Privacy Policy
PRIVACY POLICY PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016 (“GDPR”) AND APPLICABLE PRIVACY LEGISLATION
DV Advisory srl, with registered office in Via Vittorio Bachelet, 12 – 00185, Rome, fiscal code and VAT no. 08102451005 (hereinafter, “DVA”) complies with the provisions relating to the protection of individuals with regard to the processing of personal data provided by the user for the activation and use of the Techcurrency Blog. In accordance with art. 13 of the GDPR and the applicable primary and secondary national legislation, DVA hereby provides the user with some information on the processing and use of the user’s personal data. The actions taken by DVA to comply with the legislation on the protection of personal data will be periodically updated by DVA. For anything not expressly provided for herein, the provisions of the current legislation on the protection of personal data shall apply.
Through the Techcurrency Blog it is also possible to access content and/or websites of third parties. The processing of the user’s personal data that is carried out on the occasion of and/or as a result of access and/or use of content and/or websites of third parties is illustrated and governed by the privacy policy of such third parties.
1. Data Controller
The data controller, who determines the purposes and means of the processing of personal data is DV Advisory Srl with registered office in 00185 – Rome, Via Vittorio Bachelet n. 12.
2. Sources of personal data
The personal data of the user subject to processing are provided by the user / collected by DVA in compliance with the provisions of the legislation on the protection of personal data.
3. Purpose of the treatment and legal basis of the treatment
3.1 The user’s data are collected and processed according to the principles of lawfulness, correctness and transparency, for the following purposes:
3.1.1 Purposes strictly related to the establishment and management of the contractual relationship relating to the licensing of use of the Techcurrency Blog and the provision of services available with the Techcurrency Blog and for the fulfillment of legal obligations (including but not limited to: sending information or service communications, etc.).
The processing of the user’s personal data also concerns, more specifically, the activity carried out by DVA and third parties that DVA uses also for maintenance, delivery of products and/or equipment, management of any complaints, fraud prevention, and to assert its rights in court.
The processing of the user’s personal data, including the communication of such data to the above mentioned subjects, does not require the user’s consent as the processing is necessary for the execution of obligations arising from the contract concerning the licensing of use of the Techcurrency Blog to the user and/or for the performance of services / provision of services available with the Techcurrency Blog. Without such data it will not be possible to provide the services / services to the user.
Therefore, any refusal of the user to provide such data may make it impossible to establish the contractual relationship or to provide the services / services related to the Techcurrency Blog.
The period of retention of the user’s personal data for these purposes is determined by the establishment and management of the contractual relationship between DVA and the user concerning the Techcurrency Blog, the provision of services available with the Techcurrency Blog, the fulfillment of legal obligations, and in any case for a period not exceeding the terms provided by applicable law.
Legal basis of the treatment: contractual relationship between DVA and the user and fulfilment of legal obligations.
4. Methods of treatment
4.1 The processing of the user’s personal data is carried out both manually and with the aid of electronic or automated means by DVA and/or third parties that DVA appoints as data processors and/or persons in charge of processing. The data are stored for the time prescribed by GDPR and other applicable regulations.
4.2 In particular, with reference to the processing of the user’s personal data for the purposes set forth in paragraph 3, both automated contact methods (including, but not limited to, e-mail, telefax, mms -multimedia messaging service – or sms -short message service – or other tools, etc.) and traditional contact methods (including, but not limited to, e-mail, calls with operator, etc.) may be used.
4.3 Regarding the user’s personal data, DVA informs that: (i) the processing of the necessary traffic data will be carried out for a period not exceeding the terms provided by the applicable legislation; (ii) the processing of data for possible marketing purposes, subject to express authorization of the user of services will be carried out for a period not exceeding the terms provided by the applicable legislation.
4.4 With regard to location data that are necessary for the provision of certain services, such data will be processed in accordance with the rules in force, i.e. subject to specific consent that may be revoked at any time.
4.5 There are no automated decision-making processes with reference to the processing of the user’s personal data referred to in this statement and for which the user may have given consent, where applicable.
5. Categories of subjects to whom the data may be communicated
5.1 Without prejudice to the communications made in compliance with the obligations set out in the applicable regulatory provisions, the user’s personal data may be communicated to: natural persons and/or legal entities that DVA uses in relation to the Techcurrency Blog and/or the services available with the Techcurrency Blog and for activities related to such services.
