According to the articles 13 and 14 of the GDPR Regulation (EU) 2016/679 and the article 13 of the Italian Data Protection Code 196/2003
- Who is the Data controller?
The Data Controller Responsible for your personal information is Dilium S.r.l., with its Legal Head Office located in via Selvanesco, 75, 20141 Milan - MI - ("The Owner") acting as the controller of the processing of the customer’s personal data and of any potential person bound with them (jointly defined as the'"Interested Party") as in the following paragraph 2 and to be contacted at the e-mail address email@example.com.
- What Type of data are processed?
The Data Controller processes the personal data provided by the Subject, including name, surname, company name, address, telephone number, e-mail address, bank and payment details (jointly defined as the "Data"). The Data Controller does not need to process the data about health of the Interested Parties or the other special categories of personal data in according to Article 9 of the GDPR ( as defined below), therefore the Interested Party must not divulge these personal information to the Owner.
- Why are the Data processed?
The Owner can process a persons personal data only in the following cases: a) to sign work and service agreements with the Owner; b) to fulfil the pre-contractual, contractual obligations and the fiscal rules arising under the existing agreement signed with the Interested Party; c) to carry out the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as Money Laundering prevention); d) to exercise the rights of the Owner, for example the right to defense himself in Court. The purposes referred to in points (a) to (d) are jointly defined as the "Contractual Purposes");
(e) to carry out functional tasks as well as securitization activities, loan sale and financial issue, assignment of the company or its unit, acquisitions, mergers, split off or other transfers and the activities for its execution; (f) to check to prevent potential risk as well as fraudulent activities ( jointly defined as "Purposes basis of Legitimate Interest").
(g)to Promote the products and services offered by the Data Controller, moreover by sending advertising materials, newsletters, commercial communications, market research and direct sales activities, also by traditional communication as well as paper-based communication or through remote communication as well as email, chat, phone, sms, instant message, chatbot, smart interactive systems and other remote communications tools; (h) to promote - moreover through the performance of the activities in accordance to the previous letter (g) - the products and services offered by third parties located in the European Union, to which the concerning data will be communicated, belonging to the following product sectors: insurance activities, wholesale and retail trade, information and communication services, professional and technical activities, event organization; and (i) to promote statistical activities to support the promotional tasks to better focus the duties, habits and interests of the Interested Parties and the performance of preparatory and / or functional activities to the correct completion of these promotional initiatives ( jointly defined as Marketing Purposes).
- On what basis are data used?
The treatment for the purposes of legitimate interest is not mandatory and the Interested Party may object to submit this processing with procedures expressed in paragraph 8 as follows. So far as the Interested Party is opposed to such processing, his / her Data may not be used for the Purposes basis of the Legitimate Interest, unless the Owner proves the presence of legitimate mandatory reasons prevailing or of exercising or defending a right pursuant to Article 21 of the GDPR.
Lastly, the processing is optional in order to the Marketing Purposes: if the Interested Party refuses his explict consent, he will not be able to receive commercial communications, newsletters, to take part in opinion surveys, statistics, to receive communications and services in line with his profile. At any time, the Interested party may revoke any consent given with procedures expressed paragraph 8.
- How are the Data processed?
The processing of the personal data is performed by the operations indicated in the article 4 of The Italian Data Protection Code 196/2003 and article 4.2 GDPR, precisely: data collection, registration, conservation, consultation, processing, modification, selection, extraction, use, communication by different way, erasure, destruction. The data may also be processed by manual or electronic instruments suitable to guarantee the security, safety and confidentiality, against with unauthorized access and infringement of rights guaranteed in compliance with provisions of the Privacy Code.
- Whom are the Data communicated to?
The Data may be disclosed for the Purposes basis of Legitimate Interest referred to in paragraph 3, letter (e) and (f), to commercial partners, providers of assistance services, technical, tax and legal advice, buyer subject in order to securitisation and to sale loan strictly necessary to the execution of such operations when is functional to the pursuit to manage the loans sold as well as assignement of credit and financial issue, assignment of the company or its unit to dilium Srl potential purchasers, acquisitions, mergers, split off or other transfers and the activities for its execution.
The Data may be disclosed for the Purposes of the Legitimate Interest referred to in paragraph 3, letter (f), to the competent Authorities to carry out the controls indicated above (e.g. fraud prevention). The Data will not be subject to disclosure.
