Privacy Policy

Ex Art. 13 EU Regulation 2016/679

Dear Data Subject,

Datrix Group considers of fundamental importance the protection of the personal data of its users, actual and/or potential. 

With this document (the “Policy“), we renew our commitment to ensure that the processing of personal data collected through browsing on our platform is done in full compliance with the protections and rights recognized by the Regulation (EU) 2016/679 (“GDPR” o “Regulations”) and by the additional applicable regulations on the protection of personal data (the “Privacy Regulations“), including the Italian Legislative Decree 196/2003, as amended (the “Privacy Code“).

The term personal data refers to the definition contained in Article 4(1) of the Regulation, namely, “any information relating to an identified or identifiable natural person; an identifiable person is any natural person who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier, or to one or more features of his or her physical, physiological, genetic, mental, economic, cultural, or social identity” (“Personal data”). 

The purpose of this Policy – drafted on the basis of the principle of transparency and including all the elements required by Article 13 of the Regulations – is to describe the way in which the website https://datrixgroup.com (the “Website “) is managed, with reference to the processing of Personal Data of users/visitors.

We will also provide you, in a simple and intuitive way, with all the useful and necessary information so that you can give your Personal Data in a conscious and informed way and, at any time, exercise your rights under the GDPR.

A. THE DATA CONTROLLER AND CO-PROCESSORS

Pursuant to Article 26 of the Regulations, the companies that will process your Personal Data for the purpose referred to in this Notice and that, therefore, will play the role of data controller or, as the case may be, co-processors, are the companies belonging to the Datrix Group, specifically:

  • Datrix S.p.A., with registered office at Foro Buonaparte no. 71, 20121 – Milan P.IVA 08417670968.
  • 3rdPlace S.r.l., with registered office at Foro Buonaparte No. 71, 20121 – Milan P.IVA 04838460964.
  • PaperLit S.r.l., with registered office at Foro Buonaparte No. 71, 20121 – Milan P.IVA 03297020921.
  • ByTek S.r.l., with registered office at Foro Buonaparte No. 71, 20121 – Milan, P.IVA 13056731006.

(individually the “Owner“, jointly the “Datrix Group“).

The Datrix Group has entered into an inter partes co-ownership agreement, whereby the individual companies have committed to:

  • jointly determine certain purposes and methods of Processing your Personal Data;
  • jointly determine, in a clear and transparent manner, the procedures for providing you with timely feedback should you wish to exercise your rights, as provided for in Articles 15, 16, 17, 18 and 21 of the Regulations as well as in the cases of portability of Personal Data provided for in Article 20 of the Regulations, as better described within the appropriate Section of this Notice;
  • jointly define this Notice in the parts of common interest, indicating all the information required by the Regulation.

The essential content of the agreement is available at Datrix Group and can be provided upon specific request by the Data Subjects, to be forwarded to the contacts in Section G.

B. CONTACTS OF THE DATA PROTECTION OFFICER

In order to facilitate the relationship between you, as the data subject, i.e. the “identified or identifiable person” to whom the Personal Data refer pursuant to Article 4 in point 1) of the Regulations

(the “Data Subject”) and the Datrix Group, the Regulations have provided, in some specific cases, for the appointment of a control and support figure who, among the various tasks entrusted, also acts as a point of contact with the Data Subject.

The Datrix Group has adopted such a figure of “data protection officer”, so-called “Data Protection Officer”, identifying and appointing, pursuant to Article 37 of the Regulation, SAPG Legal Tech S.r.l., based in Corso Europa n. 7, 20122 – Milan (MI) (the “DPO”),

The DPO, pursuant to and for the purposes of Article 39 of the Regulation, is required to perform, among others, the following activities:

  • inform and advise the Datrix Group as well as employees performing Processing operations on their obligations under the Regulations as well as other Union or Member State provisions relating to the protection of Personal Data;
  • monitor and supervise compliance with the Regulation, applicable regulations on the protection of Personal Data as well as the policies and procedures adopted by the Datrix Group;
  • provide support in feedback to the Data Subject;
  • cooperate with the competent Data Protection Authority.
  • As provided in Article 38 of the Regulations, you may freely contact the DPO for all matters related to the Processing of your Personal Data and/or in case you wish to exercise your rights as provided in this Notice, by sending a written communication to the email address privacy@sapglegal.com.

