DATA PROCESSING FOR MARKETING PURPOSES
Users who provide their personal data through the form have the possibility of deciding whether or not to authorize the use of this information for marketing purposes. Data processing for this purpose, if authorized, is carried out by BKT Europe Srl, the processing controller, in accordance with the specifications set out hereafter.
WHO IS THE CONTROLLER AND HOW TO CONTACT THEM
The Controller of data processing for marketing purposes is BKT Europe Srl, in the person of the pro tempore legal representative, with its registered office in Viale Bianca Maria 25, 20122 Milan and offices in Viale della Repubblica 133, 20831 Seregno (province of Monza and Brianza), VAT no. 05404270968. The Company can be contacted through the email firstname.lastname@example.org
WHAT DATA IS PROCESSED
The data processed is identifying and contact data provided by the user by compiling the specific form.
The platform used by the controller to send emails enables, through tracking systems, the detection of information such as the opening of a message, the clicks made on hypertext connections contained in the email, from which IP address or with which type of browser the email is opened, and other similar details.
WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?
The personal data provided by the user through the specific form is used for marketing purposes (i.e. to send advertising or direct sale material or to undertake market research or commercial communication of the business and services offered by the controller through traditional means, such as phone contact with an operator, as well as automatic means, such as email, SMS and other types of message, also through DM on social networks to which the user's account refers in the case indicated).
The legal basis of the processing of the data is the agreement which can be withdrawn at any time.
Any agreement given for marketing purposes on the basis of art. 130, paragraphs 1 and 2, of Leg. Decree 196/2003 (Privacy Code), implies the receipt of promotional and commercial communications and materials, not only through automated means of contact, but also through traditional means, such as postal deliveries or operator calls.
The data acquired through the tracking system of the platform used to handle email can be processed automatically to assess the preferences and habits of the data subject (profiling) and, on the basis of this data, plan the sending of promotional communications and notices.
The legal basis of such processing is the agreement which can be withdrawn at any time.
Should it be necessary, the data can also be used given a legitimate interest of the controller, which involves verifying the security and correct functioning of the IT systems used and carrying out defensive initiatives.
HOW IS THE DATA MANAGED?
The data collected is processed with IT instruments and only residually with print-based methods. Adequate security measures are adopted to prevent the loss of data, illegal or incorrect use and unauthorized access.
Transferring data abroad
The data will be transferred outside the European Union and the European Economic Space by the supplier of the services used by the Controller to store the data and for email services. Data will be transferred to non-EU countries, in the absence of adequacy decisions by the European Commission, but the transfer will be supported by adequate safeguarding measures; in particular for the storage, standard contractual clauses will be used backed by contractual supplementary measures; to manage marketing campaigns, standard contractual clauses will be used as approved on June 4, 2021 by the European Commission, and, if necessary, the supplementary measures implemented by the supplier to guarantee compliance with the General Data Protection Regulation, also in the case of the transfer of personal data outside of the EU.
The data is kept until any request by the user to oppose its use and in any case for no more than two years from when agreement to the processing is given. The data used for profiling is kept for a year.
This is done without prejudice to any defensive needs for which the data can be kept also beyond the indicated deadlines.
WHAT HAPPENS IF THE DATA IS NOT PROVIDED
Transfer of the data is optional. Without this, it will not be possible to use the data for the marketing and profiling purposes described. It is noted that the user can decide to transfer the data only for purposes connected to sending the request through the form, without authorizing the processing of the data for marketing and profiling purposes.
WHO CAN SEE THE DATA
The data will be processed by employees of the Controller who are authorized to process it.
The data can be seen by companies which provide IT supply services and by consultants to manage disputes and for legal assistance should there be any disputes due to which it is necessary to involve them.
It is noted that some of the indicated subjects act as controllers and others as data processors and that communication to those who operate as autonomous controllers is carried out since prescribed by legal obligations or is necessary to fulfil the obligations arising from the pre-contractual relationship or the legitimate interest of the controller in maintaining the security of the IT systems and in adopting defensive initiatives through legal consultants.
The detailed list of the subjects to whom the data can be communicated can be requested by contacting the Controller.
It is noted that communication of the personal data is in any case limited to the sole categories of data the transmission of which is necessary to undertake the activities and purposes being pursued.
WHAT ARE THE DATA SUBJECT'S RIGHTS?
The law recognizes for the data subject the right to ask the Data Controller for access to the personal data and its rectification or cancellation or limitation of the processing regarding them or to object to its processing, as well as the right to data portability.
In particular, it is noted that there is the possibility to object to the processing of data done for marketing purposes.
The data subject may assert their rights at any time, without formalities, by contacting the Controller through the email email@example.com
Here below is a breakdown of the rights recognized by the law in force on the protection of personal data.
The data subject is then informed that, should they consider that the processing of their personal data takes place in violation of the provisions of the GDPR, they have the right to make a complaint to the Authority, as envisaged by art. 77 of the Regulation itself or to seek legal redress (art. 79 of the Regulation).