Customer Privacy Notice
INTRODUCTION
The following General Privacy Notice for Customers refers exclusively to the processing of personal data managed by Be2Net Srl, acting as Data Controller, for the purposes of executing contracts with customers and the related support and training services, as well as for commercial development and marketing purposes.
With reference to any processing of personal data carried out by Be2Net Srl on behalf of the customer acting as Data Controller, in its role as Data Processor, in the management of software applications provided to customers or storage and/or cloud services, please refer to the provisions set out in the agreements between the Data Controller and the Data Processor signed by the parties.
GENERAL CUSTOMER PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679 (“GDPR”)
1. Data Controller and Data Processors
The Data Controller is BE2NET S.R.L., with registered office at Via Orzinuovi 73, 25125 Brescia, Tax Code and VAT No. 04329120986; Be2Net Srl has appointed its own Data Protection Officer (DPO), who can be contacted for any request at the email address dpo@be2net.it.
The updated list of Data Processors is kept at the registered office of the Data Controller.
2. Subject of the Processing – Categories of personal data processed
The Data Controller processes the personal data of your representatives, understood as common identifying data for business contact purposes (such as name, surname, address, telephone number, email address), communicated by you when defining and/or concluding contracts as Customers for the Controller’s services or during the contractual relationship. The Customer receiving this notice undertakes to provide it to their representatives whose data are processed by the Controller.
The Data Controller may also process the personal data of your representatives, understood as common identifying data for business contact purposes (such as name, surname, address, telephone number, email address), obtained from third-party Data Controllers (e.g. trade fair organizations) who have obtained their lawful consent for transfer for commercial contact purposes.
3. Purposes and legal bases of the processing
3.1 Contractual and pre-contractual purposes:
Legal bases:
3.1.1 the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject’s request;
3.1.2 the processing is necessary to comply with legal obligations, regulations, EU legislation, or orders from Authorities;
3.1.3 the processing is necessary to pursue the Data Controller’s legitimate interest in legal defense.
3.2 Commercial development and marketing purposes: to send you (by email) commercial or marketing communications relating to the Controller’s products or services.
Legal bases:
3.2.1 based on the legitimate interest of the Data Controller (so-called Soft Spam), if you have already purchased our products or used our services and for products/services similar to those already used, unless you object;
3.2.2 based on your explicit and specific consent provided to us or to third parties from whom the data were obtained.
4. Processing methods and retention period
The processing of your personal data may be carried out through the operations indicated in Article 4(2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data may be processed both in paper and electronic form.
The Data Controller will process personal data for the time necessary to fulfill the contractual purposes set out above and in any case for no longer than 10 years from the termination of the contractual relationship. For marketing purposes, the Data Controller will process personal data for the time strictly necessary to fulfill the purposes for which they were collected, for the period provided by law or by authority provisions. Upon your decision to withdraw consent or request removal from our commercial mailing list, your data will be promptly deactivated from our marketing databases so that you will no longer receive communications. In any case, personal data contained in previous communications will be retained for a period not exceeding 24 months from their registration, without prejudice to their transformation into anonymous form.
5. Access to data
Your data may be made accessible for the purposes set out in Article 3 above:
to employees and collaborators of the Data Controller in their capacity as authorized data processors and/or system administrators;
to third-party companies or other entities (by way of example, professional firms, consultants, insurance companies, credit institutions, etc.) that perform activities on behalf of the Data Controller, in their capacity as independent Data Controllers or external Data Processors appointed by the Data Controller.
6. Data disclosure
Pursuant to Article 6(b) and (c) GDPR, and therefore without the need for express consent, the Data Controller may disclose your data for purposes arising from the contractual relationship to judicial authorities and to those entities to whom disclosure is mandatory by law for the fulfillment of such purposes. These entities will process the data as independent Data Controllers.
Your data will not be subject to dissemination.
7. Data transfer
Personal data may be transferred, for the purposes set out in this notice and for archiving and storage needs, both within the European Union and to countries outside the European Union.
In any case, the Data Controller hereby ensures that transfers of data outside the EU will take place in compliance with applicable legal provisions.
8. Nature of data provision
The provision of data for the contractual purposes referred to in Article 3.1 is mandatory. In their absence, we will not be able to guarantee the performance of the contractual relationship.
The provision of data for marketing purposes referred to in Article 3.2 is optional; you may therefore decide not to provide any data or to subsequently deny consent for the processing of data already provided. In this case, you will not receive commercial communications or advertising material relating to the products or services offered by the Data Controller.
9. Data subject rights
By contacting the Data Controller via email at privacy@be2net.it, any data subject may exercise the rights set out in Article 15 GDPR, and in particular:
Obtain confirmation as to whether or not personal data concerning them exist, even if not yet recorded, and their communication in an intelligible form;
Obtain information on: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out with the aid of electronic instruments; d) the identification details of the Data Controller, Data Processors, and the designated representative pursuant to Article 3(1) GDPR; e) the entities or categories of entities to whom the personal data may be disclosed or who may become aware of them in their capacity as designated representative within the State, Data Processors, or authorized persons;
Obtain: a) updating, rectification, or, where interested, integration of data; b) erasure, anonymization, or blocking of data processed unlawfully, including data whose retention is not necessary for the purposes for which they were collected or subsequently processed; c) certification that the operations referred to in points a) and b) have been brought to the attention, including as regards their content, of those to whom the data have been disclosed or disseminated, except where this proves impossible or involves a manifestly disproportionate effort compared to the protected right;
Object, in whole or in part: a) on legitimate grounds to the processing of personal data concerning them, even if relevant to the purpose of collection; b) to the processing of personal data concerning them for the purpose of sending advertising material, direct sales, market research, or commercial communications, through automated contact systems without operator intervention via email and/or through traditional marketing methods such as telephone and/or postal mail. It is noted that the data subject’s right to object, as set out above under point b), for direct marketing purposes through automated means also extends to traditional methods, and in any case the data subject retains the possibility to exercise the right to object even only in part. Therefore, the data subject may decide to receive communications only through traditional methods, only through automated methods, or none at all.
Where applicable, the data subject shall also have the rights referred to in Articles 16–21 GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.
Finally, where the conditions are met, the data subject shall have the right to compensation for any damage suffered, as provided for by Article 82 GDPR.
Ref. GUL_INFO05 dated 16/02/2021