Privacy Policy
DATA PROTECTION STATEMENT
Tecnoalarm S.r.l., with its registered office in Via Ciriè 38, 10099 San Mauro Torinese (TO), Italy - VAT Reg. No. 01792190017 (hereinafter referred to as “Company”) in the person of the legal representative pro tempore (hereinafter referred to as “Data Controller”), in his capacity as Data Controller, pursuant to art. 13 of the EU General Data Protection Regulation (GDPR) 679/2016 (hereinafter referred to as “GDPR”) and updated art. 13 of the Legislative Decree no. 196/2003 (hereinafter referred to as “Privacy Code”), including the amendments made by the Legislative Decree no. 53 of 14 June 2019, the Ministerial Decree of 15 March 2019 and the decree of adaptation to the GDPR (Legislative Decree no. 101 of 10 August 2018), informs you that your data will be processed with the modalities and for the purposes set forth below:
1. Object of processing
The Data Controller processes the personal identification data (e.g. name, surname, corporate name, address, telephone, email, bank references and payment data) (hereinafter referred to as “Personal Data” or “Data”) collected from the websites www.tecnoalarm.com and www.tecnofiredetection.com (hereinafter referred to as “Website”) with particular reference to the section for registration of users merely interested in receiving unsolicited commercial communications on products and/or services from the Company.
The Company affirms that it will process the relative Data for the primary and exclusive purposes of marketing and commercial promotion with the modalities set forth below.
2. Purpose of processing
The Data will be processed, manually and/or by means of digital and telematic tools, for the following purposes.
A. Primary purpose of data processing: promotion, advertising and marketing in a broad sense
The collected Data will be processed for purposes of commercial promotion, advertising communication, solicitation to purchase, market research, survey (also by telephone, on-line or through forms), creation of statistics (in identifiable form) and other sample marketing research, in a broad sense, for products and/or services related to the Company (altogether hereinafter referred to as “Processing for Marketing Purposes”). For maximum transparency, aimed at the provision of an informed consent by the data subject, we specify that the registration to the Website is only required for the users who intend to receive promotional or advertising communications from the Data Controller and also consent to further processing for the above purposes. In other terms, the users who intend to register to the Website are only subject to Processing for Marketing Purposes.
If the data subject does not intend to consent to Processing for Marketing Purposes he will not be required (nor able) to register, without prejudice to the possibility of surfing the Website and viewing its contents as an unregistered user.
Expressing his consent to Processing for Marketing Purposes, the data subject takes explicit note of the promotional, commercial and marketing purposes of processing in a broad sense (including the consequential managerial and amministrative activities) and expressly allows the processing, according to art. 23 of the Privacy Code (where the tools employed for Processing for Marketing Purposes are operator-controlled telephones or other non-electronic and non-telematic tools, or tools that are not supported by automatic, electronic or telematic mechanisms and/or procedures) and art. 130 of the Privacy Code (where the tools employed for Processing for Marketing Purposes are electronic mail, fax, SMS, MMS, automatic systems without operator intervention, including electronic platforms and other telematic tools) as well as art. 6, comma 1, letter (a) of the GDPR.
As defined by the General Provision of the Italian Data Protection Authority of 15 May 2013 entitled “Consent to data processing for direct marketing purposes through traditional and automated contact tools”, we especially call the attention of the data subjects to the fact that:
1. the consent possibly given to receiving commercial and promotional communications, on the basis of art. 130, commas 1 and 2 of the Privacy Code (i.e. by means of electronic mail, fax, SMS, MMS, automatic systems without operator intervention, including electronic platforms and other telematic tools) implies the reception of such communications, not only through the said automated contact modalities, but also through the traditional modalities, such as traditional mail or phone calls by an operator;
2. the right of the data subject to oppose to processing of his Personal Data for “direct marketing” purposes through the above automated contact modalities will be extended in any case to the traditional modalities, without prejudice, even in that case, to the possibility of partially exercising the right, regarding both determined processing tools and activities, as provided by art. 7, comma 4 of the Privacy Code;
3. this is without prejudice to the possibility for the data subject who does not intend to consent to the above terms, to express his potential will to receive communications for the above marketing purposes exclusively through the traditional contact modalities, where provided: this will can be expressed free-of-charge by contacting the Company at privacy@tecnoalarm.com;
4. in accordance with the principle of fulfillment of the privacy obligations of the Data Controller, in the observance of the principles of simplification of the obligations set forth (art. 2 of the Privacy Code) and according to the General Provision of the Italian Data Protection Authority of 15 May 2013 entitled “Consent to data processing for direct marketing purposes through traditional and automated contact tools”, the Company informs the data subjects that the specific formula of consent, available according to the respective consent request procedure provided for, will be unitary and comprehensive and will refer to all the possible marketing processing tools, former articles 23 and 130 of the Privacy Code, without prejudice to the possibility for the data subject to express a different intention concerning the use of certain tools, and not others, for the reception of marketing communications with prior consent, and modify the settings of the consents by contacting the Company at privacy@tecnoalarm.com;
5. furthermore, in accordance with the principle of fulfillment of the privacy obligations of the Data Controller and considering the principles of simplification of the fulfillments (art. 2 of the Privacy Code), the Company informs the data subjects that the specific formula of consent will be unitary and comprehensive and will also refer to all the different possible marketing purposes here set forth (thus, without multiplying the formulas of consent for each and single marketing purpose pursued by the Data Controller), without prejudice to the possibility for the data subject to notify a different choice concerning the consent or the denial of consent for single marketing purposes by contacting the Company at privacy@tecnoalarm.com.
