Data Processing Information
Data Controller
The Data Controller of your data related to the working relationship is Data River S.r.l. with registered office in via Emilia Est n. 985, Modena (MO).
Contact e-mail: info@datariver.it
PEC: datariver@pec.it
Data Protection Officer (DPO)
Data River has appointed as Data Protection Officer (DPO) the lawyer Vittorio Colomba – SCNet S.r.l. with law firm located in Modena in via Ciro Menotti 80.
The DPO can be reached by phone at +39 059 6130966 or at the following e-mail address: privacy@datariver.it
Customer information
Collaborator information
Supplier information
Meeting information
Video surveillance information
Information on Personal Data Processing for Customers of Data River S.r.l.
in Accordance with Article 13 of EU Regulation 679/2016 (GDPR)
Categories of Personal Data
The Data Controller processes the following types of Personal Data:
Common Personal Data:
- personal and contact data (name, surname, tax code, street address, telephone number, e-mail address)
- financial data (bank data, accounting and tax data to issue a receipt or invoice for the requested service, if necessary).
Purpose and legal basis
The processing of your data is carried out for the purpose of establishing and / or conduct business relationships or to allow the Data Controller to provide the services you requested.
At any rate, the Data Controller is committed to ensuring that the information collected and used is appropriate to the described purposes, and that this will not lead to infringing your privacy.
In accordance with Article 6.1 lett. b) and lett. c) of the Regulation, the legal basis for processing your Personal Data is the fulfilment of the contractual obligations of which you are a part, or the carrying out of pre-contractual measures at your request and in your favour, as well as the fulfilment of legal obligations imposed on the Data Controller.
Data conferment
The conferment of your Personal Data is optional.
However, we inform you that refusing to provide your Personal Data may determine the impossibility for the Data Controller to establish any business relationship or to follow up on an already existing professional contract between the parties.
Duration of data storage
All data referred to you will be processed by the Data Controller for the entire duration of the contract and will be kept for a period of 10 years after its termination for purposes related to the fulfilment of legal obligations or to defend the Controller’s legal claims.
Recipients of Personal Data
In carrying out its activities, Data River S.r.l. may communicate your Personal Data to appointed consultants for the execution of some necessary services in the pursuit of the processing purposes as specified in this statement.
Pursuant to Article 28 of the Regulation, Data River S.r.l. has proceeded to designate these subjects as Data Processors.
The list of Processors is updated by the Data Controller and can be requested at the Controller’s e-mail address: info@datariver.it.
Anyhow, the Data Controller may disclose your Personal Data, not only to the subjects to whom the communication is due by virtue of legal obligations, but also to Public Administrations, as well as to credit institutions with which the Controller operates for payment purposes.
Transfer of data abroad
At present, the Data Controller does not transfer your data to international companies and / or organizations located either in EU or non-EU territories.
Anyhow, it is understood that the Data Controller will have the right to transfer your Personal Data within the EU territory and / or to non-EU countries, if necessary.
If this were the case, the Data Controller ensures as of now that data transfer to non-EU territories will take place in accordance with articles 44 and subsequent of GDPR and with all applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection.
Your rights as a Data Subject
In accordance with Articles 15 to 22 of GDPR, as a Data Subject you may exercise certain rights, as the ones summarised below:
Right of access:
the right to obtain from the Controller confirmation as to whether your Personal Data are being processed, and access them – including a copy thereof – and receive details regarding their processing;
Right to rectification:
the right to obtain from the Controller without undue delay the rectification of your inaccurate Personal Data and to have incomplete Personal Data completed, including by means of providing a supplementary statement;
Right to erasure:
the right to obtain from the Controller the erasure of your Personal Data without undue delay where one of the following grounds applies:
- the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the Data Subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
- the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the Personal Data have been unlawfully processed;
- the Personal Data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
- the Personal Data have been collected in relation to the offer of information society services.
Right to restriction of processing:
the right to obtain from the Controller restriction of processing where one of the following applies:
- the accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data;
- the processing is unlawful, and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use instead;
- the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
- the Data Subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.
Right to data portability:
the right to receive your Personal Data, which you have provided to a Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another Controller, the processing of which is based on consent or on a contract and is carried out by automated means.
