Data Protection Officer

The data controller is Techniconsult Firenze Srl, a Benefit Company located at Via Carlo del Greco 25/A – 50141 (FI) Telephone +39 05545556.

The data controller (Techniconsult) has appointed a Data Protection Officer (DPO), whom you can contact to exercise your rights, as well as to receive any information regarding them and/or this notice, by writing to the email address info@tcfirenze.com.

The data controller and the DPO, through the designated structures, will handle your request and provide you, without undue delay and in any case no later than one month from receipt of the request, with information regarding the action taken in response to your request.

Please note that if the data controller has doubts about the identity of the data subject submitting the request, they may request further information necessary to confirm the data subject’s identity.

Subject of the processing

The Data Controller takes care to protect your personal data and complies with the applicable data protection regulations (Privacy Code, Legislative Decree 10.08.2018, no. 101, and GDPR 2016/679). Your personal data is treated confidentially and transferred to third parties only in accordance with what is provided for in this Policy, or with your consent. We process the personal data you provide to us during the use of the website and/or after registering on the website.

In particular, we process:

  • Personal data, both identifying and non-sensitive (in particular, name, surname, tax code, VAT number, email, telephone number – hereinafter referred to as “personal data” or simply “data”) directly provided by you, through registration on the website and/or the request to use the individual socio-educational and socio-assistance services offered; strictly nominal data of minor users.
  • Data not directly provided by you – and in any case acquired within the limits of what is provided for in Article 14, paragraph 5, GDPR – the transmission of which is connected to the use of Internet communication protocols (for example, page access, amount of data transferred, status message upon access, session ID numbers, IP addresses, URL addresses, etc.). Such data allow us to reconstruct the path of your visits to the website.

Purpose of treatment

The processing of your personal data is carried out:

A) Without your express consent (art. 24, lett. a), b), c), Privacy Code and art. 6, lett. b), e), GDPR), for the following Service Purposes:

  • Processing a contract request or pre-contractual request;
  • Carrying out pre-contractual measures adopted at your request;
  • Processing internal statistics;
  • Fulfilling tax obligations arising from existing relationships;
  • Fulfilling obligations provided for by law, regulation, EU legislation, or an order of the Authority;
  • Safeguarding the vital interests of the data subject or another natural person;
  • Performing tasks of public interest or connected to the exercise of public authority vested in the data controller;
  • Preventing or detecting fraudulent activities or harmful abuse to the website;
  • Pursuing the legitimate interests of the Data Controller or third parties, within the limits and conditions set out in art. 6, letter f), GDPR;
  • Exercising the rights of the Data Controller, (for example, the right to defend legal claims).

B) Only with your specific and unequivocal consent (art. 23 and 130, Privacy Code and art. 7, GDPR), for the following Marketing Purposes:

  • Sending newsletters, commercial communications, and/or advertising material via email about products and/or services, different and/or dissimilar from those already purchased, offered by the Data Controller.

Nature of personal data provision

The provision of your Data for the purposes described in point 2, letter A), no. i and ii) is necessary. Without the provision, we cannot guarantee your registration on the Site, nor the possibility to process your requests.

The provision of Data for the purposes described in point 2, letter b), is instead optional. You can decide not to provide any data or revoke the possibility of processing by us of data provided previously. In this case, you will no longer receive our newsletters, while you will continue to receive our services and maintain the right to register on the site.

Processing methods

The processing of your personal data is carried out through the operations indicated in art. 4 of the Privacy Code and art. 4, no. 2), GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. The processing of your Data will be based on the principles of fairness, lawfulness, and transparency and may also be carried out through automated methods aimed at storing, managing, and transmitting them and will take place using suitable tools, to the extent reasonably possible and in accordance with the state of the art, to ensure security and confidentiality through the use of appropriate procedures to prevent the risk of loss, unauthorized access, unlawful use, and dissemination.

Data retention period

The Data Controller will process personal data for the time necessary to fulfill the purposes outlined above and for no more than 2 years from the collection of data for Marketing Purposes. After this retention period, the data will be destroyed or anonymized.

Data access

The personal data processed by the Data Controller will not be disclosed, meaning they will not be made known to unspecified individuals in any form, including making them available or simply consulting them. However, they may be communicated to employees working for the Data Controller and to certain external parties collaborating with them. In particular, your data may be made accessible to:

  • Employees and collaborators of the Data Controller, authorized consultants managing the website and providing related services (for example: customer services, IT department, etc.), in their capacity as internal Data Processors and/or Data Controllers and/or System Administrators;
  • Third-party companies or other entities (for example: banks, professional firms, consultants, insurance companies, etc.) performing outsourcing activities on behalf of the Data Controller, in their capacity as external Data Processors and/or Data Controllers.

