Information regarding data processing

EU Regulation 2016/679

Pursuant to current legislation in the framework of the 2016/679 EU Regulation (GDPR) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (Privacy Code), and in relation to personal data concerning you and which will form object of treatment, we inform you of the following.

Pursuant to said law, your personal data will be processed in accordance with principles of fairness, lawfulness, relevance, transparency and protection of your confidentiality and of your rights.

1. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

The purpose of data processing

a) is to perform the services offered through the portal and manage requests or subscriptions to initiatives reserved for registered users; the legal basis of the processing is its requirement in order to fulfil the request of the data subject

b) with your express consent is to collect data for marketing purposes in order to send commercial communications by traditional means (post and landline) or automated means (email, mobile, text, MMS, fax, social media, whatsapp, telegram) related to the activity of the controller or of their third-party clients, stakeholders or partners; the legal basis of the processing is the consent of the data subject

c) with your express consent can be to perform market research and statistical analyses: marketing and for analysis and definition of profiles and preferences; the legal basis of the processing is the consent of the data subject

d) with your express consent can be to disclose data to third parties as described in point 6 below for marketing purposes; the legal basis of the processing is the consent of the data subject

e) can be to trace the perpetrators of possible crimes only in case of specific requests from and on behalf of the competent authorities; the legal basis of the processing is the protection of the controller’s rights in relation to legal obligations.

f) This site uses services and interactions with external platforms in order to offer the best browsing experience. These external services and platforms may collect, for the Controller, information, always anonymous and never identifying, about the user's behavior. Also, these external services and platforms may collect certain user data, governed directly by their privacy settings. To follow the Controller specifies these services and platforms:

- INTERACTION WITH SOCIAL NETWORK AND EXTERNAL PLATFORMS

These services allow interaction with social networks, or other external platforms, directly from the pages of this Site. The interactions and information acquired from this Site are in any case subject to the User's privacy settings relating to each social network. In the event that an interaction service with social networks is installed, it is possible that, even if the Users do not use the service, the same collect traffic data relating to the pages in which it is installed.
• +1 button and Google+ social widgets (Google Inc.)
The +1 button and Google+ social widgets are services for interacting with the Google+ social network, provided by Google Inc.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy
Like button and Facebook social widgets (Facebook, Inc.)
The "Like" button and Facebook social widgets are services of interaction with the social network Facebook, provided by Facebook, Inc.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy
Tweet button and Twitter social widgets (Twitter, Inc.)
The Tweet button and Twitter social widgets are services of interaction with the Twitter social network, provided by Twitter, Inc.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA – Privacy Policy
STATISTICS
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.
GOOGLE ANALYTICS (GOOGLE INC.)
Google Analytics is a web analytics service provided by Google Inc. ("Google"). Google uses Personal Information collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google. Google may use the Personal Data to contextualize and personalize the advertisements of its advertising network.
Personal data collected: cookies and usage data.
Place of processing: USA – Privacy PolicyOpt Out
DISPLAY OF CONTENTS FROM EXTERNAL PLATFORMS
This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them.
If a service of this type is installed, it is possible that, even if the Users do not use the service, the same collect traffic data relating to the pages in which it is installed.
GOOGLE FONTS (GOOGLE INC.)
Google Fonts is a service of visualization of font styles managed by Google Inc. that allows this application to integrate such contents within its pages.
Personal data collected: cookies and usage data.
Place of processing: USA – Privacy Policy
WIDGET GOOGLE MAPS (GOOGLE INC.)
Google Maps is a map visualization service managed by Google Inc. that allows this application to integrate such contents within its pages.
Personal data collected: cookies and usage data.
Place of processing: USA – Privacy Policy

