Privacy

Pursuant to Article 13, Regulation (EU) 2016/679 (the "Regulation" or the "GDPR")

With this privacy policy, the Joint Data Controllers (as defined below) wish to illustrate the purposes for which they collect and process your personal data, what categories of data are processed, what rights you have under data protection legislation, and how you can exercise them, in addition to allowing you - where necessary - to give your consent for specific processing activities.

1. JOINT DATA CONTROLLERS
Tinexta S.p.A., parent company of a group of companies (the "Group") listed on the website www.tinexta.com/gruppo, with registered premises in Rome (RM), at Piazza Sallustio n. 9, VAT no. 10654631000, represented by the pro tempore legal representative thereof ("Tinexta" or the "Holding"), together with

InfoCert S.p.A. with registered premises in Rome, at  Piazza Sallustio, n. 9, tax identification number and VAT number 07945211006, represented by the pro tempore legal representative thereof (“InfoCert”);

Warrant Hub S.p.A. with registered premises in Correggio, at Corso Mazzini n. 11, tax identification number and VAT number:  02182620357, represented by the pro tempore legal representative thereof (“Warrant”);

Co.Mark S.p.A. with registered premises in Bergamo, at Via Stezzano n. 87, tax identification number and VAT number:  02608530164, represented by the pro tempore legal representative thereof (“Co.Mark”);

Innolva S.p.A. with registered premises in Buja (UD), at Via De Cocule n. 8, tax identification number and VAT number:  01836920304, represented by the pro tempore legal representative thereof (“Innolva”);

ReValuta S.p.A. with registered premises in Milan, at Via Meravigli n. 7, tax identification number and VAT number:  07234690969, represented by the pro tempore legal representative thereof (“Re.Valuta”);

Sixtema S.p.A. with registered premises in Rome, at Via Marco e Marcelliano, n. 45, tax identification number and VAT number:  09884901001, represented by the pro tempore legal representative thereof (“Sixtema”);

Visura S.p.A. with registered premises in Rome, at Via Lungotevere dei Mellini, n. 44, tax identification number and VAT number:  053387771008, represented by the pro tempore legal representative thereof (“Visura”);

(InfoCert, Warrant, Co.Mark, Innolva, ReValuta, Sixtema, Visura, referred to jointly as the “Subsidiaries” and individually as “Subsidiary”)

are joint controllers of your personal data (Tinexta and the Subsidiaries, hereinafter referred to jointly as the "Joint Controllers" and individually as "Joint Controller").

The Joint Controllers have entered into a joint controllership agreement pursuant to Article 26, GDPR, to govern the reciprocal roles and responsibilities relating to joint controllership of the personal data of the users of the Joint Controllers' sites who have provided their personal data, unsolicited,  on a specific page  in order to be contacted to receive commercial proposals processed within the context of centralised activities and/or activities carried out as part of partnerships between the Subsidiaries and the Holding (the "Agreement").

It follows that any personal data you may provide in specific forms will be automatically processed jointly by Tinexta and the Subsidiaries.

The essential content of the Agreement will be provided to you upon specific request sent to either Joint Controller.

The Joint Controllers can be reached using the following contacts details :

Tinexta: by email to tinexta@legalmail.it, or via standard mail addressed to Tinexta S.pA., at Piazza Sallustio 9, - 00187 Rome;

InfoCert: by email to info@infocert.it, or via standard mail addressed to InfoCert S.pA., at Piazza Sallustio 9, - 00187 Rome;

Warrant: by email to info@warranthub.it, or via standard mail addressed to  Warrant Hub S.p.A.., at Corso Mazzini, n. 11, 42015 Correggio (RE);

Co.Mark: by email to info@comarkspa.it or via standard mail addressed to  Co.Mark S.p.A.., at Via Stezzano, n. 87, 24126 Bergamo;

Innolva: by email to info@innolva.it or via standard mail addressed to Co.Mark S.p.A.., at Via Cocule, n. 8, 33030, Buja (UD);

ReValuta: by email to inforevaluta@revaluta.it or via standard mail addressed to ReValuta  S.p.A.., at Via Meravigli, n.7,  20123, Milan;

Sixtema: by email to info@sixtema.it or via standard mail addressed to Sixtema S.p.A.., at Via Marco e Marcelliano, n. 45, 00147, Rome;

Visura: by email to visura@visura.it or via standard mail addressed to Visura S.p.A.., at Lungotevere Mellini, n. 44, 00193 Rome;

2. DATA PROTECTION OFFICER:     

The Joint Controllers have both designated the Group data protection officer as their own data protection officer (hereinafter either "Data Protection Officer" or "DPO").

You can contact the DPO via certified email at the following address: dpo_tinexta@legalmail.it, or by conventional mail at the following address:

Data Protection Officer

Tinexta S.p.A.

Piazza Sallustio n. 9

00187 Rome (RM).

3. DEFINITION OF PERSONAL DATA AND INFORMATION RELATING TO PROCESSING ACTIVITIES

Pursuant to the GDPR, personal data means: “any information that relates to an identified or identifiable natural person; a natural person is considered to be identifiable if the identity thereof can be established, directly or indirectly, by means, in particular, of an identifier such as a name, an identification number, location data, an online identifier or one or more specific traits or features which express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person (the “Data”).”

