Information pursuant to Article 13 of Regulation (EU) no. 2016/679
Effective date: May 25th, 2018
Last updated: June 14th, 2018
Information pursuant to Article 13 of Regulation (EU) no. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, as well as on the free movement of such data (General Regulation on Data Protection, hereinafter also referred to as”GDPR”).
In compliance with the provisions of art. 13 and 14 of the GDPR, the information regarding the purposes and methods of processing of personal data and the scope of communication and diffusion, the nature of the data in our possession and their communication to third parties, are hereby presented.
We also inform you that the personal data you voluntarily made available to HSYCO s.r.l. (hereinafter also referred to as to as “the Company” or “HSYCO”) will be processed in compliance with current legislation on the protection of personal data and, in any case, the principles of confidentiality the Company’s activities are based on.
1 – Responsible body
Responsible body for the collection, processing and use of your personal data by the means of the GDPR is HSYCO
2 – Contact details
Strada 4 – Palazzo Q6
20089 Rozzano (MI) – Italy,
3 – Purpose of processing
The personal data you have made available to HSYCO may be used for the following purposes
for operations required for the management of the economic and contractual relationship and for the purpose of fulfilling tax and accounting obligations prescribed by national and EC legislation
in order to make proposals and offers of economic nature, entertain business correspondence as well as for data storage
personal data can be used for providing requested services, such as customer care or technical support
after your specific consent, sending information and commercial communications, also of a promotional nature (including our newsletter), advertising material and/or offers of goods and services, by any means (known or not), including, for example, mail, Internet, telephone, e-mail, MMS, SMS from Italy or abroad (also from countries not belonging to the European Community) by HSYCO, as well as by natural or legal persons contractually related to HSYCO who send communications on behalf of HSYCO;
We would like to remind you that, with reference to the purposes described in points a) and b), the provision of your personal data is mandatory. Your possible refusal and/or the provision of incorrect and/or incomplete information will prevent
in relation to the purpose referred to in points a) ad b): for HSYCO, the fulfilment of orders, the performance of administrative and accounting activities and the fulfilment of regulatory obligations.
in relation to the purpose referred to in point c): for HSYCO, the provision of the requested services
With reference to the other purposes described in point d), the provision of your personal data, and consent to the processing of the same for the above-mentioned purposes, is optional. However, your refusal to provide your data and/or consent to processing for the above-mentioned purposes and/or the provision of inaccurate and/or incomplete information may prevent the Company:
in relation to the purpose referred to in point d): sending promotional communications by HSYCO;
4 – Processing methods
Your personal data will be processed using appropriate hard-copy, electronic and/or telematic means, with a logic strictly related to the aforementioned purposes and, in any case, in such a way as to ensure the security and confidentiality of the data.
5 – Recipients or categories of recipients of personal data
The following may come into contact with your data in carrying their functions: shareholders, members of the Board of Directors or other administrative body and, in any case, the Managers designated by HSYCO and the persons in charge of processing personal data appointed by the Company.
Your personal data may be disclosed to any qualified persons who provide HSYCO with services instrumental to the purposes indicated in section 3 above, for example, parent companies, subsidiaries, investee companies and/or affiliates; suppliers, contractors, subcontractors, banking and/or insurance institutions or other entities and/or bodies that provide (on behalf of HSYCO):
Fiscal and Tax Advisors for the fulfilment of the fiscal and legal obligations according to the Italian and European legislation
Carriers and other Logistic Companies
Technical suppliers for the management and/or maintenance of websites and electronic and/or telematic tools used by HSYCO;
Technical suppliers for distribution of digital direct marketing
Other subjects if required by the Law;
Your personal data may be transferred abroad, in accordance with the provisions of current legislation, even in countries that do not belong to the European Union.
Transfer to countries outside the EU is carried out in such a way as to provide appropriate and opportune guarantees pursuant to article 46 or 47 or 49 of the Regulation
6 – Duration of the processing and criteria used for the storage of data
The data will be processed only for the time necessary to fulfil the above-mentioned purposes.
HSYCO has defined the categories of personal data that need to be treated and the criteria for their storage. Such data categories and storage criteria are listed in the table here below.