To proceed with the Processing for Marketing Purposes it is mandatory to collect a specific, separate, explicit, documented, preventive and completely optional consent. Consequently, if the data subject decides to grant specific consent, he must be informed beforehand and aware that the processing purposes pursued have exclusive and specific commercial, advertising, promotional and marketing character in a broad sense and that the registration requested on the Website does exclusively pursue such purposes, accordingly, if the data subject does not intend to receive the marketing communications, he will be free not to register and yet be able to freely surf the Website. With regard to absolute transparency, the Company informs the data subject that the Data will be collected and subsequently processed on the basis of a specific consent granted:
1. for sending advertising and information material (e.g. newsletters) with promotional purposes or, however, the purpose of solicitation, pursuant to the articles 23 and 130 of the Privacy Code;
2. for performing activities of direct sale or product or service placing activities of the Company;
3. for sending marketing information or making interactive commercial communications also, according to art. 58 of the Legislative Decree 206/2005, through the use of email;
4. for elaborating market studies, researches and statistics;
5. for sending unsolicited commercial communications according to art. 9 of the Legislative Decree no. 70 of 9 April 2003 that adopts the so-called Directive on Electronic Commerce 2000/31/EC, which provides that unsolicited commercial communications must be immediately and unequivocally identifiable and must contain the indication that the recipient of the messages can oppose the reception of such communications in future.
However, giving the optional consent, the data subject takes specific note of and autorizes such processing and/or processing with similar purposes.
In any case, even if the data subject has given consent and autorized the Company to pursue all the purposes set forth in the above-mentioned points 1 to 5, he will be free to revoke it at any time by contacting the Company or the DPO at privacy@tecnoalarm.com.
Upon receipt of such opt-out request, the Company will promptly delete the Data from the databases used for Processing for Marketing Purposes and will request any third party to whom the Data have been disclosed to delete them. The cancellation is automatically considered done upon receipt of the cancellation request.
In the event that - for the purposes described above - a reference telephone number of the data subject is required and the data subject has given his optional and specific consent (covering also the processing of such personal data) for the above purposes of commercial promotion and marketing, the Compapny informs the data subject that it can legally process the telephone reference for marketing purposes even if it is enrolled in the Public Opt-Out Registry (Registro Pubblico delle Opposizioni), as it derives from a different source than the public telephone directories and is covered by specific consent, without prejudice to the right to opt out afterwards provided that the consent is formally revoked.
As required by art. 21 of the GDPR, we inform specifically and separately that the data subject has the right to opt out at any time from the processing of his Personal Data for such purposes and that, in case the data subject opposes to the processing for direct marketing purposes, the Personal Data may no longer be subject to processing for such purposes.
Access to and surfing of the Website are free but the possibility of receiving marketing communications is only enabled upon registration of the data subject. The registration consists in filling in an online module with the Personal Data required for the activation of the account (login and password) the data subject uses to access the functionalities reserved to the registered users for managing the reception of the marketing communications and the relative modifications (including the revocation or modification of the consent). Thus, further primary purposes of processing are represented by the necessity to permit the fulfillment of the procedures of online registration and the creation of a user account as well as permit the Website administrators the creation and subsequent technical and administrative management (including the purposes of providing support and technical assistance on request) of the account, the Client ID, the activation codes, the passwords and similar access credentials as well as those created by the data subject during registration.