As part of the activities which are required or useful in order to respond to your request for commercial and promotional information, the Joint Controllers collect and process the following categories of Data:

1. registration and identification details (e.g., first name, surname);
2. contact details, such as addresses (residence or other address used for notification purposes), email address, and telephone number;
3. company/firm, industry,
4. in general, any other information you may have provided as useful to achieve the purposes set out below.

Within this context, you are informed that, with a view to improving and increasing the efficiency of the business, the Group has a shared system for managing  the data of users of the Joint Controllers' websites who ask to be contacted with commercial and/ or promotional information, which is based on a single IT facility that will allow - amongst other things - the sharing of your data among the Joint Controllers.

The provision of your data is entirely voluntary; however, refusal to provide the information requested could prevent the Joint Controllers from carrying out your requests.

In any case, the Joint Controllers undertake to ensure that the information collected and used is appropriate for the purposes stated below, and that this does not constitute an invasion of your privacy.

4. PURPOSE OF THE PROCESSING AND LEGAL BASIS THEREOF

1. Performance of ordinary prior checks
   The Joint Controllers may collect and process your data to perform ordinary preliminary checks  in order to provide commercial offers and promotions useful for the subsequent establishment of a contractual relationship. If your data is processed, the processing will be performed in compliance with the lawfulness condition stated in Article 6, paragraph 1, section f), GDPR, i.e. based on the legitimate interest of the Joint Controllers to assess the reliability of their contractual counterparty and prevent the risk of possible fraud.
2. Processing your requests
   The Joint Controllers will process the Data in order to carry out your requests and, specifically, as part of the related activities deemed necessary or useful for the processing thereof, including creating your personal data record within the system, carrying out technical or customer assistance activities in general, etc.
   To achieve these purposes, the Joint Controllers process your data in compliance with the lawfulness condition stated in Article 6, paragraph 1, section b), GDPR, as the processing is necessary in order carry out measures which you have requested.
3. Performance of marketing activities:
   The Joint Controllers will process the Data to send you emails about the following: (i) commercial or promotional information concerning their products and/or services; (ii) invitations to participate in any initiatives, promotional campaigns, or events, workshops, courses, seminars, and round tables organised by the Joint Controllers, possibly in conjunction with third parties.
   In this regard, you are informed that in order to send you offers relating to products and services that may be of interest to you and to invite you to take part in initiatives which you may appreciate, the Joint Controllers may take your characteristics into consideration (based on the data you have provided to the Joint Controllers). However, this will not affect your rights and freedoms as a data subject, as you will still be able to access all the products/services offered by the Joint Controllers or by the other companies in the Group without any restrictions being applied on the basis of your characteristics.
   The Joint Controllers will process your data in compliance with the principles set out in the GDPR and on the basis of their legitimate interest, as provided for in Article 6, paragraph 1, section f), GDPR. On this matter, please note that you may exercise your right not to receive any further emails by following the instructions found at the end of each promotional email or, alternatively, in the way stated in Section 9 below; you may exercise this right at any time and at no cost.
   Additionally, if you have given your consent, either Joint Controller may process the aforesaid Data to send you commercial and/or promotional information relating to all the products or services offered by the other Group member companies and/or by third parties, as well as to invite you to any events, demonstrations, seminars, etc. it organises ("Indirect Marketing").
   Your data may be processed for this purpose only if you have given your consent, which renders it lawful. Regarding this aspect, you are informed that you have the right to withdraw any consent previously expressed, doing so free of charge and at any time, using the link available at the bottom of all indirect marketing emails you may have received or by contacting either of the Joint Controllers in the way stated in paragraph 9.
4. Sending customer satisfaction feedback emails:
   In order to improve their services in the future and the customer experience in general, the Joint Controllers may contact you by email or phone (through an operative) to ask your opinion on a particular sales initiative or activity offered by the Joint Controllers.
   In this case, your Data will be processed on the basis of the legitimate interest of the Joint Controllers, in compliance with the principles set out in the GDPR.
   In this regard, you may exercise the right not to be contacted by unsubscribing using the relative link which can be found at the foot of each of the customer satisfaction emails you may receive; you may unsubscribe at any time and at no cost.
   If you do not wish to be contacted by phone by an operative, you are advised that you can exercise your right to stop receiving calls by contacting one of the Joint Controllers at the addresses stated above, or by registering with the Registro delle Opposizioni (list of national telephone numbers and relating addresses which cannot be used for contacts for sales and marketing purposes).
   In this case, it will no longer be possible for the Joint Controllers to contact you again to seek your opinion about an offer or sales initiative offered by the Joint Controllers.
5. Performance of  statistical analyses:
   The Joint Controllers may process your personal data when carrying out market and/or statistical research about their activities.
   Within this context, information is generally stored anonymously and processed in an aggregate format. Usually, therefore, these activities do not constitute personal data processing as defined above, i.e. data meant as information attributable to you as an identifiable party.
   If, on the other hand, Data (as defined above) is processed, appropriate security measures will be adopted (such as, for example, pseudonymisation). In the event, the processing will be carried out on the basis of the legitimate interest of the Joint Controllers.

