors and/or persons acting under the authority of the Controller and the Processor, in order to perform agreements or related purposes. Precisely, your data may be communicated to recipients part of the following categories: – management services providers of IT systems and communication networks of Stonex Srl (including emails); –  advisory and consultancy firms and companies; – competent Authorities for the fulfillment of obligations of law, if required; – in case of administrative accounting purposes, the data may be sent to commercial information companies for the assessment of solvency and payment habits and / or subjects for debts collection purposes.

The subjects belonging to the aforesaid categories act as data Processors or act in complete autonomy as separate data Controllers. The list of designated data Processors is constantly updated and available by sending an e-mail to privacy@stonex.it and at the offices of the Data Controller, in 20900 Monza (MB) – Italia, Via dei Mille 1.

 

  1. DATA TRANSFER TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANISATION

Personal data may be transferred to a third Country within or outside the European Union, subject to the limits and conditions set forth by art. 44 and subsequent articles of the Regulation EU 2016/679, in order to comply with purposes related to the transfer. The data subject may obtain a copy of such data by writing an email to the address privacy@stonex.it.

 

  1. DATA RETENTION PERIOD OR RELEVANT CRITERIA

The processing shall be carried out in automated and / or manual manner, with methods and tools aimed at ensuring the best security and confidentiality, by persons specifically appointed to do so.

According to the provisions set forth in art. 5 par. 1 lett. e) of the Regulation EU 2016/679, collected personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Data retention period depends on the purposes:

– to visit the current internet website (temporary);

– request for contact, information and appointment reservation (1 year maximum);

– newsletter or promotional communication by e-mail (24 months maximum).

The Data Subject can receive information regarding the criteria of the retention period contacting privacy@stonex.it.

 

  1. NATURE OF DATA PROVISION AND REFUSAL

With exception of what above specified concerning navigation data, the User is free to provide personal data.

The provision of personal data for purpose A) is necessary to perform the function be able to use the services offered by data Controller. The non submittal of personal data may the result the impossibility to obtain the required services. The provision of personal data for purpose B) is optional. The non submittal of personal data may make it impossible to send  – by newsletter/ mailing list and/or e-mail – promotional, commercial, informative communication and/or offerts related to products, events, novelty of Stonex Srl.

 

  1. DATA SUBJECT’S RIGHTS

You may exercise your rights pursuant to articles 15, 16, 17, 18, 19, 20, 21, 22 of the Regulation EU 2016/679, by contacting the data Controller, or the data Processor, or the Data Protection Officer service by writing to privacy@stonex.it

You have the right, at any time, to request the data Controller to access, rectify, cancel your personal data or limit their processing. Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing, e.g. profiling) and to the portability of your data.

Without prejudice to any other administrative and judicial appeal, if you believe that the processing of your data violates the provisions of Regulation EU 2016/679, pursuant to art. 15 letter f) of the aforementioned Regulation EU 2016/679, you have the right to lodge a complaint with the Data Protection Authority and, with reference to art. 6 paragraph 1, letter a) and art. 9 paragraph 2, letter a), you have the right to withdraw the consent given at any time.

In case of request of data portability the Controller shall provide you with your personal data in a structured, commonly used and machine-readable format, subject to the provisions set forth in paragraphs 3 and 4 of art. 20 of Regulation EU 2016/679.

 

Updating date: 24.05.2018