Right to object:
the right to object to the processing carried out for the execution of a task in the public interest or connected to the exercise of public authority or on the basis of the legitimate interest of the owner or third parties, as well as the right to object to the processing of your Personal Data executed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
These requests may be sent to the Data Controller at the e-mail address: info@datariver.it or, cumulatively by writing to the DPO’s contact e-mail address: privacy@datariver.it. You will receive feedback as soon as possible and, in any case, no later than 30 days from your request.
Processing based on automated decision-making
The Data Controller does not process Personal Data based on automated decision-making processes, including profiling.
Complaints
If you wish to file a complaint regarding the modalities in which your Personal Data are processed by the Data Controller or regarding the handling of a complaint you have proposed, you have the right to file a petition directly to the Supervisory Authority according to the methods indicated on the website www.garanteprivacy.it.
Information on Personal Data Processing for collaborators of Data River S.r.l.
in Accordance with Article 13 of EU Regulation 679/2016 (GDPR)
Categories of Personal Data
The Data Controller collects and processes your Personal Data in the pursuit of the requested professional service or in dealing with the ensuing business relationship.
The types of Personal Data processed are:
- name, surname, tax code;
- street address, telephone number, e-mail address and contact data in general;
- financial data.
Purpose and Legal Basis
The processing of your personal, contact and administrative (bank details, general accounting, etc.) data is carried out for the purpose of establishing and / or conduct a professional collaboration relationship.
At any rate, the Data Controller is committed to ensuring that the information collected and used is appropriate to the described purposes, and that this will not lead to infringing your privacy.
In accordance with Article 6.1 lett. b) and lett. c) of the Regulation, the legal basis for processing your Personal Data is the fulfilment of the contractual obligations of which you are a part, or the carrying out of pre-contractual measures at your request and in your favour, as well as the fulfilment of legal obligations imposed on the Data Controller.
Data Conferment
The conferment of your Personal Data is optional.
However, we inform you that refusing to provide your Personal Data may determine the impossibility for the Data Controller to establish any business relationship or to follow up on an already existing professional contract between the parties.
Recipients of Personal Data
In carrying out its activities, Data River S.r.l. may communicate your Personal Data to appointed consultants for the execution of some necessary services in the pursuit of the processing purposes as specified in this statement.
Pursuant to Article 28 of the Regulation, Data River S.r.l. has proceeded to designate these subjects as Data Processors.
The list of Processors is updated by the Data Controller and can be requested at the Controller’s e-mail address: info@datariver.it.
Anyhow, the Data Controller may disclose your Personal Data, not only to the subjects to whom the communication is due by virtue of legal obligations, but also to Public Administrations, as well as to credit institutions with which the Controller operates for payment purposes.
Duration of Persona Data Storage
All data referred to you will be processed by the Data Controller for the entire duration of the contract and will be kept for a period of 10 years after its termination for purposes related to the fulfilment of legal obligations or to defend the Controller’s legal claims.
Transfer of data abroad
At present, the Data Controller does not transfer your data to international companies and / or organizations located either in EU or non-EU territories.
Anyhow, it is understood that the Data Controller will have the right to transfer your Personal Data within the EU territory and / or to non-EU countries, if necessary.
If this were the case, the Data Controller ensures as of now that data transfer to non-EU territories will take place in accordance with articles 44 and subsequent of GDPR and with all applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection.
Your Rights as a Data Subject
In accordance with Articles 15 to 22 of GDPR, as a Data Subject you may exercise certain rights, as the ones summarised below:
Right of access:
the right to obtain from the Controller confirmation as to whether your Personal Data are being processed, and access them – including a copy thereof – and receive details regarding their processing;
Right to rectification:
the right to obtain from the Controller without undue delay the rectification of your inaccurate Personal Data and to have incomplete Personal Data completed, including by means of providing a supplementary statement;
Right to erasure:
the right to obtain from the Controller the erasure of your Personal Data without undue delay where one of the following grounds applies:
- the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the Data Subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
- the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the Personal Data have been unlawfully processed;
- the Personal Data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
- the Personal Data have been collected in relation to the offer of information society services.
Right to restriction of processing:
the right to obtain from the Controller restriction of processing where one of the following applies:
- the accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data;
- the processing is unlawful, and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use instead;
- the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
- the Data Subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.
Right to data portability:
the right to receive your Personal Data, which you have provided to a Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another Controller, the processing of which is based on consent or on a contract and is carried out by automated means.
