Client Information Notice
INTRODUCTION
The following General Privacy Notice for Customers refers only to the processing of personal data managed by Gulliver Srl, as the Data Controller, for the purpose of executing contracts with customers and related assistance and training services, as well as for commercial development and marketing purposes.
For any personal data processing carried out by Gulliver Srl on behalf of the customer Data Controller, as the Data Processor, in the management of software applications provided to customers or storage and/or cloud services, please refer to the agreements between the Data Controller and Data Processor signed by the parties.
GENERAL PRIVACY NOTICE FOR CUSTOMERS REGARDING THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679 (“GDPR”)
Data Controller and Data Processors The Data Controller is GULLIVER S.R.L, with registered office at Via Orzinuovi 73, 25125 Brescia, Tax Code and VAT No. 03559600170; Gulliver Srl has appointed its own Data Protection Officer (DPO) who can be contacted for any request at the email address dpo@gullivernet.com.
The updated list of data processors is kept at the registered office of the Data Controller.
Object of Processing - Categories of Personal Data Processed The Data Controller processes the personal data of your representatives, understood as common identifying commercial contact data (such as name, surname, address, phone, email), communicated by you during the definition and/or conclusion of contracts as Customers for the services of the Data Controller or during the contractual relationship. The Customer receiving this notice undertakes to make it known to their representatives whose data are processed by the Data Controller.
The Data Controller may also process personal data of your representatives, understood as common identifying commercial contact data (such as name, surname, address, phone, email), acquired from third-party Data Controllers (e.g., trade fair organizations) that have obtained their legitimate consent for transfer for commercial contact purposes.
Purposes and Legal Bases of Processing
3.1 Contractual and Pre-contractual Purposes:
Legal Bases: 3.1.1 The processing is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject, 3.1.2 The processing is necessary to comply with a legal obligation to which the Data Controller is subject, 3.1.3 The processing is necessary for the legitimate interest of the Data Controller to defend itself in legal proceedings.
3.2 Commercial Development and Marketing Purposes: To send you (via email) commercial or marketing communications related to products or services of the Data Controller
Legal Bases: 3.2.1 Based on the Data Controller's legitimate interest (so-called Soft Spam) if you have already purchased our products or used our services and for products/services similar to those you have already used, unless you object, 3.2.2 Based on your explicit and specific consent given to us or provided to third parties from whom the data were acquired.
Processing Methods and Duration The processing of your personal data may be carried out using the operations indicated in Article 4 No. 2 GDPR, namely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data may be processed both on paper and electronically.
The Data Controller will process personal data for the time necessary to fulfill the contractual purposes mentioned above and, in any case, for no more than 10 years after the termination of the contractual relationship. For marketing purposes, the Data Controller will process personal data for the time strictly necessary to achieve the purposes for which they were collected, for the period provided by law or within the scope of authority provisions. Upon your decision to revoke the given consent or to request removal from our commercial mailing list, your data will be promptly deactivated from our marketing databases so that you no longer receive further communications. In any case, personal data contained in previous communications will be retained for a period not exceeding 24 months from their registration unless those data are anonymized.
Data Access Your data may be made accessible for the purposes referred to in the previous Article 3:
- To employees and collaborators of the Data Controller in their capacity as persons in charge of processing and/or system administrators;
- To third-party companies or other entities (e.g., professional firms, consultants, insurance companies, credit institutions, etc.) that perform activities on behalf of the Data Controller, in their capacity as autonomous Data Controllers or external Data Processors appointed by the Data Controller.
Data Communication Pursuant to Article 6(b) and (c) GDPR, therefore without the need for explicit consent, the Data Controller may communicate your data for purposes arising from the contractual relationship to judicial authorities as well as to those entities to whom communication is mandatory by law for the fulfillment of said purposes. These entities will process the data in their capacity as autonomous Data Controllers.
Your data will not be disseminated.
Data Transfer Personal data may be transferred, for the purposes mentioned in this notice as well as for storage and archiving needs, both to EU countries and to countries outside the EU.
In any case, the Data Controller ensures that the extra-EU data transfer will be in accordance with applicable legal provisions.
Nature of Data Provision The provision of data for contractual purposes in Article 3.1 is mandatory. Without them, we cannot guarantee the execution of the contractual relationship.
The provision of data for marketing purposes in Article 3.2 is optional; you can decide not to provide any data or subsequently deny the possibility of processing already provided data and the consent given, in which case you will not be able to receive commercial communications and advertising material related to the products or services offered by the Data Controller.
Rights of the Data Subject By contacting the Data Controller via email at privacy@gullivernet.com, any data subject can exercise the rights provided for in Article 15 GDPR, namely:
- Obtain confirmation of the existence or not of personal data concerning them, even if not yet recorded, and their communication in an intelligible form;
- Obtain indication: a) of the origin of personal data; b) of the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic tools; d) of the identification details of the Data Controller, Data Processors, and the designated representative pursuant to Article 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom personal data may be communicated or who may become aware of them as designated representatives in the territory of the State, as data processors or persons in charge of processing;
- Obtain: a) the updating, rectification or, when interested, integration of data; b) the deletion, transformation into anonymous form or blocking of data processed unlawfully, including data that does not need to be retained for the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where such fulfillment proves impossible or involves a manifestly disproportionate use of means compared to the protected right;
- Oppose, in whole or in part: a) for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning them for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator via email and/or traditional marketing methods via telephone and/or paper mail. It should be noted that the right of opposition of the data subject, outlined in point b) above, for direct marketing purposes using automated methods extends to traditional methods, and that, in any case, the data subject has the right to exercise the right of opposition even only in part. Therefore, the data subject can decide to receive only communications through traditional methods or only automated communications or neither type of communication. Where applicable, the data subject will also have the rights set out in Articles 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right of opposition), as well as the right to lodge a complaint with the Supervisory Authority.
Finally, where the conditions are met, the data subject will have the right to compensation for any damage suffered as provided for in Article 82 GDPR.
Ref. GUL_INFO05 of 16/02/2021