On this page, we inform you of the characteristics of the processing of your personal data carried out by Axerve S.p.A. (hereinafter 'Axerve). In particular, here, information is provided on:
The Data Controller of your personal data is Axerve S.p.A., with registered office in Biella (BI) - 13900, Piazza Gaudenzio Sella, n. 1 - Tel. 015 2526511.
The Data Protection Officer (hereinafter also referred to as "DPO") may be contacted at the following addresses:
The processing concerns your personal data due to the following roles at Axerve's client (hereinafter, "Data Subject"):
In particular, Axerve process:
a. the following categories of personal data:
to fulfilment a legal obligation to which the Axerve is subject, pursuant to Article 6(1)(c) of the Regulation, in order to comply with its obligations, with particular reference to regulations on taxation, anti-fraud, etc.
b. the following categories of personal data:
in performance of a contract or of pre-contractual measures, including the management of judicial and extra-judicial disputes, and provide assistance to customers, including when signing contracts, pursuant to Article 6(1)(b) of the Regulation.
c. The following categories of personal data:
based on your consent, pursuant to Article 6(1)(a) of the Regulation and where consent is not required, on the basis of our legitimate interest pursuant to Article 6(1)(f) of the Regulation:
d. The following categories of personal data:
to pursue Axerve's legitimate interest to identify the recipients of the commercial offer in order to offering products and services that best meet customer needs, pursuant to Article 6(1)(f) of the Regulation. Axerve carries out a prior assessment of the impact of this activity on the rights, interests and freedoms of the recipients. In addition, Axerve allows the same data subjects to not benefit further from this service through the option of cancellation from the list provided at each occasion of contact.
Within the limits of the specific purposes indicated above, the processing of your personal data is carried out by manual, computer and telematic means. Axerve adopts organisational and technical measures to guarantee the security and confidentiality of your personal data.
Axerve may communicate your data to third parties belonging to the following categories:
These persons, if the conditions are met, are appointed as Data Processors, pursuant to Article 28 of the Regulation.
The Company may allow access to the data, in traced mode, to the company Sella India Software Services Private Limited, based in India, on the basis of standard contractual clauses, approved by the European Commission, to guarantee the adequacy of data protection, for the following activities:
Personal data are not stored at the foreign company but are accessed remotely and continue to reside in the Company's information system.
Axerve keeps the data in a form that allows the identification of interested parties for a period of time necessary to achieve the specific purposes of the processing, in compliance with contractual and/or regulatory obligations.
At the end of the storage period, personal data relating to Data Subjects will be stored in a form that does not allow them to be identified (e.g. irreversible anonymisation), unless their processing is necessary for one or more of the following purposes:
We inform you that you, as a data subject, can exercise specific data protection rights, which are listed below:
The right to obtain confirmation from the Data Controller as to whether or not personal data are being processed and, if so, to obtain access to personal data and detailed information on the source, purposes, categories of data processed, recipients of communication and/or transfer of the data and much more.
The right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by providing a supplementary declaration.
Right to obtain from the Data Controller the erasure of personal data without undue delay in the event that:
personal data are no longer necessary for the purposes of the processing;
the consent on which the processing is based is revoked and there is no other legal basis for the processing;
the personal data have been processed unlawfully;
personal data must be deleted in order to fulfil a legal obligation.
Right to object at any time to the processing of personal data which have as their legal basis a legitimate interest of the Data Controller and/or to processing for marketing purposes, including profiling. In case of opposition to the processing for marketing purposes, personal data are no longer processed for these purposes.
Right to obtain from the Data Controller the limitation of processing, in cases where the accuracy of personal data is disputed (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject has opposed the processing.
Right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another data controller, only for cases where the processing is based on consent or contract and only for data processed by electronic means.
without prejudice to any other administrative or judicial remedy, an individual who considers that his or her processing is in breach of the Regulation has the right to lodge a complaint with the ICO at the following link https://ico.org.uk/make-a-complaint/data-protection-complaints/.
We also inform you that, at any time, you have the right to withdraw the consent given to specific optional activities, without prejudice to the lawfulness of the processing performed prior to the withdrawal.
To exercise your rights, you may forward your request to the following addresses:
Axerve provides you with information regarding the action taken in relation to your request without undue delay and at the latest within one month from receipt of your request.
Axerve does not require you to provide your particular data (by way of example but not limited to; personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or life, or the sexual orientation of the person). However, Axerve can incidentally process them to execute your specific requests for services and operations (e.g. request for payment of membership fees to political / trade union organizations, transfers to religious associations, etc.). For this reason, pursuant to art. 9 of the Regulation, the Data Controller is required to request your specific consent to the processing of these data. Axerve only processes this information to fulfil legal obligations and/or to perform the contract.
Profiling activity to personalise the services and/or products we offer you concerns personal data that you provide directly and/or indirectly, as well as data available on social networks, websites, external databases (e.g. credit information systems) and public archives (e.g. ISTAT data). These data are processed, in pseudonymized form (therefore without identification of the subject), to evaluate your propensity to purchase a product of Axerve or of other Companies of the Banca Sella Group or of other third parties and to offer you, consequently, products and services that meet your needs.
The profiling activity is partly carried out by Sella India Software Services Private Limited, based in India.
We also inform you that your personal data are processed for profiling activities for direct marketing for a period not exceeding 12 months from their collection.
This processing activity takes place within the limits described in this information notice and it is subject to your optional consent. You have the right to object at any time to the profiling for the personalisation of the commercial offer. In case of opposition, your personal data will no longer be processed for this purpose.
Personal Data Protection Authority
Independent administrative authority established by Italian Law no. 675 of 31 December 1996 responsible for supervising compliance with regulations on data protection.
Pursuant to art. 4, paragraph 1, no. 1 of the Regulation, this means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Pursuant to art. 4, paragraph 1, no. 4 of the Regulation, this means “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.”
Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Pursuant to art. 4, paragraph 1, no. 8 of the Regulation, this means “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”
Data Protection Officer (DPO)
Figure introduced by the Regulation, with the main duties of informing and providing consulting to the Data Controller and Data Processors with respect to data protection; supervising observance of the Regulation; providing opinions on the data protection impact assessment; cooperating with the supervisory authority.
Pursuant to art. 4, paragraph 1, no. 7 of the Regulation, this means “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data [...].”
Personal data processing
Pursuant to art. 4, paragraph 1, no. 2 of the Regulation, this means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”