Pursuant to Article 13 of EU Reg. 2016/679 (hereinafter GDPR), we inform you that PBC Legal processes the identification data of customers, suppliers and subjects who have voluntarily communicated, in direct contact or indirectly via telephone, mail, fax, e-mail or website their personal data to our offices.
According to the principle of accountability, PBC Legal guarantees that the processing of personal data is carried out in compliance with fundamental rights and freedoms, as well as the dignity of the interested party, with particular reference to confidentiality, personal identity and the right to protection of personal data.
In relation to the processing of personal data, the Data Controller provides, among other things, the following information:
- by "personal data" (pursuant to Article 4.1 of the GDPR), we mean any information concerning an identified or identifiable natural person ("interested party"); the natural person is considered identifiable if can be identified, directly or indirectly, with particular reference to elements such as a name, an identification number, location data, an online identifier or to one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social;
- by "processing" (pursuant to Article 4.2 of the GDPR), we mean any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
Identity and contact details of the Data Controller
Company name: PBC Services s.r.l.
Registered office address: Via Cola di Rienzo, 180 - 00192 Rome
Contact details email: info@pbclegal.it
Personal data collected
The personal data collected are essentially related to:
- Identification data (name and surname, e-mail address, telephone, etc.).
Type of data processed
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implied in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.
This information is not collected to be associated with identified interested parties, as the data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning, but by their very nature they could, through processing and associations with data held by third parties, allowing users to be identified.
It should be noted that the data could be used by the competent Authorities to ascertain responsibility in the event of hypothetical computer crimes.
Cookies
The site uses cookies to improve the user's browsing experience. For more information on the type of cookies used, the purposes and methods of disabling it, you can consult the specific section.
Data provided voluntarily by the user
To access some services reserved for users, it is necessary to register and enter some personal data.
The provision of some identification data is necessary to authenticate and verify the legitimacy of access, in the different levels of the reserved areas, to the subjects who access them. In no case will sensitive or judicial data be processed.
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.
Purpose
The data you provide may be processed for:
1) carrying out the operations strictly necessary in order to proceed with the provision of any services requested by you, including your navigation through the pages of the site;
2) the provision of technological services (mailing lists, newsletters, etc.), also by specifically authorized third parties;
3) activities imposed by laws, regulations or provisions for the execution of commercial orders;
4) statistical processing of aggregate data in relation to the performance of the site;
5) evaluations regarding the use of the site by users;
6) optimizing the commercial offer also through focused and selected analyses;
7) send advertising and/or commercial proposals based on the profiling of your data, implemented in order to highlight information and commercial proposals tuned to the interests you have expressed by accessing the pages and using the services available on this site.
On the pages of the site where your personal data are explicitly collected, you will find where necessary the additional specific privacy notices, as well as the methods for acquiring your consent in cases where the Data Controller uses this legal basis for processing.
Legal basis
The processing of your personal data will be carried out on the basis of one or more of the following conditions. In particular, the treatments carried out for the purposes described above, which concern:
Point 1 and point 2, have as their legal basis the need to execute your express requests to receive a service directly available through the site: it is therefore the provision of data strictly necessary and connected to a pre-contractual phase and/or contractual or functional to respond to your specific request, as such the data collected from time to time are mandatory and, if you do not intend to provide them, it will not be possible to provide the service or to respond to what you requested;
Point 3, will have as their legal basis the need to comply with a legal obligation such as the obligation to implement security measures provided for by specific laws of the banking/financial sector applicable to certain services provided through the site and as such these data and related treatments are mandatory;
Point 4, being anonymized data, i.e. data from which it is not possible to re-identify, even indirectly, a natural person, such data are no longer personal data, therefore the relative treatments are removed from the application of the privacy legislation and it is not necessary a particular legal basis
Points 5, 6 and 7, will have as their legal basis your informed and free consent, which will be requested on specific pages of the site and preceded by our specific information or via cookies (see section dedicated to the cookie policy). In this case, the provision of data is absolutely free, and in the absence of your consent the data will in no way be collected and used for such purposes. If you have provided your consent, you can revoke it at any time and starting from the revocation the data will not be further processed for these purposes. For the sake of clarity, we point out that the withdrawal of consent does not have retroactive effects on the data processed before the withdrawal itself.