The Interested Party should act as appropriate in each case as independent third parties or outside responsible person in charge of data processing. The updated list of companies that collect data can be communicated at any time on request by the Data Controller to the data subjects at the address indicated in paragraph 8.
The Data will not be subject to disclosure.
- Are the data transferred abroad?
Personal data can be transmitted freely without any restrictions outside the national territory to Countries located within and outside the territory of the European Union. The interested Party shall have the right to obtain a copy of the data held abroad and to obtain information about the place where such data are stored by expressly request it to the Owner at the address indicated in paragraph 8.
- What are the rights of the Interested Party?
The Interested Party shall have the right at any time and for free: i) to obtain confirmation of whether or not data relating to him and request access and their communication in an intelligible form; ii) to obtain the hard copy or the digital copy of a) the origin of the data; b) the purpose of the treatment and its mode; c) the logic applied to data processing carried out through electronic instruments; d) the informations about the data controller or subjects in charge of processing; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them such as delegates representative, responsible or person in charge; iii) to: a) request the updating, correction or - if it is of his interest - the integration of data; b) obtain the cancellation, the transformation in anonymous form or the block of data that may be processed in violation of the law, and to oppose, for legitimate reasons, the treatment; c) to obtain the certificate about the way these operation have been brought to the attention of the Interested Party in the event that for any reason it is impossible or this involves a disproportionate effort in order to the rights. iv) to object a) in full or in part, to the processing of data concerning or b) for the purposes of direct marketing carried out through automated methods, including phone or letter as weel as traditional methods. Please note that the Interested Partys right of objection, set out in the previous point b), for direct marketing purposes to the automated and traditional means and that the possibility for the Interested Party to exercise the right of even partial opposition. Therefore the Interested Party may decide to receive only communications by using traditional methods or only automated communications or none of the two.
Where applicable, the Interested Party is empowered with the rights indicated from articles 16 to 21 GDPR as well as the right to submit a complaint to the Italian Data Protection Authority. The request in order to these rights must be sent to firstname.lastname@example.org, or by the methods communicated time to time by the Data Controller.
- Who are the external data processors?
- What the entry into force of the GDPR modify?
These provisions shall enter into effect from 25th May 2018, after the entry into force of the GDPR.
Time-limit on Data Storage:
(b) on legitimate reasons according to paragraph 3, letter (f), even if said data are processed in a way pertinent to the purpose of their collection and its verify;
Other Rights of the Interested Party: the Interested Party may, at any time in accordance with the procedures referred to in paragraph 8 above, request to the Data Controller (a) to limit the processing of the Data in the case of (i) the Data Subject disputes the accuracy of the Data, for the period strictly necessary to the Owner to verify the accuracy of such Data, (ii) the processing is unlawful and the data owner opposes the erasure of the personal data and requests the restriction of their use; (iii) the controller no longer needs the personal data for the purposes of the processing but they are required by data owner for establishment, exercise or defence of legal claims; (iv) the data owner has objected to processing pursuant to article 21 paragraph 1 GDPR waiting for the pending verification about the override between the legitimate interest of the data controller in respect to those of the Data owner; (b) to object at any time to the further processing of their data basis of the Legitimate interest as well as statistical activities or promotional surveys; (c) to obtain the erasure of personal data without undue delay; (d) to achieve portability concerning the personal data.
Right to complaint: The Interested Party shall have the right to lodge a complaint nt with the Data Protection Authority are the law conditions permit it.
- Geographic position
Some APPS can collect, use and share data relating to the geographical location of the user, in order to provide services based on the location itself.
Most devices provide tools to deny geographic tracking. If the User has expressly authorized this possibility, our APPS can receive information on his actual geographical position.
The geographical location of the User, at the specific request of the User or when the User does not indicate in the appropriate field the place where he is located and allows the application to automatically detect the position.
Some APPS use Face ID® functionality to launch the application or to play. UNDER NO CIRCUMSTANCES DILIUM SRL SHALL SAVE OR DISTRIBUTE THIS DATA.
- Intellectual property and trademarks
dilium is a registered trademark in Italy and is going to be registered in Europe and in the rest of the world. Animoji®, iPhone®, Face ID® are registered trademarks of Apple® in the United States and other countries of the world.
Dilium® develops and distributes APP all over the world through the use of the Apple® and Google® Play stores. In particular he has developed Radio PRL101,7, DBLock, WakeMeAPP, InPolitixAR, dilimoji.
The Data Controller
dott. Donato Angelo De Ieso