https://grimnetwork.it, Grim Network s.r.l. with registered office in via Divisione Aqui, 29, 70014 Conversano ( BA ), IT, VAT IT07653270723 (hereinafter referred to as “Data Controller”), as data controller, informs you under art. 13 D. Lgs. 30.6.2003 n. 196 (hereinafter referred to as “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereinafter referred to as “GDPR”) that your data will be processed in the manner and for the following purposes:
1. Scope of Processing
The Data Controller processes personal data, such as name, surname, company name, address, telephone number, e-mail, VAT number, tax number, bank, and payment references, purchase information, and cookies information (hereinafter referred to as “personal data” or even “data”). Personal data is communicated by You when concluding contracts for Data Controller services by filling out contact/registration forms or through interaction with the site.
1.1 COOKIES: If you leave a comment on our site, you can choose to save your name, email address, and website in the cookies. Cookies are used for your convenience so that you do not have to re-enter your data when you leave another comment. These cookies will last for a year. If you have an account and log in to this site, a temporary cookie will be set to determine if your browser accepts cookies. This cookie does not contain any personal data and is automatically deleted when you close your browser. When you log in several cookies will be set to save your login information and screen display choices. Access cookies last two days, while cookies for screen display options last one year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, access cookies will be removed. If you modify or publish an article, an additional cookie will be saved in your browser. This cookie does not include personal data but just indicates the ID of the newly modified article. It expires after one (1) day.
1.5 INTERACTION WITH DATA COLLECTION PLATFORMS AND OTHER THIRD PARTIES: This service allows Users to interact with data collection platforms or other services directly from this Application to save and reuse data. If one of these services is installed, it is possible that, even if the Users do not use the service, the same collect Usage Data relating to the pages in which it is installed. Our site uses:
2. Purpose of the Processing
Your data are processed:
A) without your express consent (Art. 24 lett. a), b), c) Privacy Code and Art. 6 lett. b), e) GDPR), for the following Service Purposes:
- conclude contracts for the services of the Owner.
- to fulfill pre-contractual, contractual, and tax obligations arising from existing relationships with You.
- to fulfill obligations required by law, regulation, Community law, or an order of the Authority (such as in anti-money laundering).
- exercise the rights of the Data Controller, for example, the right of defense in court proceedings.
The Data Controller may retain the data sent for the exclusive purpose of guaranteeing the service requested by the visitor; such data will not be used for commercial, marketing, or profiling purposes by the Data Controller.
The visitor who uses these services is aware that data will be sent to third parties. In the absence of methods relating to the use of data by third parties for the service provision, the visitor has the right to ask the Owner for the destination and sending data methods. The Data Controller is exempt from any liability regarding the misuse of data by third parties.
B) Only with your specific and separate consent (art. 23 and 130 Privacy Code and art. 7 GDPR) for the following Marketing Purposes:
- send you by e-mail, post and/or SMS and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Owner and recognition of the degree of satisfaction on services quality.
- send you by e-mail, post and/or SMS and/or telephone contacts commercial and/or promotional communications of third parties (for example, business partners, insurance companies, other companies of Grim Network s.r.l.).
We inform you that if you are already our customers, we may send you commercial communications relating to services and products of the Data Controller, like those of which you have already benefited unless you disagree (art. 130 c. 4 Privacy Code).
3. Methods of Treatment
Your data processing is carried out employing the operations indicated in art. 4 Privacy Code (and art. 4 n. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction of data. Your data are subject to both paper and electronic and/or automated processing.
The Data Controller will process personal data for the time necessary to fulfill the purposes mentioned above. In any case, this will happen for no more than ten (10) years from the termination of the relationship for the Service Purposes. And, no more than two (2) years from the data collection for Marketing Purposes, except for automatic cancellations made by the third-party software referred to in point 1.
4. Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
- to employees and collaborators of the Data Controller or of Grim Network s.r.l. companies in Italy and abroad, in their capacity as persons in charge and/or internal data processors and/or system administrators.
- to third-party companies or other entities (for reference purposes, credit institutions, professional studios, consultants, insurance companies for the provision of insurance services, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
5. Communication of data
With no need of expressing consent (ex-art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to: supervisory bodies (such as IVASS), judicial authorities, insurance companies for the provision of insurance services, as well as to those entities to whom communication is mandatory by law for the accomplishment of said purposes. These entities will process the data in their capacity as independent data controllers.
Your data will not be disclosed.
6. Transfer of data
Personal data are stored on servers located in Roubaix (France) and Strasbourg (France) within the European Union. It remains, in any case, understood that the Data Controller, if necessary, will have the right to move servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place following the applicable legal provisions before the stipulation of the standard contractual clauses provided by the European Commission.
7. Nature of the provision of data and consequences of refusal to reply
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we will not be able to guarantee the Services.
The provision of data for the purposes referred to in art. 2.B) is instead optional. Therefore, you may decide not to provide any data or subsequently deny the possibility of processing data already provided. In this case, you may not receive newsletters, commercial communications, and advertising material relating to the Services offered by the Data Processor. However, you will continue to be entitled to the services referred to in art. 2.A).
8. Rights of the data subject
As a data subject, you have the rights referred to in art. 7 of the Privacy Code and art. 15 of the GDPR and precisely the rights to:
- obtain confirmation of the existence or not of personal data concerning You, even if not yet recorded, and their communication in intelligible form.
- obtain the indication of: a) the origin of the personal data; b) the purposes and methods of the processing; c) the logic applied in the case of processing carried out with the help of electronic means; d) the identification details of the Owner, of the responsible persons and the appointed representative under art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, as managers or persons in charge.
- obtain: a) the update, the rectification or, when interested, the integration of the data; b) the cancellation, the transformation into anonymous form or the blocking of the data processed in violation of the law, including those for which storage is not necessary concerning the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also about their content, of those to whom the data have been communicated or disseminated, except where such fulfillment proves impossible or involves the use of means manifestly disproportionate to the right protected.
- oppose, in whole or in part: a) for legitimate reasons to the processing of personal data concerning You, even if pertinent to the purpose of the collection; b) the processing of personal data concerning You to send advertising material, or direct sales, or for carrying out market research, or commercial communication, by the use of automated call systems without the intervention of an operator by e-mail and/or by traditional marketing methods by telephone and/or paper mail. Please note that the right of opposition of the person concerned, set out in point b above), for direct marketing purposes employing automated methods extends to the traditional ones and that the possibility for the interested party to exercise the right to object, even in part, is not affected. Therefore, the interested party may decide to receive only communications through traditional methods or automated communications or neither of the two types of communication.
Where applicable, it also has the rights referred to in art. 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right of opposition), as well as the right to complain to the Guarantor Authority.
9. Procedure for exercising rights
You can exercise your rights at any time by sending:
- a registered letter with return receipt to Grim Network s.r.l. with registered office in via Divisione Aqui, 29, 70014 Conversano ( BA ), IT
- a PEC e-mail at [email protected]
10. Owner, manager, and persons in charge
The Data Controller, Grim Network s.r.l. with registered office situated in via Divisione Aqui, 29, 70014 Conversano ( BA ), IT – VAT IT07653270723
The updated list of data processors and persons in charge of the processing is kept at the Data Controller registered office.