(European Regulation 2016/679 of the EU Parliament and of the Council dated April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data – “GDPR”)
1. Data Controller and Data Protection Officer
The Controller of the processing operations carried out through the Site is California Media Agency S.r.l., an Italian company located at Via Luigi Pasteur n.5, 00144 Roma, Iscr. Reg. Imp., C.F. e P.IVA n. 15762841003 (“CMA”). The Data Controller’s organization comprises a Data Protection Officer (“DPO”) available for any information regarding the processing of your personal data. It is possible to contact the DPO by writing to email@example.com.
2. Purposes of the processing for which the personal data are intended and related legal basis
Your personal data will be processed:
a) without your consent (section 6, items b, c, f, GDPR), for the following purposes:
- performance of pre-contractual and contractual obligations deriving from the execution of a possible professional service contract;
- procedures used for the operation of the Site acquire, during routine operation, some personal data and the transmission of which is considered implicit in the use of the Internet communication protocols, data not collected by Movantia;
- compliance with legal obligations, as provided for by law (national or EU) or perform an order of any authority, as well of any other entity to which Movantia is subject;
- exercise the rights of CMA, with particular reference to judicial defensive rights;
b) with your consent (section 7, GDPR), for the following purposes:
- organization of events, conferences, lessons, and workshops;
- marketing and promotional activities of professional services, distribution of promotional materials, sending out of professional newsletters and publications;
- management of surveys and customers’ satisfaction questionnaires.
For the purposes under par. (a) above, the collection of your personal data is necessary. In lack of the data or in case of any express refusal of consent to process such data may cause the impossibility for the Controller to perform the professional services contract or the possible violation of the competent Authorities’ requests. For the purposes under par. (b) above, the collection of your personal data is made on a voluntary basis; consequently, you may decide not to provide us with any consent, or to waive it at any moment contacting the DPO.
When using specific Services (such as connecting to social networks profiles of CMA, or its directors, employees, and contractors on Twitter, Facebook, or Linkedin), the Personal Data that you submit to the Service may undergo processing. In such a case, you are considered an independent data controller, assuming all the obligations and responsibilities of law. To this effect, you fully indemnify in this regard CMA against any complaints, claims and demands for compensation for damages arising from processing, etc., that may be received by CMA from third parties whose Personal Data have been processed through the use of the Services, in violation of the applicable rules on personal data protection. In any case, if you provide or in another way process Personal Data of third parties in using the Service, you henceforth guarantee – assuming all related responsibilities – that this specific processing is grounded on an appropriate legal basis (for example, the data subject’s consent) in accordance with art. 6 of the GDPR, which legitimizes the processing of the information in question.
3. Personal data undergoing processing
Within the purposes of processes mentioned under par. 2) above, we shall exclusively process those personal data concerning, by way of example, your name and family name, tax code, VAT number, residence, domicile, work address, email, certified email address, phone and fax numbers, employer company, business role and/or position.
4. Categories of Personal Data Recipients
The personal data you will submit us for the purposes mentioned under par. 2), section (a) above, could be transferred to:
- Employees and collaborators of CMA, in their capacity as persons duly authorized to data processing,
- Any third party subject, performing outsourced activities on behalf of CMA, in their capacity as data processors.
- Any judicial or controlling Authority, or public entities (whether national or foreign ones).
Upon your express consent to processing the personal data for the purposes indicated under par. (2), section (b) above, data may be transferred to those subjects indicated under items 1), 2) and 3) above.
5. Storage and Transfer of Personal Data
Personal data are processed and stored “on the cloud” and on servers located within the EU, belonging to or in the possession of CMA and/or third-party processors, as duly appointed. Your personal data will not be subject to dissemination.
Personal Data is provided for the purposes indicated under par. (2), section (a) above are processed and stored for the entire duration of the executed professional services contract. As of the termination of such contractual relationship, for whichever reason or cause, personal data will be stored as long as time-barring legal terms will be elapsed. Personal Data is provided for the purposes indicated under par. (2), section (b) above is processed and stored for the time necessary for the performance of the same purposes and, anyhow, not later than 4 years from the date on which we will receive your consent.
6. Exercisable Rights
In compliance with the provisions under Chapter III, Section I, GDPR, you may exercise the rights therein indicated by means of a request to be sent by email to the DPO’s certified email address above indicated for:
- Right of Access – Obtain confirmation whether your data are processed or not and, in such a case, obtain information related, in particular, to: the purposes of such processing, the categories of the processed personal data, the storage period, the recipients to whom such data can be transferred (Section 15, GDPR);
- Right of Rectification – Obtain, without undue delay, the rectification of inaccurate personal data and to have incomplete personal data completed (Section 16, GDPR);
- Right of Erasure – Obtain, without undue delay, the erasure of your personal data, in the cases provided for by the GPDR (Section 17, GDPR);
- Right to Restriction – Obtain from CMA the limitation to processing, in the cases provided for by the GDPR (Section 18, GDPR);
- Right to Data Portability – Receive your personal data as communicated to Movantia in a structured, commonly used, and machine-readable format and obtain the transmission of such data to another controller without any hindrance, in the cases provided for by the GDPR (Section 20, GDPR);
- Right to object – Object to the processing of your personal data, unless Movantia has compelling legitimate grounds for the continuation of the processing (Section 21, GDPR);
- Right to Lodge a Complaint with the Supervisory Authority – Lodge a complaint to Autorità Garante per la protezione dei dati personali, Piazza di Montecitorio n. 121, 00186, Roma (RM), Italy.
7. Processing Operations
Your personal data are processed through the operations indicated in section 4, n. 2), GDPR – whether or not performed by automated means – such as: collection, recording, organization, structuring, update, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, alignment or combination, restriction, erasure or destruction. Whichever way, it will guarantee their security, logical and physical, and overall confidentiality, adopting all necessary technical and organizational measures appropriate to guarantee the data security.
PP_v2.1 EN – 18/09/2022