 

C.   PURPOSE AND LEGAL BASIS OF PROCESSING

While browsing the Site, Personal Data may be processed according to the purposes and related legal bases set forth below.

a. Improving the browsing experience and monitoring the proper functioning of the Site

The computer systems and software procedures used to operate the Website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes, by way of example: IP addresses, the type of browser used, the operating system, the domain name and addresses of Internet sites from which access or exit was made, information on the pages visited by users within the Website, access time, the length of time spent on the individual page, internal path analysis and other parameters relating to the user’s operating system and computer environment.

Such technical/informational data are collected and used only in an aggregate, non-identifying manner and could be used to ascertain liability in the event of hypothetical computer crimes against the Website.

Processing will be legally based on Data Controller’s legitimate interest in the better functioning of its systems, optimization and improvement of the browsing experience, avoidance of fraudulent activities, and improvement of Website security (Art. 6(1)(f) of GDPR).

 

b. Ascertain, exercise or defend a right of the data controller in judicial and/or extrajudicial proceedings.

The legal basis for the data controller’s exercise or defense of a right will be that of legitimate interest, as defined in Article 6(1)(f) of the GDPR.

 

c. Contact us.

If requested by you through the completion of the appropriate form, Personal Data will be processed to respond to your inquiries about services provided.

This purpose of processing is legitimized by the execution of pre-contractual measures or the contract to which you are a party (ex art. 6 par. 1(b) GDPR).

 

d. Apply for job positions.

If requested by you through the completion of the appropriate form on the site, Personal Data will be processed to analyze and evaluate your application.

This purpose of processing is legitimized by the execution of pre-contractual measures or the contract to which you are a party (ex art. 6 par. 1(b) of the GDPR).

 

e. Sending the Holder’s Newsletter.

Specifically, for sending by automated contact methods (such as sms, mms e-mail) of promotional and commercial communications, advertising material related to service/product offers, reporting of company events.

The Holder offers various newsletter services that include:

  • Inspirational content;
  • Reminders;
  • Surveys to check the approval rating of the services provided;
  • Personalized suggestions based also on browsing behavior.

Should you wish to receive our newsletter, you can subscribe by giving the appropriate consent through an opt-in mechanism.

If, then, you no longer wish to receive the newsletter, you may unsubscribe at any time by exercising your right to opt-out using the appropriate link available in each newsletter or commercial message received. Alternatively, you may contact us by email in accordance with Section 6 of this policy.

This purpose of processing is legitimized by your optional, free and revocable consent at any time (pursuant to Article 6(1)(a) of the GDPR).

 

f. Direct Marketing by the Controller.

This term means the performance of promotional activities (by both automated and traditional means) of the services of your interest provided by the Controller. With regard to this direct marketing purpose, it should be clarified that, by virtue of Article 6(1)(f) of the Regulations and Article 130(4) of the Privacy Code (so-called soft spam exception), the Controller may carry out this activity based on its legitimate interest, regardless of your explicit consent, as better explained in Recital 47 of the Regulations in which it is “considered a legitimate interest of the Controller to process personal data for direct marketing purposes.” This will be possible as a result of the evaluations made by the Controller regarding the possible and possible prevalence of your interests, fundamental rights and freedoms requiring the protection of Personal Data over its own legitimate interest in sending direct marketing communications. Moreover, you may lawfully and at any time (even partially) object to receiving promotional communications, without in any way affecting the processing for the other purposes.

Such processing, will be legally based on the legitimate interest of the Data Controller in accordance with Article 6(1)(f) of the Regulations.

 

e. Processing of data belonging to special categories

No Personal Data belonging to the special categories referred to in Article 9 of the Regulations are processed.

 

D.   SUBJECTS TO WHOM YOUR PERSONAL DATA MAY BE DISCLOSED

Your Personal Data may be disclosed to specific entities considered recipients of such Personal Data.

In fact, Art. 4 at point 9) of the Regulations, defines a recipient of Personal Data as “the natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is a third party” (the “Recipients”).

