Information disclosure in accordance with article 13 Regulation (EU) 2016/679 and Italian Legislative Decree no. 196 of 30 June 2003 – updated on 10/09/2020
Regulation (EU) 2016/679 on the protection of personal data (“GDPR”) and Italian Legislative Decree no. 196 of 30 June 2003, “Personal data protection code” (“Code”) provide for the right to the protection of personal data and guarantee their processing in compliance with fundamental rights and freedoms, as well as the dignity of the data subject, with specific reference to confidentiality and security, personal identity and the right to the protection of personal data.
“Processing” of personal data, in accordance with article 4(1)(2) of GDPR, means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Noovle S.r.l., a sole member company, TIM Group – under the Management and Coordination of TIM S.p.A., with registered office in Via della Giustizia, 10 Milan and Tax Code/VAT Reg. IT08212960960 (“Noovle”) and TradeLab Editoria S.r.l., with registered office in Via Gaspare Gozzi 5, 20129 Milan and Tax Code/VAT Reg. IT07993420962 (“TradeLab”), acting through their pro tempore legal representatives, as autonomous Controllers, pursuant to and for the purposes of article 13 of Regulation (EU) 2016/679 and Italian Legislative Decree no. 196 of 30 June 2003
1. PURPOSES, LAWFULNESS AND METHODS USED FOR THE PROCESSING.
Personal data is processed for the following purposes:
- Periodically evaluating, for the full processing period, the products/services of Noovle and TradeLab and/or marketed by Noovle and by TradeLab and/or their subsidiaries and associates or marketed by such parties, from time to time, that are the most interesting for submitting and offering to the Data Subject, by sending, depending on the circumstances, messages by telephone/e-mail/postal mail and/or through dedicated events regarding the products/services of interest both through direct activities and through activities organised by independent contractors/agents (article 6(1)(a) and (f) GDPR).
- Sending periodic newsletters regarding the activities and offers of the Noovle Group and TradeLab (article 6(1)(a) and (f) GDPR).
- Fulfilling the Data Subject’s requests of a commercial and information nature (article 6(1)(a), (b) and (c) GDPR).
- Providing the Data Subject with support and advice on the services/products activated (article 6(1(a), b) and (f) GDPR).
- Wherever optional consent has been given, evaluating and sending the Data Subject commercial offers, including direct offers from third-party business partners, in relation to IT cloud services, software-as-a-service and similar, not marketed directly by Noovle and TradeLab and/or by their subsidiaries and associates (article 6(1)(a9 and (f) GDPR).
- Performing activities required for establishing, managing and terminating any contractual relationships with Noovle and TradeLab/their subsidiaries/associates and/or, where the transfer of data to third parties is permitted, their commercial partners, in compliance with legal obligations and in performance of the obligations arising out of the contract, or out of EU legislation, specifically, for the purposes of compliance with tax, social security and welfare legislation, including supplementary pension schemes, or occupational hygiene and safety or that of the general population, as well as in tax-related matters, and for the protection of health, order and public safety (article 6(1)(b), (c) and (f) GDPR).
- Keeping the Data Subject’s information up-to-date in corporate databases, available both to employees of Noovle and TradeLab, and to the network of agents and independent contractors of said companies, with a strict ban on transfer to third parties (article 6(1)(b) (c) and (f) GDPR).
- Where the Data Subject has given additional consent, the sending of direct offers for products/services by third-party commercial partners, regarding IT Cloud, SaaS, IaaS, management software and web and similar services (article 6(1)(a) and (f) GDPR).
Personal data may be processed either as hardcopies or using IT tools in compliance with the provisions outlined on the protection of personal data. Specifically, regarding security measures, in accordance with article 32 of GDPR and in compliance with all precautionary measures for satisfying the required level of confidentiality and security.
2. MANDATORY OR VOLUNTARY NATURE OF PROVIDING DATA AND THE CONSEQUENCES ARISING OUT OF ANY REFUSAL
The provision of personal data is voluntary and entirely optional for the Data Subject. The Data Subject may choose whether to consent to the processing of his/her data for the purposes of commercial offers and information from Noovle and TradeLab or also processing for the purposes of offers from commercial partners of Noovle and TradeLab. First consent, although not mandatory, is necessary for at least basic commercial information to be provided, while second consent is entirely optional. Whenever the Data Subject fails to provide either of the two consents and/or fails to provide or provides only in part the requested data, Noovle and TradeLab shall be unable to perform any processing and therefore shall be unable to send offers and/or shall be unable to correctly evaluate the products/services to be offered. Any refusal by the Data Subject to provide data may also make it impossible, in whole or in part, to enter into and subsequently manage any contractual relationship. Lack of consent, where it is required, will in any case make it impossible to process the data for the individual purposes for which they have not been provided.