Your data may also be communicated, to the extent strictly necessary, to parties authorized to access them under provisions of law, regulations, or EU laws.

Data communication

Without your express consent (pursuant to art. 24, letters a), b), d), of the Privacy Code and art. 6, letters b), c), of the GDPR), the Data Controller may communicate your data for the purposes indicated to Supervisory Authorities, Judicial Authorities, as well as to all other subjects to whom communication is mandatory by law for the fulfillment of said purposes.

Data transfer

The management and storage of personal data will take place on servers owned by the Data Controller and/or third-party companies duly appointed as Data Processors, located within the European Union, or in accordance with the provisions of Articles 45 and following of the GDPR. Currently, the servers are located within the European Union. The data will not be transferred outside the European Union. However, it is understood that, if it becomes necessary to transfer the location of the servers, either in Italy and/or the European Union and/or countries outside the EU, such transfer will always take place in compliance with Articles 45 and following of the GDPR. In any case, the Data Controller ensures in advance that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by entering into agreements, if necessary, to guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.

Browsing data

The computer systems and software procedures used to operate the website may acquire, during their normal operation, certain personal data, the transmission of which is implicit in the use of Internet communication protocols. These are information not collected to be associated with identified individuals, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified (e.g., parameters relating to the user’s operating system and computer environment). Such data is used by the Data Controller solely for the purpose of obtaining anonymous statistical information about the use of the website and to ensure its proper functioning, and is deleted immediately after processing. This data may also be used to ascertain responsibility in the event of hypothetical computer crimes against the website.

Cookies

When you use our website, cookies are stored on your computer. Cookies are made up of small text files that are saved on your computer and provide us with certain information. They are widely used to make websites work or work more efficiently to improve the user experience, as well as to provide certain information to the site owners. Our site uses cookies that remain on your computer for different periods. Some expire at the end of each session and some remain longer so that when you return to our site, you can benefit from a better user experience. Web browsers allow you to exercise some control over cookies through browser settings. Most browsers allow you to block cookies or block cookies from certain sites. Browsers can also help you delete cookies when you close the browser. However, you should keep in mind that this may mean that any opt-outs or preferences you have set on the site will be lost. We encourage you to consult the technical information about your browser for instructions. If you choose to disable cookie settings or refuse to accept a cookie, some parts of the service may not function properly or may be significantly slower.

Rights of the data subject

As the data subject, you have the rights provided for in Article 7 of the Privacy Code and Article 15 of the GDPR, specifically the rights to:

  • Obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
  • Obtain: a) the origin of the personal data; b) the purposes and methods of the processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the data controller, data processors, and the designated representative pursuant to Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as designated representatives in the territory of the State, data processors, or persons in charge;
  • Obtain: a) updating, rectification, or, where interested, integration of data; b) the erasure, transformation into anonymous form, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been notified, as also related to their contents, to those to whom the data were communicated or disseminated, except where such fulfillment proves impossible or involves a manifestly disproportionate effort compared to the right being protected;
  • Object, in whole or in part, a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, using automated calling systems without the intervention of an operator, by email and/or traditional marketing methods by telephone and/or postal mail. It is noted that the data subject’s right to object, as outlined in the previous point b), to direct marketing purposes using automated methods also extends to traditional methods, and in any case, the data subject retains the possibility to exercise the right to object only in part. Therefore, the data subject may choose to receive communications only via traditional methods or only automated communications, or none of the two communication types.

Where applicable, you also have the rights provided for in Articles 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.

Exercise of rights

You have the right to request from the Data Controller access to your Data, their rectification or erasure, the integration of incomplete Data, the restriction of processing; to receive the Data in a structured, commonly used, and machine-readable format; to revoke any consent given regarding the processing of your sensitive data at any time and to object in whole or in part to the use of the Data; to lodge a complaint with the Authority, as well as to exercise other rights recognized by the applicable regulations.

You may exercise your rights at any time by sending:

  • A registered letter with return receipt to TECHNICONSULT FIRENZE S.r.l. Società Benefit and TECMA S.r.l. Società Benefit – Via Carlo del Greco 25/A, 50141 Florence
  • An email to the following address info@tcfirenze.com

Minors

If the individual providing the data is under the age of 14, such processing is lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility for whom the identifying data are collected.

Data controller, data processors, and authorized personnel

The Data Controller is the company TECHNICONSULT FIRENZE S.r.l Società Benefit and TECMA S.r.l. Società Benefit – located at Via Carlo del Greco 25/A, 50141 Florence. The updated list of Data Processors and authorized personnel for data processing is kept at the Data Controller’s headquarters.

Changes to this policy

This Policy may undergo variations. Therefore, it is advisable to regularly check this Policy and refer to the most updated version.