L.B.V. S.r.l., VAT number and fiscal Code: 09236350964, with registered office in via Cadore n. 2 - 20092 - Milan (MI), legally represented by Mrs. Riccarda Zezza (fiscal Code: ZZZ RCR 72C 58F 839Y) is the "Data Controller" (hereinafter, "Data Controller") of personal and special data provided by the user and any jointly-entitled person (jointly defined as the "Data Subject”) as defined in paragraph 2.
Pursuant to and for the purposes of the art. 37 of 2016/679/EU Regulation, the Data Controller designates Avv. Savino Menna as data protection officier, who can be contacted at the e-mail address firstname.lastname@example.org.
The Data Controller processes the personal data provided by the Data Subject during their registration, including name, surname, e-mail addresses and password. In order to fully carry out the offered services and products, the Data Controller may also need to process special data categories of the Data Subject pursuant to the Artt. 9 and 10 of 2016/679/EU Regulation, including country localization, date of birth, parenthood, postal code and managerial role in the Company: therefore, it may be necessary for the Data Subject to provide such data to the Data Controller (hereinafter jointly defined as "Data").
When the "customer" of L.B.V. S.r.l. – employer of the user that participate to the MAAM programm platform - need to receive a report containing data of the data subject in a non-anonymous form, the Data Controller will communicate only name, surname, date of use of the programm, total duration of the programm and certification related to the lessons under-taken and the exams passed. These Data will be communicated only to the "customer" company as described above and only if there is evidence of the latter's willingness to participate in the "formazione finanziata - FondoImpresa" and/or the "fondo banche assicurazioni". In any case, L.B.V. S.r.l. reserves the right to communicate to the company "customer" - employer of the user - the Data of the data subject concerning name, surname and date of registration to the MAAM program, in order to allow it to verify the real progress of the signed agreement.
Data processing will be performed by the Data Controller for the following purposes:
a) to stipulate agreements for the Data Controller's services and products, to allow MAAM platform access, including the purpose of advocacy (aimed to influence public Institutions and the allocation of resources within political, economic and social systems), to report to companies and scientific research related to public institutions and aimed to ensure full respect for equal opportunities in professional and work development;
b) to fulfill the pre-agreement, agreement and fiscal obligations deriving from existing relationships with the Data Subject;
c) to fulfill the obligations provided by the law, by a regulation, by EU legislation or by an order of the Authority (such as anti-money laundering, formazione finanziata);
d) to exercise the rights of the Data Controller, such as, for example, the right of defense in a trial.
The purposes referred to in letters from (a) to (d) are jointly defined as the "Contractual Purposes".
e) to perform functional activities to any securitization, credit assignment and issue of securities, company and business unit sales, acquisitions, mergers, demergers or other transformations and to the execution of such operations;
f) for the execution of controls aimed at preventing possible fraud.
The purposes referred to in letters (e) and (f) are jointly defined as the "Legitimate Interest Purposes".
Data processing is carried out in compliance with the conditions of lawfulness pursuant to the Art. 6 of 2016/679/EU Regulation and in particular:
· is necessary for the Contractual Purposes in order to guarantee the correct execution of the existing agreement between the Data Controller and the Data Subject, as defined in letters from (a) to (c) of the previous paragraph 3 and to fulfill legal obligations as defined in letter (d) of the previous paragraph 3. The processing of these Data is mandatory: if the Data Subject does not provide such Data, the Data Controller does not stipulate any agreements with the Data Subject.
Referring to the particular purposes of advocacy, reporting and scientific research, Data processing is performed in compliance with the provisions of the Art. 9 § 2 lett. h) and j) of 2016/679/EU Regulation, the Art. 89 of 2016/679/EU Regulation and the Chapter III of 2018/101/Legislative Decree;
· for the Legitimate Interest Purposes set in paragraph 3, letter (e), Data processing is carried out for the pursuit of the Legitimate Interest of the Data Controller and its counterparties to the performance of the economic operations indicated therein pursuant to Article 6, letter f) of the 2016/679/EU Regulation, adequately balanced with the interests of the Data Subject as the processing takes place within the limits strictly necessary for the execution of such transactions, while the processing to the Legitimate Interest Purposes referred to in paragraph 3, letter (f) is functional to the prosecution of a legitimate interest of the Data Controller, adequately balanced with the interests of the Data Subject in light of the limits imposed on this processing and the specific circumstances in which the processing takes place illustrated in the same paragraph 3. Data processing to the Legitimate Interest Purposes is not mandatory and the Data Subject may oppose to such processing in the manner set out in paragraph 8 below, but if the Data Subject will oppose to such processing, his Data cannot be used for the Legitimate Interest Purposes, unless the Data Controller will demonstrate the presence of prevailing binding legitimate interest or the exercise or defense of a right pursuant to Art. 21 of the 2016/679/EU Regulation.