With this in mind, in order to properly carry out all the Processing activities necessary to pursue the

purposes set forth in this Notice, the following Recipients may be in a position to process your Personal Data:

  • third parties who perform part of the Processing activities and/or activities related and instrumental to the same on behalf of a Data Controller or Datrix Group. Such entities have been appointed as data controllers, whereby this expression is to be understood individually, pursuant to Article 4 at 8) of the Regulations, as “the natural or legal person, public authority, service or other body that processes Personal Data on behalf of the Data Controller” (the “Data Controller”);
  • Individuals, employees and/or contractors of a Data Controller or Datrix Group, who have been entrusted with specific and/or multiple Processing activities on your Personal Data. Such individuals have been given specific instructions regarding the security and proper use of Personal Data and are defined, in accordance with Article 4 at 10) of the Regulations, as “persons authorized to process Personal Data under the direct authority of the Data Controller or Processor” (the “Authorized Persons”);
  • Where required by law or in order to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or judicial authorities without these being defined as Recipients. In fact, according to Article 4.9 of the Regulations, “public authorities that may receive disclosure of Personal Data in the context of a specific investigation in accordance with Union or Member State law are not considered Recipients.”

 

E.  PROCESSING TIME

One of the principles applicable to the Processing of your Personal Data concerns the limitation of the storage period, governed by Article 5.1(e) of the Regulations which states “Personal Data shall be

kept in a form which permits the identification of Data Subjects for a period of time not exceeding the achievement of the purposes for which they are processed; Personal Data may be kept for longer periods provided that they are processed solely for archiving purposes in the public interest, scientific or historical research or statistical purposes, in accordance with Article 89(1), subject to the implementation of appropriate technical and organizational measures required by this Regulation to protect the rights and freedoms of the Data Subject.”

In light of this principle, your Personal Data will be processed by Datrix Group only to the extent necessary to fulfill the purpose set out in Section C of this Notice.

In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated by Recital 39 of the Regulations, i.e. until the termination of the existing contractual relationship between you and the Data Controller, without prejudice to an additional retention period that may be imposed by law as also provided by Recital 65 of the Regulations.

With respect to the Processing carried out to achieve the additional purposes set out in this Notice, Datrix Group may lawfully process your Personal Data until you communicate, in one of the ways set out in the Notice, your wish to limit or object to the Processing. Any such restriction and/or opposition will, in effect, require Datrix Group to cease processing your Personal Data for that purpose.

F.  RIGHTS

As provided for in Articles 15 et seq. of the Regulations, you may access your Personal Data, request that it be rectified and updated if incomplete or erroneous, request that it be erased if it was collected in violation of a law or regulation, and object to the Processing for legitimate and specific reasons. In particular, we list below all your rights that you can exercise, at any time, against a Data Controller.

  • Right of access

You will have the right, pursuant to Art. 15. 1 of the Regulations, to obtain from the Controller confirmation as to whether or not any Processing of your Personal Data is taking place and, if so, to obtain access to such Personal Data and to the following information: (a) the purposes of the Processing; (b) the categories of Personal Data in question; (c) the Recipients or categories of Recipients to whom your Personal Data have been or will be disclosed, in particular if Recipients from third countries or international organizations; (d) when possible, the expected period of retention of Personal Data or, if this is not possible, the criteria used to determine this period e) the existence of the Data Subject’s right to request from the Data Controller the rectification or erasure of Personal Data or the restriction of the Processing of Personal Data concerning him or her or to object to their Processing; f) the right to lodge a complaint with a supervisory authority; g) if the Personal Data are not collected from the Data Subject, all available information about their origin; h) the existence of an automated decision-making process, including profiling as referred to in Art. 22(1) and (4) of the Regulations and, at least in such cases, meaningful information about the logic used, as well as the importance and expected consequences of such Processing for the Data Subject. All this information you can find within this Policy which will always be available to you within the Privacy Policy section of the Sites.

  • Right of rectification

You may obtain, pursuant to Article 16 of the Regulations, the rectification of your Personal Data that is inaccurate. Taking into account the purposes of the Processing, you may also obtain the integration of your Personal Data that is incomplete, including by providing a supplementary declaration.