5. DISCLOSURE OF DATA TO THIRD PARTIES LOCATED WITHIN THE EUROPEAN ECONOMIC AREA

The Joint Controllers may disclose your data to third parties that provide them with services which are necessary, instrumental, or in some way connected to the aforesaid purposes.

More specifically, your Data may be disclosed to parties (e.g., companies, associations, entities, freelance professionals) working with the Joint Controllers as part of the activities required to market and promote their products or services, including, for example, technology service providers, marketing and/or communication agencies, and external consultants, assigned to carry out the processing as data processors. An updated list of these data processors is kept by the Joint Controllers and is available upon request.

Either Joint Controller may also disclose your Data to third parties when legally required to do so, as well as to public administration authorities, other organisations established within the European Economic Area, and to credit or electronic money institutions with which the Joint Controllers work. These parties will process your Data as independent controllers.

Finally, if you have given your consent to this, your data may be disclosed to third parties, who, as independent controllers, will process it in order to send you their commercial or promotional information.

6. TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

Furthermore, in order to achieve the aforesaid purposes, your Data may be passed on to parties established in countries outside the European Economic Area which offer the Joint Controllers services relating to the processing activities carried out.

This transfer, if applicable, will always take place in compliance with the conditions set out in the GDPR and will be governed (depending on the recipients) by the standard contractual clauses adopted by the European Commission or, alternatively, on the basis of a Commission adequacy decision and/or any other instrument permitted by applicable legislation.

More information about where your data has been transferred (when necessary) may be obtained by contacting the addresses referred to in Sections 1 and 2.

7. RETENTION PERIOD

The Joint Controllers will process your data solely for the time strictly necessary to achieve the purposes specified in detail.

In particular, depending on the purposes of the processing, the data will be processed for the following lengths of time when retained for the following purposes:

1. Performance of ordinary prior checks: your data will only be retained for as long as is necessary to carry out the said checks;
2. Processing your requests: your data will be processed for 12 months as of your provision of the data and retained for the following six years, exclusively for purposes relating to meeting legal requirements or the defence of the rights of the Joint Controllers;
3. Performance of marketing activities: your Data will be processed for no longer than 12 months as of the date it was recorded, unless the right to object to processing is exercised, or you withdraw consent given for indirect marketing;
4. Sending customer satisfaction feedback emails: your data will be processed for a maximum of 12 months as of the date it was recorded or -  if later -  of receipt of the last special deal offered, unless the right to object to processing is exercised;
5. Performance of statistical analyses: your data will be processed for the same period of time as stated in point ii, without prejudice to the right to object to the processing.
   
   8. RIGHTS OF THE DATA SUBJECT

During the period in which the Joint Controllers are in possession of or are processing your Data, you, as a data subject, may exercise the following rights at any time:

• Right of access - You are entitled to obtain confirmation of the existence or otherwise of any processing concerning your data, and, if necessary, to receive any information relating to the said processing;
• Right to rectification - You are entitled to obtain the rectification of any of your Data in our possession if incomplete or inaccurate;
• Right to deletion - in certain circumstances, you are entitled to obtain the erasure of your data present in our archives provided that it is not relevant for the purposes of the ongoing  contractual relationship or necessary  in order to meet a legal requirement imposed on the Joint Controllers or to ascertain, exercise, or defend a right thereof in court;
• Right to restrict processing - provided that certain conditions are met, you are entitled to limit the  processing carried out concerning your data;
• Right to portability - provided that certain conditions are met, you are entitled to have your data in our possession transmitted to a different controller;
• Right to object - You are entitled to object, at any time and for reasons connected to your particular situation, to your data being  processed on the basis of the lawfulness of the legitimate interest or to perform a task of public interest or exercise public powers (including profiling) unless there are legitimate reasons for the Joint Controllers to continue the processing that overrule the interests, rights, and freedoms of the data subject or if necessary to establish, exercise, or defend a right in court;
• Right to withdraw consent - You are entitled to withdraw your consent to the processing of your data at any time, without prejudice to the lawfulness of processing already carried out based on the consent given previously;
• Right to file a complaint with the supervisory authority - in the event that the Joint Controllers refuse to meet your requests  for access, the reasons  therefor will be provided. If applicable, you are entitled to file a complaint in the way set out below.

The rights stated above may be exercised against the Joint Controllers by writing to the addresses given in §1 or by contacting the DPO of the Joint Controllers at the addresses given in §2.

You may exercise your rights as a data subject free of charge pursuant to and within the limits of Article 12, GDPR.

9. COMPLAINTS

If you wish to lodge a complaint about the ways in which your data is processed by the Joint Controllers, or about the way in which a request you have made has been handled, you are entitled to submit an application directly to the supervisory authority.