The Data Controller has not identified a Data Protection Officer (DPO), not being obliged to appoint such an officer pursuant to Article 37 of the Regulation.
Users’ personal data will be processed lawfully by the Data Controller pursuant to Article 6 of the Regulations for the following processing purposes:
b) Administrative/accounting purposes, i.e. activities of an organisational, administrative, financial and accounting nature such as internal organisational activities and functional tasks necessary for the fulfilment of contractual and pre-contractual obligations;
c) Legal obligations, i.e. to fulfil the obligations set out by the law, by an authority, by regulations or by legislation and to establish responsibility in the event of any cybercrime against the Website.
Users’ personal data will be processed using electronic means, as strictly necessary to achieve the purpose for which they are processed, and in any event, ensuring the confidentiality of the data.
The personal data of the Website Users will be kept for the time strictly necessary to carry out the primary purposes described above in Section 1, or in any case as necessary for the protection pursuant to Civil Law of the interests of both the Users and the Data Controller.
The personal data of the Users may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Website. These subjects, who are instructed by the Data Controller in accordance with Article 29 of the Regulations, will process the User’s data exclusively for the purposes indicated in this Policy and in compliance with the provisions of the Applicable Regulations.
The personal data of Users may also be disclosed to third parties operating as External Data Processors handling the personal data on behalf of the Data Controller, such as IT and logistic service providers necessary for the operation of the Website, outsourcing or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any eventual Data Processors appointed by the Data Controller by request to the Data Controller as indicated in Section 4 below.
Users may exercise their rights pursuant to the Applicable Regulations by contacting the Data Controller as follows:
Pursuant to the Applicable Regulations, the Data Controller hereby declares that Users have the right to obtain information on (i) the source of their personal data; (ii) the purposes of its being processed and the methods used to do so; (iii) the logic applied to the processing, if carried out by means of electronic tools; (iv) the identity of the Data Controller and the Data Processor; (v) the parties or categories of party to whom the personal data may be communicated or who may gain knowledge of it in their capacity as data processing managers or persons in charge of processing.
Furthermore, Users have a right to:
a) access, update, rectify or, should they wish to do so, integrate their data;
b) the deletion, anonymisation or blocking of data processed unlawfully, including data that does not need to be retained for the purposes for which it was collected or subsequently processed;
c) confirmation that those to whom the data is communicated or disclosed are notified of the actions referred to under points (a) and (b), including their content, unless the fulfilment thereof proves impossible or involves using methods that are clearly disproportionate to the right being protected.
Furthermore, Users have:
a) the right to withdraw consent at any time, whereby the processing is based on their consent;
b) (if applicable) the right to data portability (the right to receive all personal data concerning the Data Subject in a format that is structured, commonly used and readable by automatic devices), the right to limit the processing of personal data and the right to be deleted (“right to be forgotten”);
c) the right to object:
i) in whole or in part, for legitimate reasons, to the processing of personal data concerning the Data Subject, even if pertinent to the purpose of the collection;
d) whereby it is believed that processing of the data is in breach of the Regulations, the right to file a complaint with the Supervisory Authority (in the Member State in which the Data Subject normally resides, in which they work or in which the alleged violation has occurred). The supervisory authority is the Data Protection Commissioner with offices in Canal House, Station Road, Portarlington, Co. Laois (http://www.dataprotection.ie/).
The Controller is not responsible for updating all links that can be viewed in this Policy, therefore whenever a link is not functional and/or current, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by the link.