2. Controller. Data Protection Officer
2.1. The “controller” (within the meaning of Article 4(7) of the GDPR) is: Octo Telematics S.p.A., with registered office at Via Lamaro, 51 00173 Roma – Italy, Tel.: +39 (06) 726 53 41 – Fax: +39 (06) 729 01 45, email email@example.com.
2.2. The Users may also contact OCTO’s Data Protection Officer, also in order to exercise their data protection right as detailed in paragraph 7, at the following contact details:
Octo Telematics S.p.A.
Via Vincenzo Lamaro, 51
3. Modalities of the processing. Sharing of personal data
3.1. Personal data relating to the services provided by this Website are processed through paper and electronic means by OCTO’s personnel (technical staff) expressly authorized or by Data Processors duly appointed by Octo. Personal data are stored on OCTO’s proprietary servers in Italy. No information deriving from the web services is passed on or disclosed to third parties acting as autonomous controllers.
3.2. We will never share Users’ personal data with any third party that intends to use it for direct marketing purposes, unless we have specifically informed Users and the same Users have given us specific consent to do this.
3.3. We may share Users’ personal data with:
a) companies of the OCTO Group;
b) third party suppliers;
c) other third parties as part of a corporate transaction such as a merger or sale of assets; public authorities and entities, for legal and tax purposes, or, possibly, in order to protect the business as well as the customers, staff or suppliers of OCTO. In some cases, OCTO may be requested to communicate the personal data in accordance with the legitimate orders from public authorities and to meet the national security requirements or comply with statutory provisions.
3.5. OCTO will only process personal data in countries located in the European Union and will not carry out any cross-border transfer of personal data outside the EEA, unless such transfer is based on principles stated by artt. 45 – 49 of the GDPR, including (a) the EU Commission standard contractual clauses; (b) EU Commission’s decisions of adequacy pertaining to the countries to which Data are transferred; (c) binding corporate rules adopted by OCTO Group or by OCTO’s designated processors or sub-processors, (d) consent, contractual obligations or other requirements referred to in art. 49 of the GDPR.
4. Type of data: Browsing data, Cookies
4.1. In the normal course of operation, the information systems and software procedures involved in the operation of this Website acquire certain items of personal information, the transmission of which is implicit in the use of internet communication protocols.
4.2. The information in question is not collected in order to be associated with specific Users, but could by its very nature allow the identification of these Users as a result of processing and association with information held by third parties.
4.3. This category of information includes IP addresses or domain names of computers used by Users who connect to the Website, addresses of the required resources in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.) and other parameters pertaining to the User’s operating system and information technology environment.
4.4. The above information is used solely for the purpose of (a) enable Users to move around it and to use its features (technical cookies). Without these essential cookies, we may not be able to provide certain services or features and our Website will not perform as smoothly for Users as we would like; (b) obtaining anonymous statistical information (analytics cookies) on the use of the Website, and (c) using profiling cookies.
4.5. Cookies are small text strings that, as a result of navigation on websites, are transmitted and stored on User terminals, allowing the recognition of the same also in subsequent visits. The above mentioned cookies are placed directly by OCTO (so called “first party cookies”) or by a third party (so called “third party cookies”).
5. Information voluntarily shared by Users
5.1. The data collected by the Site also include personal data voluntarily sent by the User. The optional, explicit or voluntary sending of e-mails or other eventual personal data to the addresses indicated on this Website and/or the contact points on the same Website, entails the subsequent acquisition of the User’s (sender’s) e-mail address, required to respond to requests, and any other personal information included in the message and/or in the contact points. Specific information summaries will be progressively reported or displayed on certain pages of this Website that may be set up to provide specific services on request.
5.2. Referring to the paragraph above, the personal data and information that OCTO will process, if voluntarily sent by the data subject, could enclose:
– name and surname;
– telephone number;
– any additional data or notes provided by the User.
6. Purposes and legal basis of the processing
6.1. Personal data collected through the Website are used for the following purposes to:
b) obtain anonymous statistical information on the use of the Website (through analytics cookies). In such a case, the legal basis is represented by OCTO legitimate interest;
c) respond to the Users’ requests sent through e-mail and/or the contact points included in the Website. In such a case, the legal basis, represented by the Users’ request, is founded on the need to execute an agreement of which the data subject is a party or the execution of pre-contractual measures adopted upon data subject request;
d) send newsletters relating to informative material about OCTO. In such a case, the legal basis is represented by the Users express free consent;
e) the collection and processing of data by OCTO for marketing purposes. In this case, the legal basis is represented by the free consent of the Users.
6.3. For the purpose under par. 6.1 c) above, personal data will be retained as long as necessary in order to answer Users’ requests.
6.4 Data retention for the processing activities under paragraph 6.1 d) and e), personal data will be retained until the consent withdrawal (except for disputes, requests from competent authorities or applicable legal provisions).
7. Users’ rights
7.1. The Users, at any time and at no charge, can have and/or exercise the following rights, as specified in the GDPR:
a) the right to be informed on the purposes and methods of the processing;
b) the right of access;
c) the right to obtain a copy of the data held overseas and obtain information concerning the place in which such data are kept;
d) the right to ask for updating, rectification or integration of the data;
e) the right to request the cancellation, anonymization or blocking of the data;
f) the right to restrict the processing;
g) the right to object to the processing, wholly or partly, also where it is carried out through automated individual decision-making, including profiling;
h) the right to revoke the consent to the processing of the data freely and at any time, where required and duly provided;
i) the right to data portability, (i.e. to receive an electronic copy of User’s personal data, if the User would like to port his/her personal data to himself or a different provider);
j) the right to limitation of the processing;
k) the right to contact the data protection officer at the following e-mail address: firstname.lastname@example.org;
l) the right to lodge a complaint in front of the competent national data protection (as set out on the website https://www.garanteprivacy.it/) or judicial authority.
7.2. In order to exercise the rights mentioned above, please use the contact details in par. 2 above.