Under and for the purposes of (i) Legislative Decree June 30, 2003, no. 196, the “Privacy Code”, (ii) EU Regulation 2016/679 concerning the “protection of individuals with regard to the processing of personal data and on the free movement of such data”, the “GDPR”, articles 13 and 14, rules collectively also referred to as the “Privacy Legislation”, a series of obligations are provided for those who carry out processing – “collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, comparison, interconnection, limitation, erasure or destruction” – (hereinafter the “Processing”) of information concerning an identified or identifiable natural person (the “Data Subject”).
VALETUDO SRL, VAT and Tax Code 00978150167, with registered office at Via Ghiaie n.6, 24030 Presezzo (BG) (the “Company”) wishes to inform you, in the following sections, about the methods and purposes of the Processing of your personal data.
Data Controller
The data controller is the subject who determines the purposes and means of Processing of personal data (the “Controller”), and is identified in the Company, by the current CEO.
The Data Controller can be contacted via email at: privacy@valetudo.com
Data Subject’s Data Collection Methods
The Controller may become aware of Your data in the following circumstances:
Categories of Processed Data
The following categories of personal data concerning you exemplify the types of data that may be collected through the various services and contact channels described in this document:
Identifying Data – name, address, email address, phone number, gender, date of birth, identity document, tax code.
Financial Data – bank details and IBAN.
Biographical Data – education, professional experience, continuous training.
Profiling Data – demographic, behavioral, interaction, usage, consumption.
(“Data”)
Processing Purposes – Legal Basis – Retention Policy
Your personal data will be processed, mainly using computerized tools, for the following purposes:
It is necessary to provide the data marked with an asterisk in online forms in order to complete the request.
Legal Basis: to execute pre-contractual measures or a contract of which You are a party (Art.6 par.1 lett. b of the GDPR).
Retention Policy: The Data will be retained for the time strictly necessary to pursue the purposes for which they were collected and in any case not beyond ten years from the receipt of the request.
The provision of the Data is mandatory as required for compliance with legal and contractual obligations. Any refusal to provide them or any subsequent opposition to the Processing may result in the impossibility for the Controller to carry out contractual relationships.
Legal Basis: to execute pre-contractual measures or a contract of which You are a party (Art.6 par.1 lett. b of the GDPR).
Retention Policy: The Data provided in the context of Your request or for the mere formalization of a quote will be kept for a maximum period of ten years. Data processed to execute a contract may be retained for the entire duration of the relationship as well as for the subsequent ten years from the date of termination of the same.
The Controller reserves the right to process the Data to prevent possible risks and fraud, as well as to defend its rights arising from the contract in judicial or extrajudicial proceedings, also for the purpose of any credit recovery, directly or through third parties (credit recovery agencies/companies) to whom they will be communicated only for these purposes.
Legal Basis: to execute the relationship of which You are a party (Art. 6 par. 1 lett. b of the GDPR), to comply with a legal obligation to which the Controller is subject (Art. 6 par. 1 lett. c of the GDPR), to pursue a legitimate interest of the Data Controller consisting in preventing possible frauds or defending its own right or asserting claims arising from the commercial relationship with You, unless Your interests or fundamental rights prevail (Art. 6 par. 1 lett. f of the GDPR).
Retention Policy: The Data may be retained for the time necessary to fulfill legal obligations and, in any case, for the entire duration of the contract in addition to the subsequent ten years from the end of the fiscal year following that of competence.
Legal Basis: to execute pre-contractual measures or a contract of which You are a party (Art.6 par.1 lett. b of the GDPR).
Retention Policy: The Data will be kept for the time strictly necessary to pursue the purposes for which they were collected and in any case not beyond six months following the conclusion of the selection.
The provision of Data is optional and failure to provide it or failure to authorize Processing will result in the inability to carry out the activities indicated.
Legal Basis: consent expressed by You as a Data Subject (Art. 6 par. 1 lett. a of the GDPR).
Retention Policy: The Data may be processed until the withdrawal of Your freely expressed consent.
At the time of each communication, You will be informed of the possibility to object at any time to the Processing, easily and free of charge.
the Purposes referred to in points b) and e), may be used for sending questionnaires, conducting market research and/or measuring Your satisfaction level.
Legal Basis: to pursue a legitimate interest of the Data Controller consisting in understanding customer preferences, market trends, and allowing the Company to improve the services offered (Art. 6 par. 1 lett. f of the GDPR).
