Data protection information notice pursuant to the EU General Data Protection Regulation (GDPR) 679/2016 in force since May 25, 2018
H2A Innovation S.r.l.u., with registered office in Via Aurelio Saffi 1, 37123 Verona, Tax Code and VAT no. 04123770234 (hereinafter, "Data Controller"), as the data controller, informs you pursuant to Art. 13 of EU Regulation no. 2016/679 (hereinafter, "GDPR") that your data will be processed in the following ways and for the following purposes:
1) Data Controller:
The Data Controller is: H2A Innovation S.r.l.u., with registered office in Via Aurelio Saffi 1,
37123 Verona.
2) Object of the processing:
The Data Controller processes personal, identifying data (for example, name, surname, company name,
address, telephone, e-mail, bank and payment references) – hereinafter, "personal data" or
simply "data") communicated by you upon the conclusion of contracts for the
Data Controller's services.
3) Purpose of the processing:
a) Your personal data are processed without your express consent (Art. 6 letters b), e) GDPR),
for the following Service Purposes:
- to conclude contracts for the Data Controller's services.
- to fulfill pre-contractual, contractual, and tax obligations deriving from existing relationships
with you.
- to fulfill obligations established by law, by a regulation, by community legislation,
or by an order of the Authority.
- to exercise the rights of the Data Controller, for example the right of defense in court.
b) Your personal data are processed only with your specific and distinct consent (Art. 7
GDPR), for the following Marketing Purposes:
• to send you via e-mail, mail and/or SMS and/or telephone contacts, newsletters or commercial
communications or other advertising material on products or services offered by the Data Controller.
• to send you via e-mail questionnaires for measuring the level of satisfaction with the quality of
services.
Please note that if you are already our customer, we may send you commercial communications relating to the Data Controller's services and products similar to those you have already used, unless you revoke the consent already expressed.
4) Methods, duration, and security of processing:
Your personal data are subject to both paper and electronic and/or
automated processing.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes
and in any case for no longer than 10 years from the termination of the relationship for Service Purposes
and for no longer than 5 years from the collection of data for Marketing Purposes.
The Data Controller declares to have adopted technical and organizational measures suitable for the fulfillment
of the obligations provided by the GDPR. In particular, the Data Controller declares to have activated internal
procedures to safeguard the security of data (both electronic and paper), through
encryption, backup, and network protection measures via firewalls or antivirus software.
5) Other recipients of data
The Data Controller processes the collected data internally and uses them for the performance of its activities.
There are no other recipients of the data, according to legal obligations.
6) Data transfer Personal data are stored on servers located in Italy or in any case within the European Union. It remains understood that the Data Controller, should it become necessary, will have the right to move the servers even outside the UE. In such a case, the Data Controller ensures as of now that the transfer of data outside the UE will take place in accordance with the applicable legal provisions, following the stipulation of the standard contractual clauses provided by the European Commission and always guaranteeing the security of the transfer.
7) Rights of the data subject
In your capacity as a data subject, you have the rights referred to in Art. 15 GDPR and precisely the rights to:
• obtain confirmation of the existence or not of personal data concerning you, even if
not yet registered, and their communication in an intelligible form;
• obtain information on: a) the origin of the personal data; b) the purposes and methods of the
processing; c) the logic applied in case of processing carried out with the aid of
electronic instruments; d) the identification details of the controller, the managers, and the
designated representative pursuant to Art. 5, paragraph 2 of the Privacy Code and Art. 3, paragraph
1, GDPR; e) the subjects or categories of subjects to whom the personal data may
be communicated or who may become aware of them in their capacity as designated representative
in the territory of the State, managers or persons in charge;
• obtain: a) updating, rectification or, when interested, integration
of data; b) cancellation, transformation into anonymous form or blocking of data
processed in violation of the law, including those whose retention is not necessary
in relation to the purposes for which the data were collected or subsequently processed; c)
certification that the operations referred to in letters a) and b) have been brought to
the attention, also as regards their content, of those to whom the data have been
communicated or disseminated, except in the case where this fulfillment proves
impossible or involves a use of means manifestly disproportionate to the
protected right;
• object, in whole or in part: a) for legitimate reasons to the processing of personal data
concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal
data concerning you for the purpose of sending advertising material or direct sales
or for carrying out market research or commercial communication, through
the use of automated calling systems without the intervention of an operator by
e-mail and/or through traditional marketing methods by telephone and/or paper
mail. Please note that the data subject's right of objection, set out in
point b) above, for direct marketing purposes through automated methods
extends to traditional ones and that in any case the possibility remains for
the data subject to exercise the right of objection even only in part. Therefore,
the data subject can decide to receive only communications via traditional methods or only
automated communications or neither of the two types of communication.
Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right of objection), as well as the right to lodge a complaint with the Supervisory Authority.
8) Methods of exercising rights
You may exercise your rights at any time by sending:
− A communication via ordinary mail, writing to: H2A Innovation S.r.l.u., with
registered office in Via Aurelio Saffi 1, 37123 Verona,
− An e-mail, to the address: info@h2ainnovation.it