  • Right to erasure

You may obtain, pursuant to Article 17.1 of the Regulations, the erasure of your Personal Data without

unjustified delay and the Data Controller will be obliged to delete your Personal Data if there is even one of the following reasons: a) the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; b) you have revoked the consent on which the Processing of your Personal Data is based and there is no other legal basis for the Processing of your Personal Data; c) you have objected to the Processing pursuant to Art. 21(1) or (2) of the Regulations and there is no longer any overriding legitimate reason for proceeding with the Processing of your Personal Data; d) your Personal Data has been processed unlawfully; e) it is necessary to delete your Personal Data in order to comply with a legal obligation under an EU or domestic law.

In some cases, as provided in Article 17.3 of the Regulations, the Data Controller is entitled not to provide for the erasure of your Personal Data if their Processing is necessary, for example, for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, for the establishment, exercise or defense of a right in a court of law.

  • Right to limitation of Processing

You may obtain the restriction of Processing, pursuant to Art. 18 of the Regulation, in case one of the following occurs: (a) you have disputed the accuracy of your Personal Data (the restriction will last for the period necessary for the Data Controller to verify the accuracy of such Personal Data); (b) the Processing is unlawful but you have objected to the deletion of your Personal Data, requesting instead that its use be restricted; c) although the Data Controller no longer needs it for the purposes of the Processing, your Personal Data is needed for the establishment, exercise or defense of a right in court; d) you have objected to the Processing pursuant to Art. 21.1 of the Regulations and you are awaiting verification as to whether the Data Controller’s legitimate reasons prevail over yours.

In the event of a restriction on Processing, your Personal Data will be processed, except for storage, only with your consent or for the establishment, exercise or defense of a right in a court of law or to protect the rights of another natural or legal person or for reasons of substantial public interest. We will inform you, in each case, before such limitation is lifted.

 

  • Right to data portability

You may, at any time, request and receive, in accordance with Article 20.1 of the Regulations, all of your Personal Data processed by the Controller in a structured, commonly used and readable format or request its transmission to another data controller without hindrance. In this case, it will be your responsibility to provide us with all the exact details of the new data controller to whom you intend to transfer your Personal Data by providing us with written authorization.

  • Right to object

Pursuant to Article 21.2 of the Regulation and as also reiterated by Recital 70, you may object, at any time, to the Processing of your Personal Data for the purposes indicated.

  • Right to lodge a complaint with the supervisory authority

Without prejudice to your right of recourse in any other administrative or jurisdictional forum, if you believe that the Processing of your Personal Data conducted by the Data Controller occurs in violation of the Regulation and/or applicable legislation, you may lodge a complaint with the competent Data Protection Authority.

 

G.  CONTACT

To exercise all of your rights as identified above, simply contact Datrix Group by sending an email to the email box privacy@datrixgroup.com.

Please note that, at any time, you may also contact the Datrix Group DPO in the manner provided in Section B of this Notice.

 

H.  PROCESSING LOCATIONS

Your Personal Data will be processed by Datrix Group within the territory of the European Union.

Should it become necessary for technical and/or operational matters to use entities located outside the European Union, we hereby inform you that such entities will be appointed as Data Processors pursuant to and for the purposes of Article 28 of the Regulations and the transfer of your Personal Data to such entities, limited to the performance of specific Processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulations.

All necessary precautions will therefore be taken in order to ensure the fullest protection of your Personal Data by basing such transfer: (a) on adequacy decisions of the third country recipients expressed by the European Commission; (b) on adequate safeguards expressed by the third party recipient pursuant to Article 46 of the Regulation; (c) on the adoption of binding corporate rules; (d) by adopting standard contractual clauses approved by the European Commission.

In any case, you may request more details from Datrix Group if your Personal Data has been processed outside the European Union by requesting evidence of the specific safeguards adopted.

Privacy Policy

Ex Art. 13 EU Regulation 2016/679

Dear Data Subject,

Datrix Group considers of fundamental importance the protection of the personal data of its users, actual and/or potential. 