DATA CATEGORY AND RETENTION TIMEFRAME
Billing and Shipping data: 10 years + 6 months after the closing date of our current fiscal year
Security data (TVCC): 24 hours
Contact data: 10 years + 6 months after the closing date of our current fiscal year
e-mail address and other direct marketing data: 5 years
Data related to unlawful or fraudulent behaviour: Time necessary to resolve any potential litigation
Data related to credit rating and payments: 36 months
VAT number or National Identification Number: 10 years + 6 months after the closing date of our current fiscal year
Data required for billing, accounting, control and statutory book keeping: 10 years + 6 months after the closing date of our current fiscal year
Company economic data (such as equity, revenue, financial performance, organisational chart, sales and production): 36 months after the termination of the business relationship.
Customer care and tech support data: 10 years + 6 months after the closing date of our current fiscal year
Devices data, such as model, serial number, product code, software license, software version, MAC address, IP address, operating systems and settings: 10 years + 6 months after the closing date of our current fiscal year
NOTICE: this table is subject to modifications and revisions based on changes in the nature and ways of data treatment and modification of the standing legislation
7 – Rights of the party concerned
We inform you that at any time in relation to your data, you may exercise the rights provided for within the limits and conditions set forth in articles 7 and 15-22 of the Regulation.
In order to exercise these rights, as described below, please contact the Data Controller via the Privacy office at the e-mail address email@example.com Your request will receive appropriate feedback within the time prescribed by the GDPR.
Right to access:
You have the right to request information about the personal data we hold on you at any time. You can contact HSYCO and we will provide you with your personal data via e-mail.
Right to portability:
Whenever HSYCO processes your personal data, by automated means based on your consent or based on an agreement, you have the right to get a copy of your data transferred to you or to another party. This only includes the personal data you have submitted to us.
Right to rectification:
You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed.
Right to erasure:
You have the right to erase any personal data processed by HSYCO at any time except for the following situations:
you have an ongoing matter with Customer Service
you have an open order which has not yet been shipped or partially shipped
you have an unsettled debt with HSYCO, regardless of the payment method
if you are suspected or have misused our services within the last three years
if you have made any purchase, we will keep your personal data in connection to your transaction for book-keeping purposes
Right to object to processing based on legitimate interest:
You have the right to object to processing of your personal data that is based on HSYCO’s legitimate interest. HSYCO will not continue to process the personal data unless we can demonstrate legitimate grounds for the process which overrides your interest and rights or due to legal claims.
Right to object to direct marketing:
You have the right to object to direct marketing.
You can opt out from direct marketing by the following means:
following the instruction in each marketing emails
sending an e-mail to firstname.lastname@example.org
Right to restriction:
You have the right to request that HSYCO restricts the process of your personal data under the following circumstances:
if you object to a processing based HSYCO’s legitimate interest, HSYCO shall restrict all processing of such data pending the verification of the legitimate interest.
if you have claim that your personal data is incorrect, HSYCO must restrict all processing of such data pending the verification of the accuracy of the personal data.
if the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead
if HSYCO no longer needs the personal data but it is required by you to defend legal claims.
How can you exercise your rights?
We take data protection very seriously and therefore we have dedicated customer service personnel to handle your requests in relation to your rights stated above. You can always reach them at email@example.com
Right to complain with a supervisory authority:
If you consider HSYCO to process your personal data in an incorrect way you can contact us. You also have the right to raise a complaint to the Supervisory Authority for the protection of personal data if you believe that your rights have been violated
8 – Right to withdraw your consent and object to direct marketing
You have the right to withdraw your consent for the processing of your personal data at any time and also object to direct marketing.
When you do so, HSYCO won’t be able to send you any further direct marketing offers or information based on your consent.
You can opt out from direct marketing by the following means:
* following the instruction in each marketing post
* by writing an e-mail to firstname.lastname@example.org
9 – Automated decision making
When you apply for credit as a method of payment we may perform an automated decision-making process regarding your credit application. You have the right to to express your point of view and to contest the decision writing an e-mail to email@example.com
10 – Security
We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
11 – Links to Other Sites
12 – Children’s Privacy
Our Services do not address anyone under the age of 18. We do not knowingly collect personally identifiable information from children under 18. In the case we discover that a child under 18 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.
Any request relating to personal data processed by HSYCO may be sent be sent to the Company’s registered office:
Strada 4 – Palazzo Q6
20089 Rozzano (MI)
or by sending an e-mail to: firstname.lastname@example.org
On behalf of HSYCO S.r.l.