privacy policy
This Information (privacy policy) on the processing and protection of personal data to the Data Subject/User is made for the protection of confidentiality in accordance with the legislation on the protection of personal data (EU Reg. No. 2016/679 GDPR, Legislative Decree No. 196/2003 Privacy Code and to the Provisions of the Guarantor for the Protection of Personal Data GDPD).
IDENTITY AND CONTACT INFORMATION OF THE DATA CONTROLLER
iDUCK S.r.l. “IDER” (P.IVA IT 08644270012), with registered office in Turin, Via Cavour No. 42, email: privacy@iduck.it.
CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The Data Controller has designated a Data Protection Officer (DPO), whose contact details are: Lawyer Rudy Caltagirone, email: caltagirone@legaladvisory.it.
PURPOSE, LEGAL BASIS OF PROCESSING AND COMMUNICATION OF PERSONAL DATA
Personal data of users who use the App (Application) I DUCK – IDER are managed for the purpose of processing (the purpose is the purpose for which personal data are processed) as described below:
APP USE-APPLICATION AND PROFILE-USER ACCESS AT DATA CONTROLLERS
PURPOSE OF PERSONAL DATA PROCESSING: the purpose of the correct and complete execution of the functionality of the application that allows direct access to your profile at other data controllers, partners of IDER, as well as features such as: banners, notifications and messages to allow the proper functioning of the App.
LEGAL BASIS FOR PERSONAL DATA: The processing is necessary for the performance of a contract to which the data subject is a party or the execution of pre-contractual measures, the communication of data is mandatory, otherwise the App will not be able to function.
DISSEMINATION AND RECIPIENTS OF PERSONAL DATA
To enable the operation of the application, personal data are necessarily disclosed to the Data Controllers, IDER’s partners, in order to access your user profile held in IDER’s circuit company databases. The data will not be disseminated. The categories of recipients of personal data are: trade, IT, providers, communication agencies, professional firms and business consulting companies, banking and financial institutions, insurance institutions. All subjects are authorized as Data Processors.
DATA RETENTION PERIOD AND CRITERIA USED TO DETERMINE IT
Users’ personal data will be retained as long as the Application is kept active, in accordance with the principles of proportionality and necessity, personal data will be retained in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the data are processed, i.e. taking into consideration: the need to continue to retain users’ personal data in order to fulfill requests and to deliver agreed services (contractual obligations) and to comply with applicable regulations (regulatory obligations). In any case, unused users for a period of time longer than 1 year will result in the deletion of the user from IDER databases.
RIGHTS OF THE DATA SUBJECT AND THE RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY
The Interested Party may send a communication to I DUCK – IDER to exercise the rights:
To the revocation of consent, where given Access to personal data to obtain all information and copies of any processing of personal data
To the rectification of personal data
To the deletion (so-called right to be forgotten) of personal data
To the limitation of the processing of personal data
To opposition to the processing of personal data and the portability of personal data to lodge a complaint with the Data Protection Authority and/or other Data Protection Authority if it believes that rights have been violated by the Data Controller and/or a third party.
MODALITIES OF THE PROCESSING OF PERSONAL DATA
Personal data submitted through the registration procedures for our services are processed using mainly electronic means, recorded and stored on databases with specific security measures to prevent data loss, illegal or incorrect use and unauthorized access.
PLACE OF PROCESSING
Users’ personal data are processed at the headquarters of the Data Controller and at the authorized entities Responsible for data processing, stored on servers in the territory of the European Union. It is not the intention of I DUCK – IDER to transfer personal data to the territory outside the EU.
INFORMATION TO BE PROVIDED IF DATA IS OBTAINED FROM OTHER DATA CONTROLLERS (art. 14 GDPR)
In the event that personal data have been provided by the data subject to a Data Controller other than the present one, in addition to the Information outlined above, I DUCK – IDER shall disclose, upon simple request of the data subject, the source from which the personal data originated.