INFORMATION ON THE PROCESSING AND PROTECTION OF PERSONAL DATA
(art. 13 of EU Regulation no. 679/2016)
This information describes the processing of your personal data and is provided pursuant to Article 13 of EU Regulation 679/2016 (hereinafter "GDPR") and applicable national privacy and personal data protection legislation.
1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
First Personal Coin Srl, with registered office in Ivrea, via Torino 497, (Tax Code and VAT number 12496300018), in the person of the legal representative pro tempore Carozzi Mariano Giovanni (Tax Code: CRZMNG62M21F205N - email: web@firstpersonalcoin.it) as the data controller of personal data (hereinafter "FPC" or also the "Controller").
If the Controller makes use of data processors or sub-processors pursuant to Article 28 GDPR, the updated list of processors and those responsible for processing is kept at the Controller's registered office.
2. TYPES OF PERSONAL DATA WE PROCESS
The types of personal data we collect depend on the purpose for which they are collected.
In general, we may collect the following types of personal data directly from you:
- common personal data (such as, by way of example but not limited to: name, surname, date and place of birth, address of residence, tax code, email address, phone number, social security or welfare position code, bank details);
- economic and transactional information (e.g., information related to activities carried out, etc.);
- geolocation data (e.g., information on the device used);
- banking and tax identification data;
- personal data provided through communications or attachments to communications;
- usage, navigation, functional, session, statistical, profiling data, including the user’s device identifier or IP address, the time when the user visits the site, the Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computing environment.
hereinafter “Personal Data”.
3. WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASES
The processing of your Personal Data by the Controller occurs:
A) without your express consent (Article 6 letters b) - f) GDPR), for the following purposes:
- to activate and manage the user profile;
- to fulfill pre-contractual, contractual, and fiscal obligations arising from relationships in which the data subject is a party (for example, for the provision of services reserved for registered users);
- to comply with obligations established by law, regulation, EU legislation, or an order from an Authority;
- to pursue a legitimate interest of the Controller or third parties, provided that such interests do not prevail over the interests or fundamental rights and freedoms of the data subject requiring the protection of Personal Data (e.g., the right to defense in court of the Controller).
B) Only with your specific and distinct consent (Article 6 letter a) and Article 7 GDPR), for the following marketing purposes:
- to send via email, mail and/or SMS push notification and/or phone contacts, newsletters, commercial communications, and/or advertising material on the services offered by the Controller and to measure the degree of satisfaction with the quality of the services.
C) Only with your specific and distinct consent (Article 6 letter a) and Article 7 GDPR), for the following profiling purposes:
- to send advertising communications, offers, and promotions via email, mail, and/or SMS and/or phone contacts that are consistent with the profile of the data subject.
Profiling will allow the Controller to personalize the offer of products and services to Users. To this end, the Controller will evaluate the type and number of information requests made, also through the Site, purchases of goods or services made from the Controller, demographic and contact information (such as the place of residence), as well as other information provided by the Client (e.g., age and profession).
If you have denied your consent, it will not be possible to carry out the activities mentioned in B) and C), and if you have given your consent to the processing activities mentioned in B) and C), you will still have the right to revoke your consent at any time.
4. HOW LONG WE KEEP AND PROCESS YOUR PERSONAL DATA
Your Personal Data will be processed by the Controller for the period necessary to achieve the purposes of the processing referred to in the previous article 4, after which they will be kept only in compliance with current legal obligations, for administrative purposes, and/or to assert or defend a right, and in any case, no longer than the terms set by law for the prescription of rights.
Personal Data for the purposes referred to in letters B) and C) of the previous article 4 will be processed by the Controller respectively for a maximum of 24 months and a maximum of 12 months, extended in the case of actual adherence to the services mentioned in the aforementioned points.
5. HOW WE PROCESS YOUR PERSONAL DATA
Personal Data is processed in both paper and electronic and/or automated forms for the time necessary to achieve the purposes for which they are collected by the Controller or by parties duly authorized and/or appointed to perform such tasks, constantly identified and/or appointed, properly trained, and informed of the legal constraints, as well as through the use of security measures to ensure the confidentiality and avoid risks of loss or destruction, unauthorized access, unauthorized or non-compliant processing with the purposes mentioned above.