Right to object:
the right to object to the processing carried out for the execution of a task in the public interest or connected to the exercise of public authority or on the basis of the legitimate interest of the owner or third parties, as well as the right to object to the processing of your Personal Data executed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
These requests may be sent to the Data Controller at the e-mail address: info@datariver.it or, cumulatively by writing to the DPO’s contact e-mail address: privacy@datariver.it. You will receive feedback as soon as possible and, in any case, no later than 30 days from your request.
Processing based on automated decision-making
The Data Controller does not process Personal Data based on automated decision-making processes, including profiling.
Complaints
If you wish to file a complaint regarding the modalities in which your Personal Data are processed by the Data Controller or regarding the handling of a complaint you have proposed, you have the right to file a petition directly to the Supervisory Authority according to the methods indicated on the website www.garanteprivacy.it.
Information on Personal Data Processing for suppliers of Data River S.r.l.
in Accordance with Article 13 of EU Regulation 679/2016 (GDPR)
Categories of Personal Data
The Data Controller will process the Personal Data you have provided in the context of the provision of services, such as Personal Data relating to the organization’s contact persons, such as e-mail addresses referable to natural persons and personal telephone numbers.
Purpose and Legal Basis
The processing of your personal, contact and administrative (bank details, general accounting, etc.) data is carried out for the purpose of establishing and / or conduct a professional collaboration relationship.
At any rate, the Data Controller is committed to ensuring that the information collected and used is appropriate to the described purposes, and that this will not lead to infringing your privacy.
In accordance with Article 6.1 lett. b) and lett. c) of the Regulation, the legal basis for processing your Personal Data is the fulfilment of the contractual obligations of which you are a part, or the carrying out of pre-contractual measures at your request and in your favour, as well as the fulfilment of legal obligations imposed on the Data Controller.
Data Conferment
The conferment of your Personal Data is optional. However, we inform you that refusing to provide your Personal Data may determine the impossibility for the Data Controller to establish any business relationship or to follow up on an already existing professional contract between the parties.
Recipients of Personal Data
In carrying out its activities, Data River S.r.l. may communicate your Personal Data to appointed consultants for the execution of some necessary services in the pursuit of the processing purposes as specified in this statement.
Pursuant to Article 28 of the Regulation, Data River S.r.l. has proceeded to designate these subjects as Data Processors.
The list of Processors is updated by the Data Controller and can be requested at the Controller’s e-mail address: info@datariver.it.
Anyhow, the Data Controller may disclose your Personal Data, not only to the subjects to whom the communication is due by virtue of legal obligations, but also to Public Administrations, as well as to credit institutions with which the Controller operates for payment purposes.
Duration of Personal Data Storage
All data referred to you will be processed by the Data Controller for the entire duration of the contract and will be kept for a period of 10 years after its termination for purposes related to the fulfilment of legal obligations or to defend the Controller’s legal claims.
Transfer of data abroad
At present, the Data Controller does not transfer your data to international companies and / or organizations located either in EU or non-EU territories.
Your Rights as a Data Subject
In accordance with Articles 15 to 22 of GDPR, as a Data Subject you may exercise certain rights, as the ones summarised below:
Right of access:
the right to obtain from the Controller confirmation as to whether your Personal Data are being processed, and access them – including a copy thereof – and receive details regarding their processing;
Right to rectification:
the right to obtain from the Controller without undue delay the rectification of your inaccurate Personal Data and to have incomplete Personal Data completed, including by means of providing a supplementary statement;
Right to erasure:
the right to obtain from the Controller the erasure of your Personal Data without undue delay where one of the following grounds applies:
- the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the Data Subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
- the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the Personal Data have been unlawfully processed;
- the Personal Data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
- the Personal Data have been collected in relation to the offer of information society services.
Right to restriction of processing:
the right to obtain from the Controller restriction of processing where one of the following applies:
- the accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data;
- the processing is unlawful, and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use instead;
- the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
- the Data Subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.
Right to data portability:
the right to receive your Personal Data, which you have provided to a Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another Controller, the processing of which is based on consent or on a contract and is carried out by automated means.
Right to object:
the right to object to the processing carried out for the execution of a task in the public interest or connected to the exercise of public authority or on the basis of the legitimate interest of the owner or third parties, as well as the right to object to the processing of your Personal Data executed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
These requests may be sent to the Data Controller at the e-mail address: info@datariver.it or, cumulatively by writing to the DPO’s contact e-mail address: privacy@datariver.it. You will receive feedback as soon as possible and, in any case, no later than 30 days from your request.
