The Data Controller has not been identified as a Data Protection Officer (DPO), not being required to appoint such an officer to Article 37 of the Regulation.
Users’ personal data will be lawfully processed by the Data Controller agreed to Article 6 of the Regulations for the following processing purposes:
b) Administrative / accounting purposes , ie activities of an organizational, administrative, financial and accounting nature such as internal organizational activities and functional tasks necessary for the fulfillment of contractual and pre-contractual obligations;
c) Legal obligations , ie to fulfill the obligations set out by the law, by an authority, by regulations or by legislation and to establish responsibility in the event of any cybercrime against the Website.
Users’ personal data will be processed using electronic means, as strictly necessary to achieve the purpose for which they are processed, and in any event, ensuring the confidentiality of the data.
The personal data of the Website Users will be kept for the time strictly necessary to carry out the primary purposes described above in Section 1, or in any case as necessary for the protection against the Civil Law of the interests of both the Users and the Data Controller
The personal data of the Users may be disclosed to the employees and / or collaborators of the Data Controller in charge of managing the Website. These subjects, who are instructed by the Data Controller in accordance with Article 29 of the Regulations, will process the User’s data exclusively for the purposes indicated in this Policy and in compliance with the provisions of the Applicable Regulations.
The personal data of Users may also be disclosed to third parties operating as External Data Processors handling the personal data on behalf of the Data Controller, such as IT and logistic service providers necessary for the operation of the Website, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any eventual Data Processors designated by the Data Controller by request to the Data Controller as indicated in Section 4 below.
Users may exercise their rights to the Applicable Regulations by contacting the Data Controller as follows:
Pursuant to the Applicable Regulations, the Data Controller hereby declares that Users have the right to obtain information on (i) the source of their personal data; (ii) the purposes of its being processed and the methods used to do so; (iii) the logic applied to the processing, if carried out by means of electronic tools; (iv) the identity of the Data Controller and the Data Processor; (v) the parties or categories of party to whom the personal data may be communicated or who may gain knowledge of it in their capacity as data processing managers or persons in charge of processing.
Furthermore, Users have a right to:
a) access, update, rectify or, should they wish to do so, integrate their data;
b) the deletion, anonymisation or blocking of data processed unlawfully, including data that does not need to be retained for the purposes for which it was collected or subsequently processed;
c) confirmation that those to whom the data is communicated or disclosed are notified of the actions referred to under points (a) and (b), including their content, unless the fulfilment thereof proves impossible or involves using methods that are clearly disproportionate to the right being protected.
Furthermore, Users have:
a) the right to withdraw consent at any time, whereby the processing is based on their consent;
b) (if applicable) the right to data portability (the right to receive all personal data concerning the Data Subject in a format that is structured, commonly used and readable by automatic devices), the right to limit the processing of personal data and the right to be deleted (“right to be forgotten”);
c) the right to object:
i) in whole or in part, for legitimate reasons, to the processing of personal data concerning the Data Subject, even if pertinent to the purpose of the collection;
d) whereby it is believed that processing of the data is in breach of the Regulations, the right to file a complaint with the Supervisory Authority (in the Member State in which the Data Subject normally resides, in which they work or in which the alleged violation has occurred). The supervisory authority is the Data Protection Commissioner with offices in Canal House, Station Road, Portarlington, Co. Laois ( http://www.dataprotection.ie/ ) .
The Controller is not responsible for updating all links that can be viewed in this Policy, therefore whenever a link is not functional and / or current, Users acknowledge and accept that they must always refer to the document and / or section of the websites referred to by the link.