EU Regulation 679/2016 on the processing of personal data – Art. 13.


Backline S.r.l. with registered office in Via F.lli Vigorelli, 8 – 20017 – Rho (MI) and VAT No. 12491290156 (hereinafter, Data Controller”), as the data controller, informs you in accordance with Art. 13 Legislative Decree 30.6.2003 No. 196 (hereinafter, “Privacy Code”) and Art. 13 EU Regulation No. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following ways and for the following purposes:

1. Purpose of Processing

The Data Controller processes personal data, including special data (e.g., first name, last name, company name, address, telephone, e-mail, bank and payment references, general and specific information about the data subjects aimed at the proper execution of the contract) – hereinafter, “personal data” or also “data” communicated by you in connection with the conclusion of contracts for the services of the Data Controller. Processing of personal data means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, even if not registered in a database, such as collecting, recording, organizing, structuring storage, processing, selection, blocking, adaptation or alteration, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction.

2. Purposes of processing

Your personal data are processed: A) without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes: – to allow user access to the website www.backline. It; – to conclude contracts for the services of the Owner; – to fulfill pre-contractual, contractual and tax obligations arising from existing relationships with you; – to fulfill obligations under the law, a regulation, EU legislation or an order of the Authority; – to exercise the rights of the Owner, such as the right of defense in court. B) performance, subject to Your express written consent (Articles 23 and 130 Privacy Code and Art. 7 GDPR) of direct marketing activities, such as sending – including by e-mail, SMS – advertising material, newsletters and communications having informative and/or promotional content in relation to products or services provided and/or promoted by the Controller or its business partners, including free gifts and free samples. C) performance, subject to your express written consent, of individual, aggregate, market research and third-party profiling activities, aimed, for example, at analyzing consumption habits and choices, processing statistics on the same or assessing the degree of satisfaction with respect to the products and services offered. We inform you that for the provision of consent to the processing of their data carried out by third-party websites that profile through Cookies and similar tools, (e.g. facebook) the User is invited to visit the policies of the relevant social. 2.1 Type of data collected Pursuant to EU Regulation 679/2016 on the processing of personal data when using our services, you agree that Backline S.r.l. Via F.lli Vigorelli, 8 20017 – Rho – MI our company collects some of your personal data. The purpose of this notice is to tell you what data we collect, why and how we use it. 2.1.1. Data you provide When you register or request information on our site, we ask you to provide us with certain data that we need in order to use our services. These are, by way of example but not limited to, the data we ask you for: – – – – – – First name, Last name, Company and References email address tax code telephone number, fax number, address Payment information 2.1.2. Data we automatically collect from the website We collect the following data through the services we use – technical data: e.g. IP address, browser type, information about your computer, data about the current (approximate) location of the tool you are using; data collected using cookies or similar technologies.

3. Method of processing

The processing of your personal data is carried out by means of the operations indicated in Art. 4 Privacy Code and Art. 4 No. 2) GDPR and namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing. The data related to the purposes under 2A will be kept for 10 years in connection with tax or legal obligations while all remaining data, including those related to the purposes under 2B and 2C, will be kept for 2 years from the date of termination of the purpose of the service offered.

4. Access to data

Your data may be made accessible for the purposes under 2A and, with your consent 2B and 2C to: – employees and collaborators of the Data Controller in their capacity as appointees and/or internal data processors and/or system administrators; to third party companies or other entities (by way of example, credit institutions, professional firms, consultants, business partners, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.

5. Communication of data

Without the need for your express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2A to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the fulfillment of the said purposes. These subjects will process the data in their capacity as autonomous data controllers. Only with your consent for the purposes mentioned in point 2B and 2C to third party companies such as business partners and event organizers. Your data will not be disseminated.

6. Data transfer

Personal data are not stored on servers located outside the European Union. It is in any case understood that the Data Controller, should it become necessary, will be entitled to move the servers outside the EU as well. In this case, the Controller assures as of now that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

8. Rights of the data subject

In your capacity as a data subject, you have the rights set forth in Art. 7 Privacy Code and Art. 15 GDPR and specifically the rights to: – obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in intelligible form; obtain the indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, managers and the designated representative under Art. 5, paragraph 2 Privacy Code and Art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or appointees; obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected; object, in whole or in part a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by means of e- mail and/or through traditional marketing methods by means of telephone and/or paper mail. It should be noted that the data subject’s right to object, set forth in point b) above, for direct marketing purposes through automated modalities extends to traditional ones and that, in any case, the possibility for the data subject to exercise the right to object even partially remains unaffected. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication. – – – Where applicable, he/she also has the rights set forth in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to limit processing, right to data portability, right to object), as well as the right to complain He/she may at any time exercise the rights by sending: a registered letter with return receipt to – Backline S.r.l. with registered office in Via F.lli Vigorelli, 8 – 20017 – Rho (MI), or an e- mail to 10. Data Controller, Data Processors and Persons in Charge The data controller is Backline S.r.l. with registered office in Via F.lli Vigorelli, 8 – 20017 – Rho (MI), The updated list of data processors and persons in charge of the processing is kept at the registered office of the Data Controller.”