5.2 DVA, in particular, may communicate, in Italy and possibly abroad, including countries outside the European Union in accordance with security measures adopted by Italian and EU Authorities, the user’s personal data to third parties belonging to the following categories: (i) subjects that DVA uses for the provision of the Techcurrency Blog and/or the services available with the Techcurrency Blog;
(ii) entities/companies controlled, controlling and connected to DVA;
(iii) subjects that perform technical and organizational tasks in the name and/or on behalf of DVA; (iv) parties that provide services for the acquisition, processing and processing of data necessary for the provision of the Techcurrency Blog and/or services available with the Techcurrency Blog by users;
(v) parties that provide services for the management of the DVA information system;
(vi) parties that carry out activities of transmission, enveloping, transport and sorting of communications;
(vii) subjects who provide assistance to users;
(viii) subjects who carry out archiving and data entry activities;
(ix) subjects who carry out studies and/or operate in the field of assistance and consultancy;
(x) subjects who carry out market research aimed at detecting the degree of user satisfaction;
(xi) subjects who carry out promotion and sale of products and services;
(xii) subjects who carry out control, audit and certification of the activities carried out by DVA;
(xiii) public authorities and supervisory and control bodies.
5.3 The subjects belonging to the above categories operate, as the case may be, as separate data controllers or as data processors or persons appointed by DVA for this purpose. The personal data may also be known to the employees/consultants of DVA who have been specifically appointed by DVA as data processors or persons in charge of processing.
6. Transfer outside the European Union
Your personal data will be processed by DVA in the territory of the European Union. For technical and/or organizational and/or operational reasons, the user’s personal data may be transferred outside the European Union. In case of transfer and processing of your personal data in countries outside the European Union, such transfer and processing may be carried out in accordance with the provisions of Chapter V of the GDPR and national primary and secondary legislation: a) to third countries / international organizations for which there is an adequacy decision of the European Commission; b) to third countries / international organizations for which there are adequate guarantees referred to in art.46 GDPR and the parties concerned have effective rights of action and means of redress; c) basing the transfer and processing on the adoption of binding corporate rules, so-called Corporate binding rules, and/or other measures provided for; d) to third countries/international organizations for which the transfer of personal data is permitted under Article 49 of GDPR because one of the following conditions is met: (i) the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject, due to the lack of an adequacy decision and adequate guarantees, or (ii) the transfer is necessary for the execution of a contract concluded between the data subject and the data controller or for the execution of pre-contractual measures taken at the request of the data subject, or (iii) the transfer is necessary for the conclusion or performance of a contract concluded between the data controller and another natural or legal person in favour of the data subject, or (iv) the transfer is necessary for important reasons of public interest, or (v) the transfer is necessary to establish, exercise or defend a right in court, or (vi) the transfer is necessary to protect the vital interests of the person concerned or of other persons, if the person concerned is physically or legally incapable of giving consent, or (vii) the transfer is made from a register that under the law of the European Union or the Member States, aims to provide information to the public and can be consulted by the general public as well as by anyone who can demonstrate a legitimate interest, only if the requirements for consultation under the law of the European Union or the Member States are met; all this without prejudice to and without prejudice to what is provided for in the further provisions of Article. 49 GDPR. A copy of any user data transferred abroad, as well as the list of international countries/organisations outside the European Union to which the user’s data has been transferred, may be requested from DVA, as data controller, using the contact details indicated in point 1.
7. Security measures
Pursuant to and for the effects of articles 32 of the GDPR, in order to reduce the risks of destruction or loss, even accidental, of data, unauthorized access to data or data processing not allowed or not in accordance with the purposes of collection, DVA guarantees that the security and confidentiality of user data will be protected by appropriate security measures.
8. Rights of the data subject
The user has the right to ask DVA as data controller:
a) access to the user’s personal data; and
b) the rectification of the user’s personal data; or
c) the deletion of the user’s personal data;
d) the limitation of the processing concerning the user or to oppose the processing of the user’s personal data;
in addition to
e) the portability of the user’s personal data according to the provisions of art.20 of GDPR and the applicable regulations.
Any request or communication concerning or relating to the exercise of any of the rights set forth in Articles 15, 16, 17, 18, 19, 20, 21, 22 of GDPR and the applicable primary and secondary national legislation must be addressed to DVA at the addresses indicated in point 1. This is without prejudice to your right to lodge a complaint with the Guarantor for the protection of personal data in the event you believe that the applicable regulatory provisions on the processing of personal data are not respected