With this document (the “Policy“), we renew our commitment to ensure that the processing of personal data collected through browsing on our platform is done in full compliance with the protections and rights recognized by the Regulation (EU) 2016/679 (“GDPR” o “Regulations”) and by the additional applicable regulations on the protection of personal data (the “Privacy Regulations“), including the Italian Legislative Decree 196/2003, as amended (the “Privacy Code“).

The term personal data refers to the definition contained in Article 4(1) of the Regulation, namely, “any information relating to an identified or identifiable natural person; an identifiable person is any natural person who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier, or to one or more features of his or her physical, physiological, genetic, mental, economic, cultural, or social identity” (“Personal data”). 

The purpose of this Policy – drafted on the basis of the principle of transparency and including all the elements required by Article 13 of the Regulations – is to describe the way in which the website https://datrixgroup.com (the “Website “) is managed, with reference to the processing of Personal Data of users/visitors.

We will also provide you, in a simple and intuitive way, with all the useful and necessary information so that you can give your Personal Data in a conscious and informed way and, at any time, exercise your rights under the GDPR.

A. THE DATA CONTROLLER AND CO-PROCESSORS

Pursuant to Article 26 of the Regulations, the companies that will process your Personal Data for the purpose referred to in this Notice and that, therefore, will play the role of data controller or, as the case may be, co-processors, are the companies belonging to the Datrix Group, specifically:

  • Datrix S.p.A., with registered office at Foro Buonaparte no. 71, 20121 – Milan P.IVA 08417670968.
  • 3rdPlace S.r.l., with registered office at Foro Buonaparte No. 71, 20121 – Milan P.IVA 04838460964.
  • PaperLit S.r.l., with registered office at Foro Buonaparte No. 71, 20121 – Milan P.IVA 03297020921.
  • ByTek S.r.l., with registered office at Foro Buonaparte No. 71, 20121 – Milan, P.IVA 13056731006.

(individually the “Owner“, jointly the “Datrix Group“).

The Datrix Group has entered into an inter partes co-ownership agreement, whereby the individual companies have committed to:

  • jointly determine certain purposes and methods of Processing your Personal Data;
  • jointly determine, in a clear and transparent manner, the procedures for providing you with timely feedback should you wish to exercise your rights, as provided for in Articles 15, 16, 17, 18 and 21 of the Regulations as well as in the cases of portability of Personal Data provided for in Article 20 of the Regulations, as better described within the appropriate Section of this Notice;
  • jointly define this Notice in the parts of common interest, indicating all the information required by the Regulation.

The essential content of the agreement is available at Datrix Group and can be provided upon specific request by the Data Subjects, to be forwarded to the contacts in Section G.

B. CONTACTS OF THE DATA PROTECTION OFFICER

In order to facilitate the relationship between you, as the data subject, i.e. the “identified or identifiable person” to whom the Personal Data refer pursuant to Article 4 in point 1) of the Regulations

(the “Data Subject”) and the Datrix Group, the Regulations have provided, in some specific cases, for the appointment of a control and support figure who, among the various tasks entrusted, also acts as a point of contact with the Data Subject.

The Datrix Group has adopted such a figure of “data protection officer”, so-called “Data Protection Officer”, identifying and appointing, pursuant to Article 37 of the Regulation, SAPG Legal Tech S.r.l., based in Corso Europa n. 7, 20122 – Milan (MI) (the “DPO”),

The DPO, pursuant to and for the purposes of Article 39 of the Regulation, is required to perform, among others, the following activities:

  • inform and advise the Datrix Group as well as employees performing Processing operations on their obligations under the Regulations as well as other Union or Member State provisions relating to the protection of Personal Data;
  • monitor and supervise compliance with the Regulation, applicable regulations on the protection of Personal Data as well as the policies and procedures adopted by the Datrix Group;
  • provide support in feedback to the Data Subject;
  • cooperate with the competent Data Protection Authority.
  • As provided in Article 38 of the Regulations, you may freely contact the DPO for all matters related to the Processing of your Personal Data and/or in case you wish to exercise your rights as provided in this Notice, by sending a written communication to the email address privacy@sapglegal.com.