Furthermore, if you are under the age of 16, for the processing of your data for these purposes it will be necessary to collect the authorization from the holder of parental responsibility towards you.
Where the Data Controller can make use of another legal basis (legitimate interest, public interest ...), specific and specific information will be provided.
Processing methods, security measures and storage times
All data will be processed mainly in electronic format. Personal data as well as any other information that can be associated, directly or indirectly, to a specific user, are collected and processed by applying technical and organizational security measures such as to guarantee a level of security appropriate to the risk, taking into account the state of the art and the costs of implementation, or, where applicable, security measures prescribed by specific legislation such as by way of non-exhaustive example: measures provided for by applicable provisions issued by the Guarantor Authority for the protection of personal data or by specific laws and regulations for the banking/financial industry and will be accessible only to specifically authorized personnel.
With reference to the protection aspects of personal data, you are invited, pursuant to art. 33 of the GDPR to report to the Data Controller any circumstances or events from which a potential "breach of personal data (data breach)" may arise in order to allow an immediate evaluation and the adoption of any actions aimed at remedying this event, by sending a communication to databreach@iccrea.bcc.it. We remind you that personal data breach means "the security breach that accidentally or unlawfully involves the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed".
The measures adopted by the Data Controller do not exempt the user/customer from paying the necessary attention to the use, where required, of a password/PIN of adequate complexity, which he must periodically update as well as carefully keep and make inaccessible to others.
The personal data processed will be stored in a form that allows the identification of the data subjects for a period not exceeding the achievement of the purposes for which they are processed, without prejudice to the need to keep them for a longer period following requests from the competent authorities for the prevention and prosecution of crimes or, in any case, to assert or defend a right in court.
Categories of recipients of personal data
Personal data will be processed by personnel specifically authorized by the Data Controller as well as by third parties, also possibly established in foreign countries with respect to the European Union, only if this is necessary for the needs of operation and maintenance of the site and the services made available through the site itself, without prejudice to any obligations established by law (eg: inspections by the tax authority).
In no case will they be disclosed to the public.
As required by the GDPR, the Data Controller appoints third-party companies that carry out all or part of the activities in question exclusively on behalf of the Data Controller. In the event of the involvement of third parties established in foreign countries with respect to the European Union, the appropriate guarantees corresponding to the adequacy decisions issued by the European Commission and/or by the Italian Data Protection Authority for the protection of personal data from time to time appropriate to the case.
The personal data provided by users who submit requests to send information material (various documentation, reports, answers to questions, publications, etc.) are used for the sole purpose of carrying out the service requested and are communicated to third parties only in the case where this is necessary for the purpose (example: publication delivery service).
Rights of interested parties
In relation to the processing of your personal data carried out through this site, at any time, as an interested party, you can exercise the rights provided for by the GDPR. In particular, you may:
Access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and possible consequences for the data subject, if not already indicated in the text of this Notice;
Obtain without delay the correction of inaccurate personal data concerning you;
Obtain, in the cases provided for by law, the cancellation of your data;
Obtain the limitation of the processing or to oppose it, when such opposition is admitted on the basis of the provisions of the law applicable to the specific case;
In the cases provided for by law, request the portability of the data you have provided to the Data Controller, i.e. to receive them in a structured format, commonly used and readable by an electronic device, and also request to transmit such data to another data controller, if technically feasible;
Where you deem it appropriate, lodge a complaint with the competent authority.
For the processing of personal data for which the legal basis is consent, you can always revoke it and exercise the right to object to direct marketing.
To exercise these rights, simply contact the Data Controller by referring to the contact details indicated at the beginning of this Notice.
For further information regarding your rights and privacy regulations in general, we invite you to visit the website of the Italian Data Protection Authority for the protection of personal data, at http://www.garanteprivacy.it/
Information published on: 1 February 2022