B. Communication and disclosure of Personal Data for the pursuit of the primary promotional, advertising and marketing purposes of processing in a braod sense
The Company informs the data subject that his Personal Data may also be communicated to commercial partners for the same purposes described in points 1 to 5 of paragraph A (Primary purpose of data processing: promotion, advertising and marketing in a broad sense). The consent to Processing for Marketing Purposes - if given by the data subject - does not cover the different and further processing represented by the communication of Personal Data to third parties for the same purposes. Prior to proceeding with the disclosure, it is mandatory to obtain an informed, further, separate, additional, documented, explicit and completely voluntary consent.
As clarified in the General Provisions of the Italian Data Protection Authority of 04 July 2013, providing the anti-spam giude lines:
1. regarding the communication to third parties for marketing purposes in general, the communication or disclosure of Personal Data to third parties for marketing purposes may not be based on the collection of a unique and generic consent from the data subject for such purpose;
2. the Data Controller who intends to collect Personal Data of the data subject also to communicate (or disclose) it to third parties for their promotional purposes must first give appropriate notice which also identifies the third parties or, as an alternative, indicates the (economic or merchandise) reference categories;
3. the Data Controller must collect a specific consent for the communication (and/or disclosure) of Personal Data to third parties for promotional purposes, distinct from that required by the Data Controller for the performance of his own promotional activity;
4. in case the data subject gives the above consent to third-party disclosure, the latter are allowed to perform promotional activity with automated modalities laid down in art. 130, commas 1 and 2 of the Privacy Code without the need to collect a new consent for promotional purposes.
Pursuant to the General Provision of the Italian Data Protection Authority of 04 July 2013, providing the anti-spam giude lines, the third parties to whom the Personal Data of the data subject are disclosed for the subsequent Processing for Marketing Purposes can be identified with reference to the following subjects and merchandise or economic categories:
a) the other companies associated to Tecnoalarm S.r.l., chiefly Tecnoalarm France S.a.r.l. and Tecnoalarm España S.L.;
b) third parties belonging to the marketing sectors of publishing, sport, suppliers of electronic communication products and services, Internet service providers, communication agencies, companies providing insurance and financing services, companies of the food and catering industry, banks and credit institutes.
The Personal Data subject to Processing for Marketing Purposes will not be disclosed. In the event that - for the purposes described in the above paragraphs A and B - a reference telephone number of the data subject is required and the data subject has given his optional and specific consent (covering also the processing of such personal data) for the above purposes of commercial promotion and marketing, the Compapny informs the data subject that possible third parties can legally process the telephone reference for marketing purposes even if it is enrolled in the Public Opt-Out Registry (Registro Pubblico delle Opposizioni), as it is deriving from a different source than the public telephone directories and covered by specific consent, without prejudice to the right to opt out afterwards unless the consent is formally revoked.
C. Duty or voluntariness of the consent for the pursuit of the primary promotional, advertising and marketing purposes of processing in a braod sense
We draw particular attention to the fact that the conferring of Personal Data to the Company and the granting of both the consent to Processing for Marketing Purposes and the distinct consent to third-party disclosure for Processing for Marketing Purposes for the above aims and with the above modalities are absolutely voluntary and optional (and however revocable without formalities, including subsequently).
Since processing has exclusively commercial, advertising, promotional and marketing purposes in a broad sense and the registration to the Website exclusively pursues such purposes, the data subject’s refusal to consent to Processing for Marketing Purposes implicates the impossibility to register to the Website (and for the Company to perform the processing mentioned). The data subject who does not intend to consent to Processing for Marketing Purposes will however be able to surf the Website. The absence of consent to Processing for Marketing Purposes does not interfere with and/or involve any possible negotiation, contract or other type of existing relationship.
The data subject has the right to give his consent to Processing for Marketing Purposes (that enables him to register to the Website) but not the further consent to the communication to third parties who intend to perform Processing for Marketing Purposes in their turn. In the event that the data subject does not intend to agree to the communication of his Personal Data to third parties for Processing for Marketing Purposes, the Data will not be disclosed and will only be processed by the Company, provided that the data subject has given his consent to Processing for Marketing Purposes and has registered to the Website.
D. Processing of Personal Data for commercial profiling purposes [optional]
It is possible that, for purposes of marketing and service improvement, the Company proceeds with processing of the so-called profiling data. Hitherto, no data profiling tools are managed.
