Privacy Policy – InnoTech srl

1. What types of personal data are collected
The Personal Data Protection Policy rules the use and storage of personal data that are processed.
The Personal Data Protection Policy is available at the URL: https://www.innotech-cons.eu/en/privacy-policy/
Innotech srl is “Data controller” of personal data that you, as our customer provides us.
The updated list of data processors is kept at the registered office of the Data Controller.
Innotech srl, as part of its activity and the relationship that binds us, can collect the following types of personal and business data:
• Personal data: Name Surname, Date of Birth, Tax Code, Mission, Role, Assignment and similar;
• Contact: Addresses, Telephone Numbers, Email Addresses and similar; Fiscal Data, Bank Data and similar;
• Other similar data.

2. Why they are collected (purpose of treatment)
Your personal data are collected to provide the following services:
Without the need for your express consent (Article 6 letter b), e) GDPR), for the following Service Purposes:
• conclude contracts for the services of the Owner;
• fulfill the pre-contractual, contractual and tax obligations deriving from relations with you in existence;
• fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering);
• exercise the rights of the owner, for example the right to defense in court

3. How and where they are treated and stored (treatment methods)
The personal data collected (reported in point 1) are processed in the company office in Genoa, Via Bartolomeo Bosco n.57/6C, 16121 Genova located in Italy. Data storage and archiving take place at the same office which is located in Italy at the same address.
No third party provider has access to data, unless specifically required by law to fulfill the purposes indicated.

4. How long the data are stored
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR and more precisely: collection, registration, organization, structuring, storage, consultation, processing, adaptation or modification, selection, extraction, comparison or interconnection, use, communication (by transmission, dissemination or any other form of making available), limitation, cancellation or destruction of data.
Your personal data are processed with the support of the following means:
• paper (registration forms, order forms, etc.)
• electronic / IT (management software, accounting, etc.)
• automated.
Pursuant to the Italian law, Innotech srl will process personal data and will be required to keep the documents for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the Service Finality relationship based on the Data Retention Policy
After this period, personal data will be irreversibly destroyed.
For more information on the program for the storage of personal data, see the Data Retention Policy.

5. Access to data
Your data may be made accessible for the purposes referred to in paragraph 2) pursuant to art. 15) of the GDPR:
a) to employees and collaborators of the Owner or Group companies in Italy, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
b) to third party companies or other subjects (as an indication, credit institutes, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Owner, in their capacity as managers external treatment

6. Communication of data
Without the need for express consent (Article 6 letter b) and c) GDPR), the Data Controller may disclose your data for the purposes referred to in paragraph 2) to persons to whom the communication is mandatory by law for fulfillment of the said purposes (commercial, accounting and administrative consultants, accounting firm, banking institutions, etc.) and other subjects such as judicial authorities, insurance companies for the provision of insurance services, supervisory bodies.
These subjects will process the data in their capacity as independent data controllers.
Your information will not be disseminated.

7. Data transfer
Personal data is stored on servers located within the European Union.
In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, selecting the service providers from those providing adequate guarantees, as provided for by art. 46 GDPR 679/16, after stipulation of the standard contractual clauses provided by the European Commission.

8. Nature of the provision of data and consequences of refusal to respond
The provision of data for the purposes referred to in paragraph 2) is mandatory. In their absence, we can not guarantee the Services indicated in the previous paragraph 2).

9. Your rights as an interested party and how to exercise your rights
In your capacity as an interested party, you have the rights referred to in art. 15 of the GDPR according to the methods and within the limits established by current legislation:
• request confirmation of the existence of personal data concerning you (right of access);
• know its origin;
• receive intelligible communication;
• to have information about the logic, methods and purposes of the processing;
• request the updating, correction, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
• in cases of consent-based processing, receive their data provided to the holder, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
• the right to lodge a complaint with the Supervisory Authority.

You can exercise your rights at any time.
Requests should be sent to the Data Controller, Dr. Luca Abatello, by contacting INNOTECH SRL through the Data Access Request Form, or by writing via the email address “abatello@circletouch.eu” or in writing to the Administrative Office Via Bartolomeo Bosco n.57/6C – 16121 Genoa, Italy.
If you wish to make a complaint as to how your personal data were handled, you can contact INNOTECH SRL through the Data Controller, Dr. Luca Abatello, following the procedures indicated above.
We will review your complaint and work with you to resolve the problem.

If you believe that your personal data have not been handled appropriately according to the law, you can contact send a complaint to the Supervisory Authority:
Guarantor for the protection of personal data (Public Relations Office – URP address: Piazza di MonteCitorio No. 121-00186 – ROME, Italy, Tel .: +39 06.69677.2917; E-mail: urp@gpdp.it, garante@gpdp.it; Certified mail: protocollo@pec.gpdp.it).

Date: 23/05/2018