The processing of Data is carried out pursuant with the operations indicated in the Art. 4 n. 2) of the 2016/679/EU Regulation and, more precisely, through: collection, recording, organization, storage, consultation, processing, modification, extraction, use, communication, deleting and destruction of data.
The Data may be processed using manual or IT tools, suitable to guarantee security, confidentiality and to prevent unauthorized access and violation of the Data processed.
The Data processed are stored using cloud computing tools on servers located within the EU territory (Germany): for more information on safety standards and compliance with the requirements set by the 2016/679/EU Regulation adopted by the selected external providers, consult the web pages https://www.digitalocean.com/security/ and https://www.hetzner.com/rechtliches/datenschutz.
The Data processing necessary to the reporting, advocacy and research purposes, will be anonymized before their processing and processed solely in aggregate way.
The Data may be communicated for the Contractual Purposes to any person who perform services connected to and functional to the management of existing contractual relationships or those to be stipulated and, in particular, to the following categories of subjects located within the European Union:
· providers related to the products and services of the Data Controller and public institutions;
· providers related to tax and legal advice services;
· IT, storage, and cloud providers.
The Data may be disclosed for the purposes of Legitimate Interest referred to in paragraph 3, letter (e) and (f), to suppliers of assistance services, technical consulting, tax and legal advice, assignees of receivables in connection with operations of securitization of credit or assignment of credit for purposes strictly connected to the management of the relationship with the Data Subject, as well as the issuance of securities, company or business branch assignees, potential buyers of the Data Controller and companies resulting from possible mergers, demergers or other transformations of the Data Controller, also in the context of the activities functional to these operations, and to competent Authorities.
The Data may be freely transferred outside the national territory to countries located in the European Union.
The Data Subject, in addition to the right to lodge a complaint with a supervisory authority, also has the rights listed below:
· Art. 15 2016/679/EU – Right of access: “The data subject shall have the right to obtain from the Data controller confirmation as to whether or not personal data concerning him or her are being processed […]; […] The Data controller shall provide a copy of the Data undergoing processing”;
· Art. 16 2016/679/EU – Right to rectification: “The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement”;
· Art. 17 2016/679/EU - Right to be forgotten: “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay”;
· Art. 18 2016/679/EU – Right to restriction of processing: “The data subject shall have the right to obtain from the controller restriction of processing if:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject”;
· Art. 20 2016/679/EU – right to Data portability: “The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. […]The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”;
· Art. 21 2016/679/EU – Right to object: “The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions”;
· Art. 22 2016/679/EU – Automated individual decision-making, including profiling: “The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her”.
The exercise of the mentioned rights may be forwarded to the Data Controller through the express request of the Data Subject, sending an e-mail to email@example.com or following the other appropriate methods communicated by the Data Controller.
The Data processed by the Data Controller:
· for the Contractual Purposes and to the Legitimate Interest Purpose set in paragraph 3, letter from (a) to (e), they will be kept for a period equal to the duration of the agreement or service/product offered (including possible renewals) and for 10 years from its expiration date, termination or withdrawal, except in cases where storage is required for any disputes, requests by the competent authorities or in accordance with the applicable law; with the particular reference to advocacy, reporting and scientific research purposes, the Data will be stored according with terms set forth in this article and treated solely by anonymization and aggregate form;
· for the Legitimate Interest Purpose set in paragraph 3, letter (f), they will be kept for the duration strictly necessary to guarantee the reliability of the controls indicated therein.
11. Modications and Updates:
Cookies are small strings of text downloaded to your device when you visit a website. At each subsequent visit, cookies are sent to the website that originated them (first-party cookies) or to another website that recognizes them (third-party cookies). Cookies are useful because they allow a website to recognize the user's device. They have different purposes such as, for example, allowing you to efficiently navigate between pages, remembering your favorite sites and, in general, improving the browsing experience. They also help ensure that the advertising content displayed online is more targeted to a user and his interests. Depending on the function and use, cookies can be divided into technical cookies, analysis and profiling cookies and third-party cookies.
Some cookies (session cookies) are active only until the browser is closed or if there is a logout command. Other cookies "survive" when the browser is closed and are also available for subsequent visits by the user. These cookies are called persistent and their duration is set by the server at the time of their creation. In some cases a deadline is set, in other cases the duration is unlimited.
To ensure a more efficient operation of our platform we could use: i) technical and analytical first-party cookies and ii) third-party analytical cookies.
You can manage cookies through your browser settings or follow the links below to disable cookies:
Keep in mind that changing settings will only impact that particular browser and PC. The operation is repeated on each browser and device on which you want to change the settings. Please also note that, by disabling cookies, some websites will not be able to provide profiled services.
Milan, 10 October 2018