For such processing, and in the interest of a complete information, we refer to the definition of profiling stated in art. 4, comma 1, n. (4) of the GDPR: “any sort of automated processing of Personal Data consisting in the use of such Personal Data to assess determined personal aspects relating to a physical person, in particular, to analyze or predict aspects regarding the professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or moving of the physical person in question”. The profiling activity may concern “individual” Personal Data or “associated" Personal Data deriving from detailed individual Personal Data. The following exemplifying parameters illustrate in what “profiling” consists:
a) the Data are organized and coordinated on the basis of parameters that are identified from case to case, according to the requirements of the Company (independently from the marketing, contractual, administrative purposes etc.);
b) the original data, considered singularly, may include diverse personal information, among others surf data, types of consents granted to receive particular commercial communications and not others, data on surf and/or gambling habits to comprehend the tastes and habits of the data subject and identify the potential consumer/gambler profile, with the aim of sending him newsletters, commercial communications, offers and promotions in line with the specific profile etc.;
c) only after profiling (i.e. the organization according to preset parameters) it is possible to deduce further indications concerning the data subject, further indications (i.e. the "profile", e.g. market segment, active marketing communication services, commercial attitudes etc.) that do not dirive from the pure informative content of the Data considered singularly or separately.
In other terms, profiling in a narrow sense may gather an informative patrimony that goes far beyond the information considered singularly and concerning the single individual; in addition, profiling in a narrow sense provides an added value given through the multiple correlation that can be made among the collected Data, with the aim of obtaining useful additional information.
With respect to the obligation of the Company - according to art. 13, comma 2, letter f) of the GDPR - to provide information on the logic of processing for profiling as well as the importance and the consequences of such processing, we specify the following.
The basic elements of processing for profiling will be:
1. the predetermination of parameters for the organization of the singularly considered Data;
2. the confrontation, matching, putting into relation of the Data and the comparative analysis made according to the predefined parameters, even through automated processes (i.e. the cataloguing of the Data in clusters);
3. the obtaining of a profile through the foregoing activities that allow to deduce a consumer profile and the additional analytic indications regarding the individual data and that permits the mapping/segmentation into homogeneous groups of behavior (the dynamic creation of behavioral profiles).
The above processing will hereinafter altogether be referred to as "Processing for Profiling".
The Company may proceed with the following Processing for Profiling, as in case of collection of:
- number and type of information requests for products and services of the Company made during a determined period of time;
- number and type of expenses made for products and/or services in a determined period of time;
- number and type of possible new contracts concluded in a determined period of time;
- number and type of inforamation requests sent in a determined period of time;
- number and type of visits to the Website in a determined period of time, even through profiling cookies.
Before proceeding with Processing for Profiling it is mandatory to collect a specific, separate (even from the consent for marketing purposes described in the above paragraphs A and B), explicit, documented, preventive and completely voluntary consent.
As a consequence, if the data subject decides to grant the specific consent, he must be informed beforehand and aware that the processing purposes have specific commercial, advertising, promotional and marketing character, in a broad sense, based on Processing for Profiling. Thus, with regard to absolute transparency, the Company informs that the Data collected in line with a specific consent may be subject to Processing for Profiling for the purposes described in paragraph A of the present statement, whereas the area of communication can possibly be the same as that for Processing for Marketing Purposes already set forth in paragraph B.
We draw particular attention to the fact that the conferring of Personal Data to the Company and the granting of both the consent to Processing for Profiling and the distinct consent to third-party disclosure for Processing for Profiling for the above aims and with the above modalities are absolutely voluntary and optional (and however revocable without formalities and also subsequently).
The data subject’s refusal to consent to Processing for Profiling implicates the impossibility for the Company to perform the relative processing. The data subject is free to give his consent to Processing for Marketing Purposes at a later time but still not the consent to Processing for Profiling and/or to communication to third parties who, for their part, intend to perform Processing for Profiling. In the event that the data subject does not intend to consent to Processing for Profiling and/or to communication to third parties who intend to perform Processing for Profiling in their turn, there will be no profiling by the Company and the Data will not be disclosed but processed exclusively by the Company, provided that the data subject has given his consent to Processing for Marketing Purposes and has registered to the Website.
The Data undergoing Processing for Profiling and the relative authorized profiles will not be distributed.
3. Modalities of processing
The Personal Data are processed by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) of the GDPR and in particular: collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, matching, use, interconnection, blocking, communication, deletion and destruction of the Data.
The Personal Data undergo processing both on paper and electronic and/or automated.