 

C.   PURPOSE AND LEGAL BASIS OF PROCESSING

While browsing the Site, Personal Data may be processed according to the purposes and related legal bases set forth below.

a. Improving the browsing experience and monitoring the proper functioning of the Site

The computer systems and software procedures used to operate the Website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes, by way of example: IP addresses, the type of browser used, the operating system, the domain name and addresses of Internet sites from which access or exit was made, information on the pages visited by users within the Website, access time, the length of time spent on the individual page, internal path analysis and other parameters relating to the user’s operating system and computer environment.

Such technical/informational data are collected and used only in an aggregate, non-identifying manner and could be used to ascertain liability in the event of hypothetical computer crimes against the Website.

Processing will be legally based on Data Controller’s legitimate interest in the better functioning of its systems, optimization and improvement of the browsing experience, avoidance of fraudulent activities, and improvement of Website security (Art. 6(1)(f) of GDPR).

 

b. Ascertain, exercise or defend a right of the data controller in judicial and/or extrajudicial proceedings.

The legal basis for the data controller’s exercise or defense of a right will be that of legitimate interest, as defined in Article 6(1)(f) of the GDPR.

 

c. Contact us.

If requested by you through the completion of the appropriate form, Personal Data will be processed to respond to your inquiries about services provided.

This purpose of processing is legitimized by the execution of pre-contractual measures or the contract to which you are a party (ex art. 6 par. 1(b) GDPR).

 

d. Apply for job positions.

If requested by you through the completion of the appropriate form on the site, Personal Data will be processed to analyze and evaluate your application.

This purpose of processing is legitimized by the execution of pre-contractual measures or the contract to which you are a party (ex art. 6 par. 1(b) of the GDPR).

 

e. Sending the Holder’s Newsletter.

Specifically, for sending by automated contact methods (such as sms, mms e-mail) of promotional and commercial communications, advertising material related to service/product offers, reporting of company events.

The Holder offers various newsletter services that include:

  • Inspirational content;
  • Reminders;
  • Surveys to check the approval rating of the services provided;
  • Personalized suggestions based also on browsing behavior.

Should you wish to receive our newsletter, you can subscribe by giving the appropriate consent through an opt-in mechanism.

If, then, you no longer wish to receive the newsletter, you may unsubscribe at any time by exercising your right to opt-out using the appropriate link available in each newsletter or commercial message received. Alternatively, you may contact us by email in accordance with Section 6 of this policy.

This purpose of processing is legitimized by your optional, free and revocable consent at any time (pursuant to Article 6(1)(a) of the GDPR).

 

f. Direct Marketing by the Controller.

This term means the performance of promotional activities (by both automated and traditional means) of the services of your interest provided by the Controller. With regard to this direct marketing purpose, it should be clarified that, by virtue of Article 6(1)(f) of the Regulations and Article 130(4) of the Privacy Code (so-called soft spam exception), the Controller may carry out this activity based on its legitimate interest, regardless of your explicit consent, as better explained in Recital 47 of the Regulations in which it is “considered a legitimate interest of the Controller to process personal data for direct marketing purposes.” This will be possible as a result of the evaluations made by the Controller regarding the possible and possible prevalence of your interests, fundamental rights and freedoms requiring the protection of Personal Data over its own legitimate interest in sending direct marketing communications. Moreover, you may lawfully and at any time (even partially) object to receiving promotional communications, without in any way affecting the processing for the other purposes.

Such processing, will be legally based on the legitimate interest of the Data Controller in accordance with Article 6(1)(f) of the Regulations.

 

e. Processing of data belonging to special categories

No Personal Data belonging to the special categories referred to in Article 9 of the Regulations are processed.

 

D.   SUBJECTS TO WHOM YOUR PERSONAL DATA MAY BE DISCLOSED

Your Personal Data may be disclosed to specific entities considered recipients of such Personal Data.

In fact, Art. 4 at point 9) of the Regulations, defines a recipient of Personal Data as “the natural or legal person, public authority, service or other body that receives communication of personal data, whether or not it is a third party” (the “Recipients”).

