Contacts Privacy Notice

PRIVACY INFORMATION PURSUANT TO ART. 13REG. EU 2016/679 (GDPR) and subsequent amendments

Dear Data Subject (User),
With this document, INDUSTREE HUB S.R.L. provides you with information on the characteristics and methods of processing your personal data, pursuant to and in accordance with the legislative provisions of the GDPR and the Privacy Code currently in force.

All processing of your personal data will be based on the principles of lawfulness, fairness, and transparency.

 

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The Data Controller (hereinafter also "Controller" and/or "Company") is Industree Hub s.r.l., with registered office at Via Benedetto Croce 15, 42123, Italy, VAT No., Fiscal Code, and Economic and Administrative Index (REA) No. 02909990356. In addition to its registered office, the Data Controller can be contacted at the following addresses: tel.: +39 0522 325270, email: privacy@industree.it; certified email: industreehub@pec.industree.it;

 

2. DATA PROTECTION OFFICER (DPO)

The Data Controller has appointed Piramis s.r.l. (VAT no. 03184330987), with registered office in Montichiari (BS), Via Mantova, 267, Italy. Contact details are: dpo@easygdpr.it; Tel. +39 0309658901.

 

3. TYPE OF DATA SUBJECT TO PROCESSING

The Data Controller will process your personal identification and contact data (such as name, surname, email address, telephone number) provided directly by you by completing the appropriate data collection form in the "Contacts" section of the Data Controller's website.

 

4. DEFINITION OF PROCESSING

Pursuant to Article 4 (2) of the GDPR, "Processing" means "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction."

 

5. PURPOSE AND LEGAL BASIS OF DATA PROCESSING

The Data Controller collects and processes your personal data for the following purposes:

Responding to your message or request for information; the legal basis for this purpose is the implementation of pre-contractual measures adopted at the request of the data subject (Article 6, paragraph 1, letter b) of the GDPR).

 

6. DATA PROCESSING METHODS

The processing will be carried out using electronic, computerized, and manual means.

The processing is carried out by the Data Controller and by the Data Controller's collaborators and/or employees as authorized data processors, as well as by data processors specifically identified in writing, within the scope of their respective roles and in accordance with the instructions given by the Data Controller, ensuring the use of appropriate measures to secure the processed data and guaranteeing its confidentiality.

In accordance with the provisions of the Regulation, the processing carried out by the Data Controller will be based on the principles of lawfulness, fairness, transparency, purpose limitation and retention, data minimization, accuracy, integrity, and confidentiality.

The data will always be processed with the utmost respect for the principle of confidentiality, even when managed by third parties expressly appointed by the Data Controller.

Your data is not subject to any automated decision-making process or profiling.

 

7. RETENTION PERIOD - NATURE OF PROVISION

For the purposes expressed, the provision of your personal data is mandatory in order to respond to your request. Any refusal to provide such data will make it impossible for the Data Controller to respond to your message or respond to your request for information.

The retention period for your personal data will last for the time necessary to process your request for information.

Once the aforementioned period has expired or any ongoing requests have been processed, and in any case within twelve months of your last contact request, your data will be destroyed or anonymized. The Data Controller will irreversibly delete the data – using secure destruction or deletion methods – or will store it in an anonymous form that does not allow, even indirectly, identification, consistent with technical deletion and backup procedures.

The obsolescence of the data stored in relation to the purposes for which they were collected is checked periodically.

 

8. RECIPIENTS OF PERSONAL DATA

The personal data you provide may be disclosed to the Data Controller, authorized persons, and/or data processors.

The Data Subject's personal data is disclosed primarily to third parties and/or recipients whose activities are necessary for the performance of the contractual relationship and to comply with specific legal obligations. Possible categories of recipients who may become aware of your personal data during or after the performance of the contract include:

  1. parties who process data in compliance with specific legal obligations (national and government bodies, etc.);
  2. software and hardware support companies;
  3. internal and/or external consultants who provide functional services, arising from or related to the purposes described above, identified in writing and who have been given specific written instructions regarding the processing of personal data, including providers of management, cloud, and similar software;
  4. companies or professionals for the judicial or extrajudicial protection of the Data Controller's rights;
  5. in general, to all public and private entities for which disclosure is necessary for the correct and complete fulfillment of the purposes indicated above.

The same data, only upon specific request from the data subject, may be disclosed to welfare, social security, and/or insurance organizations and entities.

The updated list of Data Processors may be requested from the Data Controller at any time.

 

9. DISSEMINATION OF DATA

Unless you specifically request it in writing, or if there is a specific order from the Authority or a regulatory obligation, the personal data you provide will not be disclosed.

 

10. TRANSFER OF DATA ABROAD

Some personal data of data subjects are shared with recipients who may be located outside the European Economic Area. Should this occur and it be necessary to transfer the data to servers located in non-EU countries, the Data Controller ensures that the transfer and processing will be carried out in compliance with applicable legislation or that the transfers are carried out using appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission, or other legal instruments.

 

11. RIGHTS OF THE DATA SUBJECT

The law grants the Data Subject the exercise of specific rights listed in Articles 15 to 22 of the GDPR, including the right to obtain from the Data Controller confirmation of the existence or otherwise of their personal data (or access to it), their provision in an intelligible form, their rectification or erasure, their restriction of processing, in whole or in part, their objection for legitimate reasons, and/or their withdrawal of consent to processing at any time (without prejudice to the consequences indicated), their portability for the data subject to specific consent, or their updating.

The data subject has the right to know the source of the data, the purposes and methods of processing, the logic applied to the processing, the identification details of the data controller and the parties to whom the data may be disclosed.

The Data Subject also has the right to request anonymization, restriction, or blocking of data processed in violation of the law. They may also lodge a complaint regarding unauthorized processing of data provided to the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) using the procedures published on the authority's website (http://www.garanteprivacy.it/).

Requests relating to the exercise of the aforementioned rights may be addressed to the Data Controller at the contact details above, without formalities, or, alternatively, using the form provided by the Italian Data Protection Authority, available on the website: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.

Please note that the Italian Data Protection Authority (Garante per la protezione dei dati personali) is based in Rome, Piazza Venezia 11, Scala B. Fax: (+39) 06.69677.3785; Switchboard: (+39) 06.696771; email: garante@gpdp.it; certified email: protocollo@pec.gpdp.it.

 

12. RIGHT TO COMPLAIN

If you believe that the processing of your personal data violates the provisions of the Regulation, you have the right to lodge a complaint with the Office of the Italian Data Protection Authority (by email to garante@gpdp.it, or by post to the Italian Data Protection Authority, located in Rome, Italy, at Piazza Venezia 11 Scala B, CAP 00187), as provided for by Article 77 of the Regulation, or to take appropriate legal action as provided for by Article 79 of the Regulation.

 

13. CHANGES TO THIS POLICY

This policy may be subject to change over time due to the entry into force of new regulations, the updating and/or provision of new services, or technological innovations.