INFORMATION ON THE PROCESSING OF PERSONAL DATA CLIENTS pursuant to art. 13 of EU Regulation 2016/679 of 27/04/2016

 

Pursuant to art. 13 of EU Regulation 2016/679 of 27/04/2016, hereinafter referred to as the GDPR (General Data Protection Regulation), BLINK SRL, with registered office in (20156) MILANO, VIA MONTEFELTRO N. 6, MI, in quality of the Data Controller, informs you of the following:

 

Data Controller 

The Data Controller is the company BLINK SRL, with registered office in (20156) MILANO, VIA MONTEFELTRO N. 6, MI.

 

Purpose of processing

The personal data you provide will be used exclusively for the following purposes:

  • a) stipulation and execution of the contract and all the activities connected to it, such as, for example, invoicing, credit protection, administrative, management, organizational and functional services for the execution of the contract;
  • b) fulfillment of the obligations established by law, regulations, applicable legislation and other instructions given by authorities invested by law and by supervisory and control bodies.

The processing of personal data for the aforementioned purposes does not require your express consent (Article 6 letters b) and e) of the GDPR).

  • c) marketing and promotional activities for products and services of the data controller, commercial communications, either by automated means without operator intervention (SMS, fax, MMS, e-mail, etc.) or traditional (by telephone, mail).
  • d) elaboration of studies and market research.

The processing of personal data for the above purposes requires your express consent (Article 7 of the GDPR). This consent concerns both the automated and the traditional methods of communication described above. You will always have the right to freely oppose, in whole or in part, to the processing of your data for said purposes, for example by excluding the automated methods of contact and expressing your desire to receive commercial and promotional communications exclusively through traditional ways of contact.

 

Compulsory or optional nature of the provision of data and consequences of a refusal to provide personal data

The data requested for the purposes referred to in the letters a) and b) must be provided for the fulfillment of the legal obligations and / or for the conclusion and execution of the contractual relationship and the provision of the requested services. Therefore, your eventual refusal, even partial, to provide such data would make it impossible for the Controller to establish and manage the relationship and provide the requested service.

 

Data processing methods

The processing of personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR, for the aforementioned purposes, both on paper and electronic supports, by electronic or automated means, in compliance with current legislation, in particular with regard to confidentiality and security, and in compliance with the principles of fairness, lawfulness, transparency and protection of the rights of data subjects.

The processing is carried out directly by the organization of the Data Controller, by its Data Processors and/or agents.

 

Communication and Dissemination

Your personal data may be communicated, within the limits strictly relevant to the obligations, the tasks and the purposes set out above and in compliance with current legislation on the subject, to the following categories of subjects:

  1. subjects to whom such communication must be carried out in order to fulfill or to demand the fulfillment of specific obligations provided for by laws, regulations and/or EU legislation;
  2. companies belonging to the Group of the data controller, controlled or connected pursuant to Art. 2359 of the Italian Civil Code, which act as data processors or for administrative and accounting purposes (purposes related to the fulfilment of internal organizational activities, administrative, financial and accounting activities, in particular, functional to the fulfillment of contractual and pre-contractual obligations);
  3. external physical and/or legal persons who provide services that are instrumental to the activities of the Owner for the purposes referred to in paragraph 1 above (eg consultants, companies, institutions, professional offices). These subjects will operate as Data Processors.

Personal data will not be disseminated in any way.

 

Period of retention of personal data

The personal data will be kept for the entire duration of the contract stipulated with the Data Controller, and afterword the data will be kept for the completion of the terms established by law for the conservation of administrative documents and accounting records, after which it will be deleted.

 

Data transfer

Personal data is stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of Data outside of EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

 

Rights of data subjects

In your capacity as data subject, you have rights set forth in art. 15 GDPR, and precisely the rights:

  1. to obtain confirmation of the existence of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
  2. to obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) the existence of an automated decision-making process, including profiling, and of the logic applied, as well as of the importance and consequences envisaged for the interested party in case of processing carried out with the aid of electronic instruments; d) the contact details of the Controller and, where applicable, its representative, as well as the Data Processor, where applicable; e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, as data processors or agents;
  3. to obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated, except in the case in which this fulfillment proves impossible or involve a use of means manifestly disproportionate to the protected right;
  4. to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator, by e-mail and/or, through traditional marketing methods, by telephone and/or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even only partially. Therefore, the interested party may decide to receive only communications using traditional methods or only automated communications or none of the two types of communication. Where applicable, it also has the rights referred to in Articles 16-21 RGPD (right of rectification, right to cancellation (“right to be forgotten”), right to limitation of processing, right to data portability, right of opposition), as well as the right to lodge a complaint with the supervisory authority (Privacy Authority).

For the exercise of the rights referred to in art. 15 and following of the GDPR or for questions or information regarding the processing of your data and the security measures adopted, may in any case forward the request to our company to the following address:

BLINK SRL, with registered office in (20156) MILANO, VIA MONTEFELTRO N. 6, MI

Phone: 02 3088583

E-mail: info@blinkgroup.com


EXPRESSION OF CONSENT FOR THE TREATMENTS OF PERSONAL DATA – C) and D) POINTS

  • c) marketing and promotional activities for products and services of the data controller, commercial communications, either by automated means without operator intervention (SMS, fax, MMS, e-mail, etc.) or traditional (by telephone, mail).
  • d) elaboration of studies and market research.