Retention Policy: The Data may be kept until the exercise of the right to object to the Processing. At the time of each communication, You will be informed of the possibility to object at any time to the Processing, easily and free of charge.
Legal Basis: consent expressed by You as a Data Subject (Art. 6 par. 1 lett. a of the GDPR).
Retention Policy: The Data may be kept for the time strictly necessary and in any case for a period not exceeding 7 years.
Legal Basis: to execute pre-contractual measures or a contract of which You are a party (Art.6 par.1 lett. b of the GDPR).
Retention Policy: Data collected through private messaging on Social channels will be kept for the time strictly necessary to pursue the purposes for which they were collected. Data communicated publicly, through comments, are subject to the retention period defined by the Social channel policies used by You to interact with the Company.
Legal Basis: to pursue a legitimate interest of the Data Controller consisting in the protection of its rights and/or of third parties or in cooperation with Authorities or bodies responsible for law enforcement, unless Your interests or fundamental rights prevail (Art. 6 par. 1 lett. f of the GDPR).
Retention Policy: The Data will be retained for the time strictly necessary to pursue the purposes for which they were collected. In the case of a contractual relationship, the Data may be kept for up to three years following the termination of the contractual responsibility between the parties.
If the Controller intends to process Your Data for purposes other than those described above, it is obliged to inform You of such additional purposes before carrying out the Processing.
Data Processing Methods
In relation to the above purposes, the Company carries out the Processing of Data, in compliance with the security measures referred to in art. 32 of the GDPR using manual, computerized, and telematic tools, suitable for storing, managing, and transmitting the same Data, solely for the purpose of pursuing the purposes for which they were collected and, in any case, in such a way as to guarantee their security and confidentiality, as well as compliance with the principles of fairness, lawfulness, and transparency.
The Controller carries out Processing that consists of automated decision-making processes on the processed Data.
Scope of Data Communication
Your Data may be made accessible to:
Data Transfer to a Third Country or an International Organization
The Data is processed within the European Union and stored on servers located therein. It is understood, however, that the Controller, if necessary, has the right to transmit such data to a third country or an international organization and/or move the servers also outside the EU. In this case, the Controller assures in advance that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, pursuant to art. 44 of the Privacy Code and art. 46 et seq. of the GDPR.
Data Subject’s Rights
The Company informs You, finally, that under the current legislation on the protection of personal data, You may exercise specific rights at any time – under articles 15-22 of the GDPR – and in particular You may ask the Controller:
the right of access, i.e., the possibility of obtaining from the Controller confirmation of whether or not personal data concerning You are being processed and, in this case, access to Your personal data;
a. the right to rectification, including the integration of incomplete personal data;
b. the right to erasure of data without delay upon request of the Data Subject and mandatorily if:
c. the personal data are no longer necessary in relation to the purposes for which they were collected;
d. the right to restriction of Processing in cases where the accuracy of personal data is contested (for the period necessary for the Controller to verify the accuracy of such personal data) or the Processing is unlawful and/or the Data Subject opposes the Processing requesting the restriction thereof;
e. the right to data portability as the right to receive from the Controller Your personal data in a structured, commonly used, and machine-readable format and to transmit such data to another Controller, only for cases where the Processing is based on consent and for the data processed by
automated means;
f. the right to object to the Processing of Your personal data except where the Controller demonstrates compelling legitimate grounds for the Processing;
g. the right to withdraw consent at any time, where the Processing is based on Your explicit consent, without affecting the lawfulness of the Processing carried out until the withdrawal;
h. the right to lodge a complaint with a supervisory authority of the Member State where You reside or work habitually or where the alleged infringement occurred, without prejudice to any other administrative or judicial remedy, in case of violations of the provisions of the aforementioned Regulation.
If You wish to have more information about the Processing of Your personal data and to exercise the above-mentioned rights, You can send a written request using the contacts provided in the “Data Controller” section of this notice. In case of a request from You for information regarding Your data, the Controller will respond as soon as possible – unless this proves impossible or involves a disproportionate effort – and in any case not later than thirty days from the request. Any impossibility or delay on the part of the Controller in fulfilling the requests will be adequately motivated.
Moreover, You always have the right to lodge a complaint with the Supervisory Authority for the Protection of Personal Data, reachable at the address garante@gpdp.it or through the website http://www.gpdp.it.
Last update: February 2024