Privacy information & contact form
Privacy Policy pursuant to article 13 Regulation UE 2016 2016/679
Reference legislation:
- EU Regulation No. 679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of personal data (referred to hereinafter as “EU Regulation”)
- Legislative Decree No. 196 of 30 June 2003 (referred to hereinafter as the “Privacy Code”), as amended by Legislative Decree No. 101 of 10 August 2018
ICOS S.p.A., referred to hereinafter as “ICOS”, a member of the SeSa S.p.A. Business group, wishes to inform users of the terms and conditions applied to personal data processing operations.
The processing of personal data relating to legal persons does not fall within the scope of the personal data protection regulations set out in EU Regulation 2016/679. For the sake of clarity and transparency, ICOS also makes this privacy policy statement available to legal persons, describing the methods and purposes of all processing operations that it performs or is entitled to perform on the personal data of data subjects as defined below.
ICOS acts in the capacity of “Data Controller”, meaning “the natural or legal person, public authority, service or other body which, either alone or jointly with others, determines the purposes and means of the processing of personal data”.
Specifically, the processing of personal data of data subjects may be carried out by parties specifically authorised by ICOS to carry out processing operations.
This policy concerns “data subjects”, meaning the natural persons to whom the personal data refer, i.e. all those persons acting in the name and on behalf of the legal entity of the partner whose personal data are processed by ICOS.
1) Purpose and legal basis of the processing of personal data
ICOS collects and processes personal data for the following purposes:
a) the performance of pre-contractual activities and the acquisition of preliminary information for the purpose of entry into the agreement;
b) the fulfilment of contractual obligations (e.g.: administration, accounting, contract management, invoicing/payment services);
c) the management of relations between you and ICOS (e.g.: handling disputes, credits resulting from an agreement or collateral documents, factoring).
In relation to the purposes listed in points a), b) and c), processing takes place to fulfil contractual/pre-contractual and legal obligations connected to the relationship established with ICOS; consequently, consent to the processing is not required.
2) Nature of the supply of personal data
The provision of personal data is compulsory when there is a legal or contractual obligation to provide such data. The provision of personal data necessary for pre-contractual obligations is also compulsory. Refusal to provide such ‘’compulsory‘’ personal data may result in failure to finalise the agreement. Refusal to provide personal data that are strictly functional to the pursuit of contractual relations but are not compulsory will, in principle, have no consequences other than the potential impossibility to pursue operations connected with such personal data or the impossibility to establish new relations.
3) Personal data processing methods and retention period
Personal data will be processed lawfully and fairly and always in compliance with the applicable legislation, using instruments that guarantee security and confidentiality; the personal data will be processed mainly using IT tools to save, manage and transmit the data.
Processing will be carried out, mainly, by the internal organisation of the Data Controller under the direction and control of the corporate functions in charge, or by staff appointed specifically for this purpose.
With reference to the other subjects that may process the personal data of the Data Subjects, please see point 4 of this policy.
Personal data will be stored in a form that allows the identification of the Data Subjects for a period of time not exceeding that necessary for the purposes for which they are collected and processed. In particular, in relation to the management of the contractual relationship, personal data will be retained for the period of time defined by the reference legislation and, upon termination of the contractual relationship, for the ten-year term in force for the retention of statutory data.
4) Recipients of personal data.
In relation to the personal data of the data subject, ICOS may issue communications arising from an obligation imposed by EU law, regulation or standards. For the purposes referred to in point 1, lett. a), b), c) of this policy (i.e. for the purposes related to the fulfilment of the agreement, pre-contractual measures and the management of the relationship between you and ICOS), your personal data may be communicated, without your consent, to Companies belonging to the SESA Group, controlled by or related to ICOS pursuant to art. 2359 of the Italian Civil Code (falling within ATECO product categories J62, J63 and M70 concerning IT and business consulting products and services).
Communication, also by simply consulting the personal data of the data subjects or making them available, may also be issued to the following parties:
a) public entities, supervisory bodies, authorities or institutions;
b) natural or legal persons providing specific services, such as data processing and customer satisfaction surveys, administrative, tax and accounting consultants, organisers of trade fairs and communication events;
c) commercial intermediaries, banks and credit institutions, legal advisory companies, financial brokerage companies, natural or legal persons in charge of credit recovery, auditing and certification of financial statements and quality systems, self-employed associates of ICOS, agents and reporters, insurers and brokers;
d) natural and/or legal persons requesting references/data for the purpose of participation in public tenders, or within the scope of the fulfilment of supply agreements with customers by ICOS.
The parties referred to in points a), c), d) operate as independent Data Controllers. The subjects referred to in point b) operate in their capacity as specially appointed data processors. However, only the personal data necessary and pertinent to the purposes stated in this policy are disclosed to the aforementioned parties. The list of such third parties shall be constantly updated and accessible upon request to ICOS.
Where necessary for the fulfilment of the contractual relationship, personal data may be disclosed to third party data controllers represented by Vendors who manufacture the products covered by the sales agreement and reside in third countries outside the EU or the European Economic Area on the basis of the existence of decisions of adequacy of the European Commission or on the basis of duly adopted model contractual clauses or specifically authorised binding corporate rules. Personal data will not be disclosed to the public or to an indefinite number of persons.
5) Rights of data subjects under Articles 15, 16, 17, 18, 20 and 21 of the EU Regulation
Each data subject may exercise the rights of access to personal data envisaged in article 15 of the EU Regulation and the rights envisaged in articles 16, 17, 18, 20 and 21 of the EU Regulation concerning the rectification, deletion, restriction and portability of personal data, where applicable, and objection to the processing of personal data.
The rights may be exercised by writing to the following address: [email protected]
If ICOS does not respond to the request made by each data subject within the timeframe envisaged by legislation, or if the response to the exercise of rights is inadequate, the data subject may lodge a complaint with the Personal Data Protection Authority. The contact details are as follows:
Garante per la Protezione dei Dati Personali
Piazza Venezia n. 11 – 00187 Rome (Italy)
Fax: (+39) 06.69677.3785
Switchboard: (+39) 06.69677.1
E-mail: [email protected]
Certified Email (PEC): [email protected]
6) Data Protection Officer
Please note that SeSa S.p.A., holding company of the business group to which ICOS belongs, has appointed a Data Protection Officer. The Data Protection Officer monitors compliance with the regulations on the processing of personal data and provides the necessary advice. Furthermore, where necessary, the Data Protection Officer cooperates with the Data Protection Authority.
The contact details of the Data Protection Officer are as follows:
E-mail: [email protected]