Processing based on automated decision-making
The Data Controller does not process Personal Data based on automated decision-making processes, including profiling.
Complaints
If you wish to file a complaint regarding the modalities in which your Personal Data are processed by the Data Controller or regarding the handling of a complaint you have proposed, you have the right to file a petition directly to the Supervisory Authority according to the methods indicated on the website www.garanteprivacy.it.
Privacy Policy given to Participants of Meetings at DataRiver S.r.l. Premises
in accordance with Article 13 EU Regulation 679/2016 (GDPR)
Conferment and Categories of Data Processed
The Data Controller will process common data relating to you, i.e. your name, surname and reference to your professional origin. The conferment of your data is optional. In any case, we inform you that any refusal to provide your Personal Data may determine the impossibility for Data River S.r.l. to allow your participation in the meeting.
Purpose and Legal Basis
Your data will be processed to record your participation in the meetings held at DataRiver’s premises.
This processing is lawful on the basis of a legal obligation which the Data Controller is required to fulfil (Article 6, paragraph 1, letter c) of the Regulation).
Recipients of Personal Data
The data processed Data River S.r.l. will be accessed only by authorized subjects. The list of subjects to whom we communicate your data, appointed as Data Processors pursuant to Article 28 of the GDPR, can be requested via ordinary e-mail to the following address: privacy@datariver.it.
In any case, the Data Controller may communicate your Personal Data to the subjects to whom the communication is due by virtue of legal obligations.
Duration of Personal Data Storage
The Personal Data you provided to us for participating in the meeting will be kept for a period of five years. They will then be deleted.
Transfer of Personal Data Abroad
At present, the Data Controller does not transfer your data to international companies and / or organizations located either in EU or non-EU territories.
Your Rights as a Data Subject
In accordance with Articles 15 to 22 of GDPR, as a Data Subject you may exercise certain rights, as the ones summarised below:
Right of access:
the right to obtain from the Controller confirmation as to whether your Personal Data are being processed, and access them – including a copy thereof – and receive details regarding their processing;
Right to rectification:
the right to obtain from the Controller without undue delay the rectification of your inaccurate Personal Data and to have incomplete Personal Data completed, including by means of providing a supplementary statement;
Right to erasure:
the right to obtain from the Controller the erasure of your Personal Data without undue delay where one of the following grounds applies:
- the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the Data Subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
- the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the Personal Data have been unlawfully processed;
- the Personal Data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
- the Personal Data have been collected in relation to the offer of information society services.
Right to restriction of processing:
the right to obtain from the Controller restriction of processing where one of the following applies:
- the accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data;
- the processing is unlawful, and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use instead;
- the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
- the Data Subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.
Right to data portability:
the right to receive your Personal Data, which you have provided to a Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another Controller, the processing of which is based on consent or on a contract and is carried out by automated means.
Right to object:
the right to object to the processing carried out for the execution of a task in the public interest or connected to the exercise of public authority or on the basis of the legitimate interest of the owner or third parties, as well as the right to object to the processing of your Personal Data executed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
These requests may be sent to the Data Controller at the e-mail address: info@datariver.it or, cumulatively by writing to the DPO’s contact e-mail address: privacy@datariver.it. You will receive feedback as soon as possible and, in any case, no later than 30 days from your request.
Processing based on automated decision-making
The Data Controller does not process Personal Data based on automated decision-making processes, including profiling.
Complaints
If you wish to file a complaint regarding the modalities in which your Personal Data are processed by the Data Controller or regarding the handling of a complaint you have proposed, you have the right to file a petition directly to the Supervisory Authority according to the methods indicated on the website www.garanteprivacy.it.
Information on Personal Data Processing Related to the Use of Video Surveillance Systems
in accordance with Article 13 EU Regulation 679/2016 (GDPR)
Regulatory Sources
The General Data Protection Regulation (Reg. Nr. 679/2016 of 27 April 2016, hereinafter referred to as “GDPR”) regarding the protection of individuals in the processing and free movement of particular data, has the purpose to ensure that data are processed in compliance with the rights, fundamental freedoms, and the dignity of individuals, with particular reference to confidentiality and personal identity.
Your Personal Data, acquired by DataRiver S.r.l., will be processed in fulfilment of the legislation provided for by the GDPR and in compliance with the aforementioned rights and obligations.