The Data Controller will process the Personal Data for the time necessary for performing the above purposes and, however, for no longer than 5 years from the end of the relation for the purposes of service delivery and no longer than 2 years from the collection of the Data for purposes of data flow analysis.
4. Access to Data
The Data may be made accessible for the purposes described in art. 2.A) and 2.B):
- to employees and staff members of the Data Controller, in their capacity as internal persons in charge and/or responsibles of the processing and/or system administrators;
- to third companies or parties (e.g. credit institutes, freelancers, consultants, insurance companies etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as external responsibles of the processing.
5. Communication of Data
The Data Controller may communicate the Data for the purposes described in art. 2.A), without the need for a specific consent (former art. 24 letters a), b), d) of the Privacy Code and art. 6 letters b) and c) of the GDPR), to surveillance authorities, judicial authorities, insurance companies and to the subjects who must be informed according to law for the pursuit of the above purposes. These subjects will process the Data in their capacity as autonomous data controllers.
The Data will not be disclosed.
6. Transfer of Data
The Personal Data are stored on servers inside the European Union. It is understood that the Data Controller may transfer the servers outside the EU, if necessary. In this case, the Data Controller ensures as of now that the data transfer to countries outside the EU will happen in accordance with the relevant provisions of law, subject to the standard contractual clauses provided by the European Commission.
7. Rights of the data subject
In the capacity of interested party, the data subject has the rights described in art. 7 of the Privacy Code and art. 15 of the GDPR and, in particular, he has the right to:
i. obtain the confirmation of the existence or not of Personal Data that concern him, even if not yet registered, and their communication in an intelligible form;
ii. obtain the indication:
a) of the origin of the Personal Data;
b) of the purposes and the modalities of processing;
c) of the logic applied in case processing is made with the help of electronic tools;
d) of the identification data of the Data Controller, the responsibles and the designated representative pursuant to art. 5, comma 2 of the Privacy Code and art. 3, comma 1 of the GDPR;
e) of the subjects and the categories of subjects to whom the Personal Data can be communicated or who can get knowledge of them in their capacity as designated representative in the territory of the State, responsible or person in charge;
iii. obtain:
a) the update, rectification or, if desired, the integration of the Data;
b) the deletion, transformation into anonymous form or block of Data processed in contravention of the law, including those for which storage is not required in relation to the purposes for which they have been collected or subsequently processed;
c) the written confirmation that the operations described in letters a) and b) have been notified, including their content, to those to whom the Data have been communicated or disclosed, exception made of the cases in which this is impossible or entails the use of means manifestly disproportionate to the protected right;
iv. oppose, completely or partially:
a) for legitimate reasons, to processing of his Personal Data, even if pertaining to the purpose of collection;
b) to processing of his Personal Data for the purpose of sending advertising material or direct sale or for conducting market researches or sending commercial communications, by means of non-operator-based automated call systems, email and/or traditional marketing methods such as telephone and/or traditional mail.
We remind that the data subject’s right of opposition, set forth in the above letter b), for the purposes of direct marketing through automated methods extends to the traditional methods, without prejudice to the possibility for the data subject to exercise his right of opposition, only in part. Therefore, the data subject can decide to receive only communications transmitted via the traditional channels or only automated communications or neither of the two.
Where applicable, he also has the rights specified in art. 15 to 22 of the GDPR (right of rectification, right to be forgotten, right to restrict processing, right of portability of data, right of opposition), and can exercise these rights using the form available via the link https://www.garanteprivacy.it/garante/document?ID=9038275, as well as the right to complain with the Data Protection Authority using the form available at https://www.garanteprivacy.it/modulistica-e-servizi-online/reclamo.
8. Modalities of enforcement of rights
The data subject can exercise his rights at any time by sending:
- a registered letter with acknowledgment of receipt to Tecnoalarm S.r.l., Via Ciriè 38, 10099 San Mauro Torinese (TO), Italy;
- an email to privacy@tecnoalarm.com
9. Data Controller, DPO, responsibles and persons in charge
The Data Controller is Tecnoalarm S.r.l., with its registered office in Via Ciriè 38, 10099 San Mauro Torinese (TO), Italy - VAT Reg. No. 01792190017 - in the person of the legal representative pro tempore.
The Data ControIler has appointed a Data Protection Officer (DPO) in the person of Giacomo Pesce who can be contacted for any information and request at privacy@tecnoalarm.com.
The updated list of of responsibles and persons in charge of processing is available at the registered office of the Data Controller and can be requested from the DPO.