2. DATA PROCESSING METHODS AND DATA STORAGE TIME
Data processing:

a) is performed via operations or sets of operations as defined in applicable law: collection, recording and organisation; processing, including alteration, alignment, combination; use, including consultation, disclosure, selection, extraction; blocking of disclosure, erasure, destruction; security, protection, including availability, confidentiality, completion, protection;

b) is performed by electronic or automated means, with the insertion and collection of data in electronic databases belonging to Across srl, through which operations listed in a) are then conducted;

c) is also performed to complete and enhance the data collected with freely and lawfully available data, by non-electronic means and organised in paper-based filing systems;

d) is performed directly by the controller’s organisation, as well as possibly by third parties to provide services to their clients.

e) data collected to perform activities for the purposes described can be transferred abroad in accordance with the rules provided for in applicable law, by taking all appropriate precautions to ensure an adequate level of protection of said data.

Data will be processed by internal and external officers and by those assigned by the controller to perform activities for the purposes described above. Specifically, data can be made available to third-parties that perform outsourcing services on behalf of Across srl, to companies that provide commercial information and are authorised to access public offices, registers and bulletins and to banks for the purposes provided for by law. Identifying data of assigned processors will be available at the headquarters of Across srl

Data provided by the data subject can be consulted by banks where lawfully available and used to update, rectify and complete information already provided and to verify compliance with requirements to access specific benefits and advantages.

Moreover, personal data can be disclosed to third parties and to government departments in order to comply with contractual obligations and the law.

Data will be stored as long as necessary for the pursued purposes, in accordance with legal obligations and restrictions provided for by law regarding data erasure.

3. COOKIES

Cookies are text files that websites send to a visitor’s computer or other device connected to the internet, to uniquely identify the visitor’s browser itself or to save information or settings on the browser.

We use cookies to improve our website and to provide clients with better service and functionality. Specifically, we use them to remember the information provided by the user and to memorise the user’s preferences when using the website, allowing Across srl to improve the performance and design of the website. They may be shared with analytical instrument suppliers and may also enable the provision of promotional information.

You can limit or disable the use of cookies via your browser, however in that case, some features of the websites could become inaccessible.

Across srl uses Google Analytics, offered by Google to understand how visitors use our website, in order to improve it. The information collected is completely anonymous and does not identify individual visitors.

Users can disable Google Analytics by searching for and installing the opt-out add-on via the procedure described on the following link: https://tools.google.com/dlpage/gaoptout/

To improve the user experience on our website, we also use Hotjar. Hotjar is a technological service that helps us to understand the habits of our users more clearly (e.g. how much time they spend browsing on the pages online, which links they decide to click on, etc.). This enables us to manage and constantly improve our service, thanks to thefeedback provided by our users.

4. PROVISION OF DATA

Without prejudice to the autonomy of the data subject, providing personal data shall be:

a) obligatory under domestic or EU law or regulations;

b) strictly necessary for implementing the services offered, as well as to fulfil accounting and tax requirements;

c) optional with the aim of performing informational, marketing and promotional activities regarding the services available to the data subject.

The controller maintains that any mistake in communicating data considered obligatory (a-b) may render it impossible for the controller to guarantee the suitability of the processing pursuant to the contractual conditions for which it was provided, and may also result in the absence of communication of the data processing results according to legal obligations.

d) moreover, please note that should you provide data and consent, you can at any point exercise your rights set forth in point 9 below, and that any consent given in relation to receiving messages through traditional or automated means can be revoked or limited to just one of the communication methods mentioned above.

5. REFUSAL TO PROVIDE DATA

Should the data subject refuse to provide personal data

a) in cases referred to in point 1, a), they will be unable to use the services offered through the portal;

b) in cases referred to in point 1 b), c) and d), there will be no consequences on legal relationships that have been previously established, but it will exclude the possibility of performing informational or promotional activities regarding other initiatives available to the data subject

6. DISCLOSURE OF DATA

a) With your express consent, personal data can be disclosed to Across srl’s affiliates, subsidiaries and commercial partners for marketing purposes

b) with your express consent, personal data can also be disclosed to Across srl’s third-party clients, stakeholders and partners who, acting as independent data controllers, disseminate commercial communications via the internet, post, email, phone (text message, MMS, telemarketing). These third parties (the updated list of which is always available upon request from the Controller) belong to the product categories described below:

Communications: ICT products and services etc.;

Finance and banking sector: financial firms, insurance companies, investments, social security etc.;

Leisure: publishing, tourism, sport, collecting, photography, hobbies, communication and entertainment, art, music etc.;

Distribution and business: electronics, computers, image and sound, fashion, accessories, clothing, textile, bazaar, cosmetics and sanitary hygiene, chemical, pharmaceutical and bio-technology, agro-food, supermarkets, drinks, office supplies, furniture etc...

Automotive: products and services related to cars, industrial vehicles, bicycles and motorcycles, trucks, mechanics and metallurgy etc...

Energy and water: products related to electricity, hydrocarbons, gas, water and utilities etc.;

NGOs and charities: products and services related to not-for-profit organisations, foundations etc.;

Education, training, university etc.;

Communication and services: advertising agencies, marketing firms, event managers, consultancies, PR firms, advertising sales companies, media centres, telecommunications, market researchers, etc.; mobile marketing agencies etc.

Ecology and environment;

Construction, civil engineering and real estate products/services: construction, decoration, home, design, real estate agencies etc;

Exhibitions and events etc.

IT, internet, e-commerce websites etc...

6.2 Data could therefore be disclosed, transferred or provided under license with your express consent to natural and/or legal persons belonging to the categories described above, for the same purposes as those described in this document. These parties operate as “independent controllers” or as “processors”.

The data provided may be transferred to countries belonging to the European Union and to countries outside the EU, in order to comply with the aforementioned purposes. The data will be transferred according to Article 44 - General principle for the transfer; Article 45 - Transfer on the basis of an adequacy decision; Article 46 - Transfer subject to adequate guarantees, specifically the data will be transferred:
 - to third countries or international organizations for which the Commission has intervened with an adequacy assessment (Article 45 of the EU Reg. 2016/679)
- towards third countries or international organizations that have provided adequate guarantees and in which the person concerned has rights to action and effective remembrance (article 46 EU Reg. 2016/679, also with contractual clauses and the other provisions referred to in Article 46 (3))
- towards third countries or international organizations on the basis of exceptions in specific situations (Article 49 of the EU Reg. 2016/679).

7. DISSEMINATION OF DATA

Personal data are disseminated to the parties described in point 6.

Any disclosure or dissemination in addition to those described above will only occur subject to your explicit consent.

8. CONTROLLER AND DATA PROTECTION OFFICER

The controller is Across srl in the person of its pro tempore legal representative

Identifying data of the personal data processor can be acquired at the headquarters of Across srl with its registered office in Turin, via Lagrange n. 35.

It is possible to request erasure of the data by writing to Across srl, Via Lagrange n. 35 10123 Turin, or by sending an email to: responsabileprivacy@across.it.

To object to receiving text messages, notwithstanding the possibility of sending an email to the above-mentioned email address, you can simply reply straight to the text received, with "Cancel" or "Stop".

The company has designated, pursuant to art. 37 GDPR, a Data Protection Officer. The DPO can be contacted at the appropriate email address: dpo@across.it

9. DATA SUBJECT RIGHTS

Within the limits and conditions provided for by law, the controller shall be obligated to respond to the data subject’s requests regarding their personal data. Specifically, under applicable law:

1. The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and in such cases, access to the personal data and to the following information:
the purposes of the processing;
the categories of the personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be transferred, in particular recipients in third countries or international organisations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling

2. The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay within the limits and cases provided for by applicable law. The controller shall inform all recipients to which personal data were transferred of any rectification or erasure or restriction of the processing, within the limits and conditions provided for by applicable law.

4. The data subject shall have the right to obtain from the controller restriction of processing.

5. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

This version of the notice on personal data processing was updated on 13-09-2018.