With this in mind, in order to properly carry out all the Processing activities necessary to pursue the

purposes set forth in this Notice, the following Recipients may be in a position to process your Personal Data:

  • third parties who perform part of the Processing activities and/or activities related and instrumental to the same on behalf of a Data Controller or Datrix Group. Such entities have been appointed as data controllers, whereby this expression is to be understood individually, pursuant to Article 4 at 8) of the Regulations, as “the natural or legal person, public authority, service or other body that processes Personal Data on behalf of the Data Controller” (the “Data Controller”);
  • Individuals, employees and/or contractors of a Data Controller or Datrix Group, who have been entrusted with specific and/or multiple Processing activities on your Personal Data. Such individuals have been given specific instructions regarding the security and proper use of Personal Data and are defined, in accordance with Article 4 at 10) of the Regulations, as “persons authorized to process Personal Data under the direct authority of the Data Controller or Processor” (the “Authorized Persons”);
  • Where required by law or in order to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or judicial authorities without these being defined as Recipients. In fact, according to Article 4.9 of the Regulations, “public authorities that may receive disclosure of Personal Data in the context of a specific investigation in accordance with Union or Member State law are not considered Recipients.”

 

E.  PROCESSING TIME

One of the principles applicable to the Processing of your Personal Data concerns the limitation of the storage period, governed by Article 5.1(e) of the Regulations which states “Personal Data shall be

kept in a form which permits the identification of Data Subjects for a period of time not exceeding the achievement of the purposes for which they are processed; Personal Data may be kept for longer periods provided that they are processed solely for archiving purposes in the public interest, scientific or historical research or statistical purposes, in accordance with Article 89(1), subject to the implementation of appropriate technical and organizational measures required by this Regulation to protect the rights and freedoms of the Data Subject.”

In light of this principle, your Personal Data will be processed by Datrix Group only to the extent necessary to fulfill the purpose set out in Section C of this Notice.

In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated by Recital 39 of the Regulations, i.e. until the termination of the existing contractual relationship between you and the Data Controller, without prejudice to an additional retention period that may be imposed by law as also provided by Recital 65 of the Regulations.

With respect to the Processing carried out to achieve the additional purposes set out in this Notice, Datrix Group may lawfully process your Personal Data until you communicate, in one of the ways set out in the Notice, your wish to limit or object to the Processing. Any such restriction and/or opposition will, in effect, require Datrix Group to cease processing your Personal Data for that purpose.

F.  RIGHTS

As provided for in Articles 15 et seq. of the Regulations, you may access your Personal Data, request that it be rectified and updated if incomplete or erroneous, request that it be erased if it was collected in violation of a law or regulation, and object to the Processing for legitimate and specific reasons. In particular, we list below all your rights that you can exercise, at any time, against a Data Controller.

  • Right of access

You will have the right, pursuant to Art. 15. 1 of the Regulations, to obtain from the Controller confirmation as to whether or not any Processing of your Personal Data is taking place and, if so, to obtain access to such Personal Data and to the following information: (a) the purposes of the Processing; (b) the categories of Personal Data in question; (c) the Recipients or categories of Recipients to whom your Personal Data have been or will be disclosed, in particular if Recipients from third countries or international organizations; (d) when possible, the expected period of retention of Personal Data or, if this is not possible, the criteria used to determine this period e) the existence of the Data Subject’s right to request from the Data Controller the rectification or erasure of Personal Data or the restriction of the Processing of Personal Data concerning him or her or to object to their Processing; f) the right to lodge a complaint with a supervisory authority; g) if the Personal Data are not collected from the Data Subject, all available information about their origin; h) the existence of an automated decision-making process, including profiling as referred to in Art. 22(1) and (4) of the Regulations and, at least in such cases, meaningful information about the logic used, as well as the importance and expected consequences of such Processing for the Data Subject. All this information you can find within this Policy which will always be available to you within the Privacy Policy section of the Sites.

  • Right of rectification

You may obtain, pursuant to Article 16 of the Regulations, the rectification of your Personal Data that is inaccurate. Taking into account the purposes of the Processing, you may also obtain the integration of your Personal Data that is incomplete, including by providing a supplementary declaration.

