Privacy & Cookie Policy

Privacy Policy

Updated on Monday, Februrary 19th, 2024
Download

On 25th May 2018, the new General Data Protection Regulation 2016/679 (GDPR) is fully applicable. In order to correctly comply with the provisions and be compliant with the new Regulations, Imagicle S.p.A is particularly dedicated to protecting its Customers, Suppliers, Partners and Employees (or potential)‘ privacy and data processing.


General

In compliance with the provisions of articles 13 and 14 of EU Regulation 2016/679 (hereinafter „GDPR“), in the context of the protection of personal data, Imagicle S.p.a. (hereinafter „Imagicle“) provides Data Subjects with the following information:


Data controller

The Data Controller of your personal data is Imagicle S.p.A, responsible for the lawful and correct use of your personal data, and who you may contact for any information or requests at the following addresses:

Registered office: Via Fondacci,272 – 55054 – Massarosa 
Other offices: Via Murri, 24 – int. 27/29 – 20013 – Magenta (MI) e  Via Sile, 17/B – 31057 – Silea (TV)
Telephone: 0584/943232
Fax:0584/943325
E-mail: administration@imagicle.com      
Certified Email: imagicle@legalmail.it


Types of data processed, purposes and legal basis

The personal data processed are collected as provided directly by the User / Data Subject or collected automatically through the site.


Data provided directly by the User / Data Subject

The data provided directly by the User / Data Subject are all personal data entered by the same within the site or which in any case are provided to the Data Controller in any manner. These data will be processed in compliance with the guarantees of privacy and security measures required by current legislation, including the help of electronic tools directly and / or through third parties, for the purposes set out below together with the legal basis of reference:

PURPOSESPROCESSED DATALEGAL BASIS
APurposes strictly related to the execution of contractual and pre-contractual measures and to respond to specific requests from the Data SubjectPersonal and contact data
Payment data and other financial data 
Data relating to debt behavior, economic solvency and the presence of judicial measures
Data relating to the activated services
Processing necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract. – Art. 6 paragr. 1 lett b)
BPurposes related to the fulfillment of fiscal, accounting and other legal obligationsPersonal and contact data
Payment data and other financial data 
Data relating to debt behavior, economic solvency and the presence of judicial measures
Data relating to the activated services
Processing necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract. – Art. 6 paragr. 1 lett b)
CExercise of rights of the Data Controller, for example the right of defence in court.Personal and contact data
Payment data and other financial data 
Data relating to debt behavior, economic solvency and the presence of judicial measures
Data relating to the activated services
Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Art. 6 paragr. 1 lett f)
DPurposes related to the protection of credit and corporate assetsPersonal and contact data
Payment data and other financial data
Data relating to debt behavior, economic solvency and the presence of judicial measures
Data relating to the activated services
Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Art. 6 paragr. 1 lett f)
ECreation of statistics and archives of solved cases for analysis aimed at improving the servicesPersonal and contact data
Payment data and other financial data 
Data relating to debt behavior, economic solvency and the presence of judicial measures
Data relating to the activated services
Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Art. 6 paragr. 1 lett f)
FDirect marketing: communication and/or sending, also with automated methods, of promotional, advertising and information material, surveys or market research through telephone channels, sms, e-mail, social networks, and online advertising platformsPersonal and contact dataData relating to the activated servicesThe Data Subject has given consent to the processing of his or her personal data for one or more specific purposes; Art 6 c.1 lett. a)
GMarketing on existing customers: sending communications relating to contracted products/ services and/or to products/services similar to those already contracted (newsletters, webinars, events, training activities).Personal and contact data
Data relating to the activated services
Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Art. 6 paragr. 1 lett f)
HIndirect marketing: communication of data to related and / or associated companies, to commercial partners and third parties so that they can make you a recipient of marketing communicationsPersonal and contact data
Data relating to the activated services
The Data Subject has given consent to the processing of his or her personal data for one or more specific purposes; Art 6 c.1 lett. a)

The Data Subject assumes responsibility for the personal data of third parties obtained, published or shared with the Data Controller and guarantees to have the right to communicate or disseminate them, freeing the Data Controller from any liability to third parties.

Data collected automatically through the site

The automatically collected data are the information collected automatically through the site also from third-party applications integrated therein, including for example: the IP addresses or domain names of the computers used by the User / Data Subject who connects to this site, the addresses in URI (Uniform Resource Identifier) ​​notation, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error , etc.), the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details relating to the itinerary followed within the ‚Application, with particular reference to the sequence of pages consulted, to the parameters relating to the operating system and the IT environment of the User / Data Subject. Complete details on each type of data collected are provided in the dedicated sections of the cookie policy of this site.

The automatically collected data are processed exclusively for the purposes for which they are collected, as described below.

The Data Controller processes the data provided by the Data Subject to allow the site to function, to allow the display of content from external platforms, for statistical purposes, optimization and distribution of traffic and marketing in addition to the additional purposes described in this document and in the Cookie Policy.


Compulsory or optional nature of the provision of data and consequences of a refusal to provide

The nature of the provision of your personal data is mandatory so that the Data Controller can fulfill the obligations deriving and arising from the contractual and/or pre-contractual relationship in place with you, as well as those imposed by law or regulations. Failure to provide your personal data may determine the impossibility to establish or continue the contractual and pre-contractual relationship to the extent that such data are necessary for its execution. If the processing of data is based on your consent, the provision of your data is optional and the non-acceptance and provision does not entail any consequences. In case of lack of consent, your data cannot be processed for the purpose described. Unless otherwise specified, all the data required for browsing the site are mandatory, if the User / Data Subject refuses to communicate them, it may be impossible for this Application to provide the Service. In cases where some data are indicated as optional, Users / Interested parties are free to refrain from communicating such data, without this having any consequence on the availability of the Service or on its operation. When accessing any page of the Site, there is a Banner through which the User / Data Subject can give their consent to the use of cookies.