6. TO WHOM WE MAY DISCLOSE YOUR PERSONAL DATA
For the purposes mentioned above, the data collected may be made accessible or disclosed to:
- employees and collaborators of the Controller, in their capacity as authorized personnel for processing, within the scope of their respective duties and in accordance with the instructions received. These individuals are subject to confidentiality and secrecy obligations;
- third parties performing outsourcing activities on behalf of the Controller whose activity is connected, instrumental, or supportive of the Controller's (e.g., management software);
- all public and/or private entities, natural and/or legal persons (such as, by way of example, legal, administrative, and tax consulting firms, private social security and assistance funds, judicial offices, Chambers of Commerce), if the communication is necessary or functional for the correct fulfillment of contractual obligations assumed, as well as legal obligations;
- all entities (including Public Authorities) who have access to Personal Data by virtue of legislative or administrative measures;
In any case, your collected personal data will not be disclosed.
7. TRANSFER OF PERSONAL DATA OUTSIDE THE EU
The management and storage of your Personal Data will take place in Europe.
The Controller may transfer Personal Data to third parties acting as independent data controllers or external data processors to enable the activities listed in this information.
If such transfer takes place to countries that do not provide the same level of protection as provided by GDPR or applicable law, or in any case an adequate level of protection for personal data, FPC will ensure that each of these recipient entities assumes specific contractual obligations in accordance with applicable data protection regulations (including the signing of the "SCC" Standard Contractual Clauses approved by the European Commission) or, in the absence of an adequacy decision pursuant to Article 45, paragraph 3 GDPR, or adequate safeguards pursuant to Article 46 GDPR, including binding corporate rules, will ask you, pursuant to Article 49 GDPR, for the possibility of transferring personal data to a Third Country with your specific consent.
In any case, you can request more information regarding the transfer of your Personal Data, including receiving a table listing the detailed list of external Processors, with a description of the activities performed by them and the location of their servers, by writing to the email address xxxxxxx. It is understood that the Controller, if necessary, will have the right to process your Personal Data outside the EU (EEA). In this case, the Controller ensures that the transfer of data outside the EU will be in compliance with applicable law provisions by stipulating, if necessary, agreements that ensure an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.
8. YOUR RIGHTS
Pursuant to Articles 15 et seq. of the GDPR and applicable national privacy and personal data protection legislation, you have the right to:
1) Obtain from the Controller confirmation as to whether or not personal data concerning you is being processed and, if so, access the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular, if recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- where the data is not collected from the data subject, any available information as to its source;
- the existence of automated decision-making, including profiling.
2) Obtain from the Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3) Obtain from the Controller the erasure of personal data concerning you without undue delay and the Controller has the obligation to erase personal data without undue delay within the limits and cases provided by current legislation.
4) Obtain from the Controller the restriction of processing.
Receive in a structured, commonly used, and machine-readable format the personal data concerning you provided to the Controller and have the right to transmit such data to another data controller without hindrance from the Controller to whom the data was provided, where the processing is based on consent or a contract and the processing is carried out by automated means.
5) Object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.
6) If you believe that your rights have been violated by the Controller, lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) and/or other competent supervisory authorities under the GDPR.
The Controller, following the exercise of the rights referred to in points 2), 3), and 4), shall communicate to each of the recipients to whom the personal data has been disclosed any rectification or erasure or restriction of processing within the limits and in the forms provided by current legislation.
To exercise the above rights towards the Controller, you must submit a written request by sending a registered letter with return receipt to First Personal Coin Srl, via Torino 497 - 10015 Ivrea or by sending an email to web@firstpersonalcoin.it.
9. WHAT HAPPENS IF THERE ARE CHANGES TO THE PRIVACY POLICY
This information may be changed and/or updated at any time. If the Controller intends to process your Personal Data for purposes different from those specified in the previous article 4, it undertakes to provide you with adequate information about such different purposes before such further processing and to carry out such further processing in compliance with current legislation, collecting, where necessary, your specific consent.
This Privacy policy was published on 18.07.2024
Any updates will be published on this page.