3. PERSONAL DATA DISCLOSURE AND DISSEMINATION
Strictly in relation to the purposes shown above and for the consents given, personal data collected may be disclosed to the following parties or categories of parties:
- Banking institutions, for the purpose of paying contractual fees.
- Consultants (both natural and legal persons) or suppliers to which the Controller may delegate tasks for performing various outsourced activities.
- Companies of the Noovle group, Tim-Telecom S.p.a. group, of which Noovle is part, and to companies of the TradeLab group, also in Switzerland and within the European Union.
- Cloud service providers of the Noovle group and TradeLab, such as Google, SAP® and Salesforce, on whose systems, within the European Union, data may be stored.
- Potential other users, where, under current legal and/or contractual regulations, there is a disclosure duty, in compliance with the provisions under current legislation.
Corporate employees and/or independent contractors specifically appointed processors, contact and/or authorised for the processing, in accordance with articles 28 and 29 of GDPR that may become privy to the personal data processed.
All processing performed by third parties with respect to the Controllers shall be duly authorised by said Controllers, and it shall be done in compliance with regulations on security and privacy. Personal data shall not be disseminated unless required by law or regulation or by EU legislation.
4. CONTROLLERS AND PROCESSORS
The autonomous and separate Controllers are Noovle S.r.l. and TradeLab Editoria S.r.l., based respectively in Via della Giustizia, 10, Milan, and Via Gaspare Gozzi, 5, Milan, acting through their respective legal representatives.
Corporate officers to be contacted for the purpose of exercising rights are:
- For Noovle: Ms Francesca Stolfi, Data Protection Officer – DPO, based at Noovle, available on tel. +39 (0)55 0510513 and at the e-mail address: email@example.com; and
- For TradeLab: Mr Massimo Viganò domiciled at the registered office of TradeLab, available on tel. +39 (0)2 799061, fax. 02 76319040 or e-mail: firstname.lastname@example.org.
The updated list of all Processors appointed over time is available at the registered offices of the Controllers and it will be provided upon written request, in the forms provided for by current legislation.
5. RIGHTS GRANTED TO THE DATA SUBJECT
At any time, the Data Subject may exercise his/her rights to the Controllers or Processors, in accordance with Chapter III (articles 12-22) of GDPR.
Specifically, as Data Subject, the Data Subject is entitled to:
- Receive information regarding:
- The source of his/her personal data.
- Processing purposes and methods.
- The logic adopted for processing data using electronic tools.
- The identification details of controllers, processors and the designated representative where the State has jurisdiction, where applicable.
- The parties or categories of parties to which personal data may be disclosed,
or which may become privy to data in their capacity as appointed State representatives, processors or appointed agents.
- Access personal data as hardcopies and/or electronic files.
- Request rectification, updating and erasure, whenever data are incomplete or erroneous, and oppose their processing for legitimate and specific reasons.
- Request correction of inaccurate personal data without undue delay. Considering the processing purposes, the Data Subject also has the right to obtain supplementation of incomplete personal data, including by providing an additional statement.
- Obtain the erasure of the Data Subject’s personal data without undue delay whenever one of the reasons set out in article 17(1) of GDPR exists.
- Oppose processing and/or seek to restrict processing whenever one of the situations set out in article 18(1) of GDPR exists.
- File a complaint with the supervisory authority, for Italy, the Garante per la Protezione dei Dati Personali (The Italian Data Protection Authority), using the procedure shown on the Authority website www.garanteprivacy.it.
- Data portability, within the limits and in accordance with the procedures set out in article 20 of GDPR.
The rights summarised above may be exercised on making a simple request addressed to the Controllers, the corporate contact officers or Processors, also through authorised persons, to which a suitable response will be provided without undue delay. Requests addressed to the Controllers or Processors may also be sent by recorded delivery letter, fax or e-mail.
It is expressly understood that the exercise by the Data Subject of one or more of the rights listed above to a Controller will be deemed express notification also to the other, for evaluation and statutory compliance.