If you have any doubts about which data is mandatory, we encourage you to contact us.


Processing methods

The Data Controller adopts the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data.

The processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.


Recipients of the personal data

Your data may be communicated, in addition to the personnel assigned to the processing, also to the following subjects also appointed, if necessary, as Data Processors by the Data Controller:

  1. Private and public entities for the performance of administrative and legal practices in compliance with the provisions of EU Reg. no. 679/2016;
  2. Consultants and companies that assist the Data Controller from an IT, infrastructural point of view and for the management of communication networks;
  3. Professionals, consortia and service companies and professional firms in the field of assistance and consultancy relationships (eg from a tax, commercial, legal, communication point of view, etc.);
  4. Banks and credit institutions;
  5. Other companies and professionals who collaborate with the Data Controller for the performance of the services covered by the contract/assignment;
  6.  Insurance companies;
  7. Subsidiary or associated companies.

The updated list of Data Processor can always be requested from the Data Controller.
The data will not be subject to other methods of dissemination.


Place Processing

The data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located.
The data provided directly by the User / Data Subject and collected automaticallty could be transferred in a different country than the one in which the User / Data Subject is located outside the European Economic Area. In this case Imagicle Spa ensures that the processing of your personal data by these subjects to whom the data is transferred takes place in compliance with the European Regulation 679/2016, all always in compliance with the principles indicated in art. 45 of the GDPR 2016/679 relating to the existence of an adequacy decision by the European Commission, or in the absence of such decisions in compliance with art. 46 relating to the transfer in the presence of appropriate safeguards or in compliance with Article 49 paragraph 1 letter b) – transfer necessary for the execution of a contract concluded between you and the Data Controller or for the execution of pre-contractual measures.

For more information, please contact the Data Controller.


Retention Period

Data provided directly by the User / Data Subject

The personal data provided directly by the User / Data Subject collected for the purpose referred to in paragraph 2 letters A, B, C and D will be processed and stored for the period of time necessary to pursue the aforementioned purposes and in any case no longer than the legal retention times provided for by law, currently 10 years from the time of termination of the contractual relationship if there is one active or no later than 10 years from collection for all other Data Subjects. In the event of a pending trial, the data will be processed until they are terminated. Furthermore, the Data Controller may be obliged to keep personal data for a longer period in compliance with a legal obligation or by order of an authority.

Personal data collected for marketing purposes on existing customers referred to in paragraph 2 letter G will be processed and stored for the period of time necessary to pursue the aforementioned purposes and in any case no later than the termination of the contract. In the case of perpetual licenses, the data will be kept until the consent is revoked by the User / Data Subject.

The personal data collected for the purposes of creating statistics and archives of the resolved cases, referred to in paragraph 2 letter E, will be processed and stored for the period of time necessary to pursue the the aforementioned purposes and in any case no later than 3 years from their collection.

The personal data collected for direct and indirect marketing purposes, referred to in paragraph 2 letters F and H, will be processed and stored for the period of time necessary to pursue the aforementioned purposes and in any case no later than 2 years from their collection.

At the end of the retention period, the personal data will be deleted. Therefore, at the end of this term the rights of access, cancellation, rectification and the right to data portability can no longer be exercised.

Data collected automatically through the site

The automatically collected data will be retained for the period better specified in the Cookie Policy.

At the end of the retention period, the personal data will be deleted. Therefore, at the end of this term the rights of access, cancellation, rectification and the right to data portability can no longer be exercised.


Rights of the User / Data Subject 

Pursuant to art. 13 GDPR each User / Interested party has the right to obtain confirmation of the existence or not of your Personal Data, even if not yet registered, and their communication in an intelligible form.

In particular, the User / Data Subject has the right to obtain from the Data Controller the indication of:

  • the origin of Personal Data;
  • the purposes and methods of processing;
  • the logic applied in the case of processing carried out with the aid of electronic/IT tools;
  • the identification details of the Data Controller, of the Data Processor and of the controller’s representative;
  • the recipients or categories of recipients to whom the data may be communicated or who can be involved in the processing as Controller’s Representative, Data Processor or Authorised Personnel.

Furthermore the User / Data Subject has the right to obtain from the Data Controller:

  • updating, rectification or integration of their data;
  • cancellation, transformation into anonymous form or blocking of data processed in violation of the law;
  • access to his/her data, i.e. confirmation that his/her personal data is being processed or not;
  • the limitation of the processing,
  • the portability of the data, i.e. the right to receive in a structured format his/her Personal Data;

Finally, the User / Data Subject has the right object and the rights in relation to automated decision-making including profiling.

Data Subject/Access Request

Right of the data subject can be exercised through email, certified email (PEC), or a registered letter with an acknowledgment of receipt. To make this process easier, data subjects can reach out to us at the following email address: dpo@imagicle.com or via PEC at imagicle@legalmail.it.

Upon receiving a request, IMAGICLE commits to providing information regarding the request without unnecessary delay and within a maximum of 30 days from the date of receipt. If required, due to the complexity or volume of requests, this period may be extended by an additional 60 days.

Any information provided by the data subject, as well as any communications and actions undertaken, are free of charge.

In cases where Imagicle has reasonable doubts about the identity of the individual making the request, we may ask for additional information to confirm the identity of the data subject. If more details are needed on the request, we will provide a template form to facilitate the process.