This information supplements the simplified version provided to the Data Subjects through signs placed before entering in the radius of the video surveillance cameras installed by DataRiver S.r.l.
Categories of Personal Data
The Personal Data referred to you, that DataRiver S.r.l. processes using the video surveillance system installed at its headquarters in via Emilia Est n.985, Modena (MO), correspond to the images that might represent you where you enter in the range of the Data Centre’s surveillance camera.
Purpose and Legal Basis
The processing of your Personal Data is carried out exclusively for security purposes based on the provisions of the GDPR and the Provision of the Data Protection Supervisor regarding video surveillance dated 8 April 2010. In particular, it is necessary to guarantee the safety and protection of the company assets from acts harmful acts or from other criminally relevant facts.
The treatment has no purpose of remote control of the workers and the acquired images will not be used in any way in the context of disciplinary proceedings against the workers.
The legal basis for this treatment can be found in the pursuit of the legitimate interest of the Data Controller pursuant to Article 6, paragraph 1, lett. f) of GDPR.
Processing modalities
The processing of images, including their deletion, is carried out using security measures that grant the confidentiality of the Data Subject to whom the data refer, and to avoid undue access to third parties or unauthorized staff, in compliance with the provisions dictated by the Data Protection Supervisor with the aforementioned provision on video surveillance of 8 April 2010.
In particular, there is 1 (one) video camera positioned near the access to the data centre. The video camera records images only where the sensors detect movements in the area of interest, that is only in the event one accesses this environment.
Recipients of Personal Data
The images may be communicated to subjects who, if strictly established by law, will be able to access the data in accordance with provisions laid down by law, within the limits established by the regulations themselves (e.g. Police Forces and relevant Authorities in case crimes are committed).
The Data Controller has appointed in writing Data Processors, pursuant to Article 28 GDPR, as well as the persons in charge of the processing, authorized to use the systems and, in cases where it is essential for the purposes pursued, to view the images and / or obtain a copy, in accordance with Article 3.3.2 of the Provision of April 8, 2010. The complete and constantly updated list of Processors is made available at the headquarters of the Data Controller.
In any case, the images will not be disseminated nor, except as indicated above, communicated to third parties.
Your Rights as a Data Subject
As Data Subject, the GDPR grants you the exercise of specific rights. You have the right to obtain from the Data Controller:
- confirmation that any Personal Data concerning you is being processed and, if so, to obtain access to your persona data and details regarding the processing;
- the erasure of your data without undue delay, if one of the reasons provided for by Article 17 of the GDPR exists;
- the limitation of the processing of your data when one of the hypotheses envisaged by Article 18 of the GDPR exists;
- the right to receive your Personal Data which you provided to a Data Controller in a structured, commonly used and machine-readable format; the right to transmit such data to another Data Controller without hindrance from Data Controller to which the Personal Data have been provided. Furthermore, you have the right to obtain the direct transmission of your Personal Data from one Data Controller to another, if technically feasible;
- the right to object at any time, for reasons related to your particular situation, to the processing of Personal Data (right to object, pursuant to Article 21 of the GDPR)
- the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or which significantly affects your person;
- the right to request the complete and updated list of all Data Processors and any authorized personnel to the processing of your Personal Data.
You may exercise the aforementioned rights at any time by sending a request to the e-mail address info@datariver.it or to the following address: DataRiver S.r.l., via Emilia Est n.985, Modena (MO). We will contact you or inform you as soon as possible and, in any case, within thirty days from the date of your request.
Location of Personal Data Processing
The images will be processed at the DataRiver S.r.l. in via Emilia Est n.985, Modena (MO). The data are not transferred outside the European Union.
Duration of Personal Data Storage
The data will be kept for a period of time not exceeding the purposes of their collection and in any case for no longer than 7 days.
Processing based on automated decision-making
Your data will in no case be used to obtain information relating to your preferences or your behaviour, nor will you be subject to any decision based solely on the automated processing of your Personal Data.
Complaints
In case you believe that a violation has been committed in the processing of your Personal Data, you have the right to file a complaint before the Data Protection Supervisor of the Member State where you regularly reside, work, or the place in which the alleged violation occurred. You can find the references of the individual Authorities, depending on the country in which it is located, by clicking on this link www.garanteprivacy.it/web/guest/home/footer/link.
Updates
This privacy policy is updated to 11/03/2020.
The Data Controller reserves the right to modify this information: it is therefore advisable to check the information relating to data processing every time you access the site.