6. TYPE AND NATURE OF THE PERSONAL DATA PROCESSED
The website processes the following types of personal data:
Personal data. The user of the website may provide Controllers with a series of Personal Data concerning his/her person, using the forms provided for this purpose on the website. Such data are: name, last name, e-mail address, telephone number and job title.
Browsing Data. Computer systems and software procedures used to operate this Website may collect, during their normal operation, a series of personal data whose transmission is implicit in the use of Internet communication protocols. This category of data (including, but not limited to, IP addresses and domain names of the User’s computer) is processed by the Controller, for statistical purposes, anonymously, but, through a series of processing procedures, it may be traced back to the identification of the User, for example, to ascertain any liability in the case of computer crimes perpetrated through or to the detriment of the Website.
Cookies. Cookies are text files that are automatically generated by the User’s computer following a visit to certain pages of the website. Some of such files (session cookies) are automatically removed when the browser is closed. Instead, another type of cookies is recorded and stored on the User’s computer (for example, for making the access procedure to the reserved area automatic, the User may choose that his/her user-id and password identification data are stored in one of such files). Whenever the User prefers not to receive cookies, he/she may prevent their transmission by the website by appropriately configuring the web browser in use. In certain cases, however, the use of certain parts of the website may be conditional on the storage of cookies on the User’s computer.
Types of Cookies used. The cookies used by Noovle S.r.l. and TradeLab Editoria S.r.l on the website are the following:
1) Technical cookies:
These are the cookies necessary for the ordinary working of the website, and break down into:
- Browsing or session
2) Profiling cookies
These cookies are intended for sending advertising messages in line with the preferences expressed by the user within the pages of the Website.
3) Third-party cookies
These are cookies stored by third-party suppliers of the Controllers, as part of the website operation activities, and they may also be of a technical and/or profiling type.
– MATRIX OF THE COOKIES USED BY THE WEBSITE –
Browsing or session cookies
Allow normal browsing and use of the website. They may be automatically deleted
They are used by Noovle Srl and TradeLab Editoria Srl to manage the association of persons who are browsing the Application Server that provides the website pages.
Improve the User Experience.
They are not used by Noovle Srl and TradeLab Editoria Srl.
In anonymous form, they collect information on how a website is used and allow gaining better knowledge of the working of the website and of its users.
They are used to provide statistics
Third-Party Analytics Cookies
These are cookies managed by Google Analytics
They are managed for Noovle Srl and TradeLab Editoria Srl by Google Analytics to collect data in aggregate form for statistical purposes
Create user profiles
These cookies are intended for sending advertising messages in line with the preferences expressed by the user within the pages of the Website. It is possible to use the opt-in tool referred to in the cookie settings section to deny consent to their use.
Cookie storage settings. Through this page it is possible to choose whether or not to accept the cookies that are set by our website and our suppliers. If a user chooses to disable technical cookies, certain website features may not work properly. Noovle Srl and TradeLab Editoria Srl are not liable for the content of third-party websites that may or may not set the saving of cookies.
Browser settings. If a user does not wish to receive cookies, he/she may configure his/her internet browser so that information is shown about when they are stored and/or so as not to store them. It is also possible to delete cookies that have already been stored at any time. For further information on these features, we recommend that you consult the “Help” function of your internet browser. Below are the instructions on how to disable cookies in the most popular browsers:
Click on the “Tools” icon (combination of ALT + X keys)
Click on “Internet Options”
Select the “Privacy” tab and adjust the cookie acceptance policy by moving the relevant slider up or down
Click on the “Websites” button and in the window that appears, authorise or block the acceptance of cookies website by website
Click “OK” to apply the changes
Type in the address bar: chrome://settings/
Click on “Show advanced settings” …
Click on “Content settings” …
Choose the cookie management policy, using an option from those shown by the application and possibly defining acceptance or blocking exceptions using the “Manage exceptions” button …
Click “OK” to apply the changes
Access the options or preferences via the appropriate menu icon
Select the “Privacy” section
Under “History” choose: “use custom settings”
Adjust the management of cookies through the options made available by the application
Click “OK” to apply the changes
Click on “Preferences” from the “Tools” menu (key combination CTRL +,)
Select the “Privacy” section
Choose the cookie management policy by selecting an option from those shown by the application
Close the options window from the close icon top right of the screen.