Privacy Policy Newsletter

This privacy policy aims to provide all the information regarding the processing of personal data carried out by Iumob S.r.l. when the user subscribes to the newsletter (as better specified below).

1. INTRODUCTION – WHO ARE WE?

Iumob S.r.l., with registered offices in Via Comelico, No. 3, 20135 Milano, Tax Code/VAT No. 07048770965, enrolled in the Company Register of Milan with the No. MI-1931950 (hereinafter the “Data Controller”), owner of the website https://www.iumob.it (hereinafter the “Website” or the “Site”), as the controller of personal data of the users who browse and are registered on the Website (hereinafter the “Users”) provides the following privacy policy according to Article 13 of EU Regulation 2016/679 dated 27 April 2016 (hereinafter, “Regulation” or “Applicable Law”).

2. HOW TO CONTACT US?

The Data Controller takes the utmost account of its Users’ right to privacy and protection of personal data. For any information related to this privacy policy, Users may contact the Data Controller at any time, using the following methods:

• Sending a registered letter with return receipt to the registered offices of the Data Controller (Via Comelico, 3, 20135 Milano);

• Sending an electronic mail message to the address privacy@iumob.it.

Users may also contact the Data Protection Officer (DPO) of the Data Controller, the contact data of which is reported below: Italian company Shibumi S.r.l. in the designated person of Avv. Lapo Curini Galletti – e-mail: dpo@iumob.it.

3. WHAT DO WE DO? – PROCESSING PURPOSES

By browsing the Website, the User can subscribe to the newsletter in order to kept up-to-date on the services, products and activities developed by the Data Controller (hereinafter, the “Service”).

In relation to the activities that may be carried out through the Website, the Data Controller collects personal data relating to the Users.

This Site and any services offered through the Site are reserved for individuals who are 18 years and over. Therefore, the Data Controller does not collect personal data relating to individuals under 18 years of age. Upon request of the Users, the Data Controller will promptly delete all personal data that has been involuntarily collected and related to subjects under the age of 18.

The personal data of the Users will be processed lawfully by the Data Controller pursuant to Article 6 of the Regulation for the following processing purposes:

1. executing the User’s request: the personal data of the Users are collected and processed by the Data Controller with the only purpose to execute the User’s request for the sending of the newsletter. Therefore, the User will receive a periodical newsletter from the Data Controller containing information, updates and news about the activities, products and services of the Data Controller. The personal data collected for this purpose include: name, surname, email address. No other processing will be carried out by the Data Controller in relation to the Users’ personal data. Without prejudice to what is stipulated elsewhere in this privacy policy, under no circumstances the Controller will make the personal data accessible to other Users and/or third parties;

2. administrative and accounting purposes, or to perform organizational, administrative, financial and accounting activities, such as internal organizational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;

3. legal obligations, or to fulfil obligations provided by the law, an authority, a regulation or European legislation.

The provision of personal data for the purposes of processing indicated above is optional but necessary; failure to provide the data will make it impossible for the User to receive the newsletter sent by the Data Controller.

In case of consent, the User may at any time revoke the same, making a request to the Data Controller in the manner indicated in paragraph 7 below.

The User can also easily oppose further sending of newsletter by clicking on the appropriate link for the revocation of consent, which is present in each email containing the newsletter. Once the consent has been revoked, the Data Controller will send the User an e-mail message confirming the revocation of the consent.

Personal data needed for processing purposes described in this paragraph 3 are indicated with an asterisk in the registration form on the Website.

4. LEGAL BASIS

Execution of the User’s request (as described in the paragraph 3, letter a) above): the legal basis is the Article 6, paragraph 1, letter a) of the Regulation, i.e. the provision by the data subject of consent to the processing of his or her personal data for one or more specific purposes.

Accounting-administrative purposes (as described in paragraph 3, letter b) above): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, since the processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract.

Legal obligations (as described in paragraph 3, letter c) above): the legal basis is Article 6, paragraph 1, letter c) of the Regulation, since the processing is necessary for compliance with a legal obligation to which the controller is subject.

5. PROCESSING METHODS AND DATA RETENTION PERIOD

The Data Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.

With regard to the purposes set out in paragraph 3 letter b) and c) above, the personal data of the Users will be retained for the time strictly necessary to carry out those purposes or, in any case, as necessary for the protection in civil law of the interests of both the Users and the Data Controller.

With regard to the purpose set out in paragraph 3 letter a) above, the personal data of the Users will be retained for the time strictly necessary to carry out those purposes explained in that paragraph and, in any case, as long as the User does not revoke his/her consent.

In any event, any retention periods provided for by law or regulations are not affected.

6. TRANSMISSION AND DISSEMINATION OF DATA

The User’s personal data may be transferred outside the European Union and, in this case, the Data Controller will ensure that the transfer is carried out in accordance with the Applicable Law and, in particular, in accordance with Articles 45 (Transfer on the basis of an adequacy decision) and 46 (Transfer subject to appropriate safeguards) of the Regulation.

The employees and/or collaborators of the Data Controller who are in charge of carrying out Website maintenance may become aware of the personal data of the Users. These subjects, who have been instructed by the Data Controller accordingly to article 29 of the Regulation, will process the User’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.

The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Data Controller as “Data Processors”, such as, for example, IT and logistic service providers functional to the operation of the Website, outsourcing or cloud computing service providers, professionals and consultants.

Users have the right to obtain a list of any data processors appointed by the Data Controller, making a request to the Data Controller in the manner indicated in paragraph 7 below.

7. RIGHTS OF THE DATA SUBJECTS

Users may exercise their rights granted by the Applicable Law by contacting the Data Controller as follows:

• Sending a registered letter with return receipt to the registered offices of the Data Controller (Via Comelico, 3, 20135 Milano);

• Sending an electronic mail message to the address privacy@iumob.it.

Users may also contact the Data Protection Officer (DPO) of the Data Controller, the contact data of which is reported below: Italian company Shibumi S.r.l. in the designated person of Avv. Lapo Curini Galletti – e-mail: dpo@iumob.it.

Pursuant to Applicable Law, the Data Controller informs that Users have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the data controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to aware of them as processors or agents.

Furthermore, Users have the right to obtain:

a) access, updating, rectification, or, when interested, integration of data;

b) the cancellation, transformation into anonymous form or the restriction of data processed in breach of the law, including data that does not need to be stored in relation to the purposes for which the data was collected or subsequently processed;

c) certification to the effect that notification has been supplied of operations as per letters a) and b), as also regards their content, to those to whom the data was communicated or disseminated, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.

Moreover, the Users have:

a) the right to revoke consent at any time, if the processing is based on their consent;

b) (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device);

c) the right to oppose to:

i) in whole or part, for legitimate reasons, the processing of personal data relating to him/her for legitimate reasons even pertinent to the purpose of collection;

ii) in whole or part, the handling of personal data for the purpose of sending advertising or sales materials or for the carrying out of market research or for commercial communication purposes;

iii) if personal data is processed for direct marketing purposes, at any time, to the processing of data for this purpose, including profiling to the extent that it is related to such direct marketing.

d) if it is deemed that the processing concerning his/her personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which he/she usually resides, in the one in which he/she works or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Authority, with registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).

The Data Controller is not responsible for updating all links viewed in this Privacy Policy, therefore, whenever a link does not work and/or is not updated, the Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.