  • Right to erasure

You may obtain, pursuant to Article 17.1 of the Regulations, the erasure of your Personal Data without

unjustified delay and the Data Controller will be obliged to delete your Personal Data if there is even one of the following reasons: a) the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; b) you have revoked the consent on which the Processing of your Personal Data is based and there is no other legal basis for the Processing of your Personal Data; c) you have objected to the Processing pursuant to Art. 21(1) or (2) of the Regulations and there is no longer any overriding legitimate reason for proceeding with the Processing of your Personal Data; d) your Personal Data has been processed unlawfully; e) it is necessary to delete your Personal Data in order to comply with a legal obligation under an EU or domestic law.

In some cases, as provided in Article 17.3 of the Regulations, the Data Controller is entitled not to provide for the erasure of your Personal Data if their Processing is necessary, for example, for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, for the establishment, exercise or defense of a right in a court of law.

  • Right to limitation of Processing

You may obtain the restriction of Processing, pursuant to Art. 18 of the Regulation, in case one of the following occurs: (a) you have disputed the accuracy of your Personal Data (the restriction will last for the period necessary for the Data Controller to verify the accuracy of such Personal Data); (b) the Processing is unlawful but you have objected to the deletion of your Personal Data, requesting instead that its use be restricted; c) although the Data Controller no longer needs it for the purposes of the Processing, your Personal Data is needed for the establishment, exercise or defense of a right in court; d) you have objected to the Processing pursuant to Art. 21.1 of the Regulations and you are awaiting verification as to whether the Data Controller’s legitimate reasons prevail over yours.

In the event of a restriction on Processing, your Personal Data will be processed, except for storage, only with your consent or for the establishment, exercise or defense of a right in a court of law or to protect the rights of another natural or legal person or for reasons of substantial public interest. We will inform you, in each case, before such limitation is lifted.

 

  • Right to data portability

You may, at any time, request and receive, in accordance with Article 20.1 of the Regulations, all of your Personal Data processed by the Controller in a structured, commonly used and readable format or request its transmission to another data controller without hindrance. In this case, it will be your responsibility to provide us with all the exact details of the new data controller to whom you intend to transfer your Personal Data by providing us with written authorization.

  • Right to object

Pursuant to Article 21.2 of the Regulation and as also reiterated by Recital 70, you may object, at any time, to the Processing of your Personal Data for the purposes indicated.

  • Right to lodge a complaint with the supervisory authority

Without prejudice to your right of recourse in any other administrative or jurisdictional forum, if you believe that the Processing of your Personal Data conducted by the Data Controller occurs in violation of the Regulation and/or applicable legislation, you may lodge a complaint with the competent Data Protection Authority.

 

G.  CONTACT

To exercise all of your rights as identified above, simply contact Datrix Group by sending an email to the email box privacy@datrixgroup.com.

Please note that, at any time, you may also contact the Datrix Group DPO in the manner provided in Section B of this Notice.

 

H.  PROCESSING LOCATIONS

Your Personal Data will be processed by Datrix Group within the territory of the European Union.

Should it become necessary for technical and/or operational matters to use entities located outside the European Union, we hereby inform you that such entities will be appointed as Data Processors pursuant to and for the purposes of Article 28 of the Regulations and the transfer of your Personal Data to such entities, limited to the performance of specific Processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulations.

All necessary precautions will therefore be taken in order to ensure the fullest protection of your Personal Data by basing such transfer: (a) on adequacy decisions of the third country recipients expressed by the European Commission; (b) on adequate safeguards expressed by the third party recipient pursuant to Article 46 of the Regulation; (c) on the adoption of binding corporate rules; (d) by adopting standard contractual clauses approved by the European Commission.

In any case, you may request more details from Datrix Group if your Personal Data has been processed outside the European Union by requesting evidence of the specific safeguards adopted.

AI Shape


Notice: Undefined index: ai_shape_tax_type in /home/customer/www/datrixgroup.com/public_html/wp-content/plugins/powerpack-elements/modules/categories/widgets/categories.php on line 3133

Notice: Undefined index: tax_ai_shape__filter_rule in /home/customer/www/datrixgroup.com/public_html/wp-content/plugins/powerpack-elements/modules/categories/widgets/categories.php on line 2864

Notice: Undefined index: tax_ai_shape_ in /home/customer/www/datrixgroup.com/public_html/wp-content/plugins/powerpack-elements/modules/categories/widgets/categories.php on line 2865
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.