pursuant to article 13 of EU Regulation 2016/679
(hereinafter referred to as “GDPR”)
Wanrise S.r.L. protects your privacy for the processing of personal data relating to natural persons such as Customers, Consultants, Brokers and Suppliers
1. GENERAL INFORMATION
Customers, Brokers, Suppliers, Consultants and Collaborators (including, for these purposes, Directors of the Wanrise Company) are informed of the following general profiles, which are valid for all areas of the processing that may involve the natural persons of reference (hereinafter also referred to as “data subjects” pursuant to article 4, paragraph 1 of the GDPR).
1.1 The Data Controller is Wanrise S.r.L. in the person of its legal representative, with registered office based in Via G. Leopardi, 14 20100 Milan Italy MI Tel. 39 02 87169441, c.f. and p.i.: 09598190966 which you can also contact at the following contact details: firstname.lastname@example.org or email@example.com/.
- All personal data related directly or indirectly to natural persons shall be processed lawfully, fairly and in a transparent manner in relation to the data subject, in compliance with the general provisions set forth in article 5 of the GDPR.
- We have taken specific security measures to prevent loss, illegal or improper use and unauthorised access of data.
- The site collects data using computer or paper systems and media (see: paper printing of computer documents), only “common” data or information that does not include “particular categories of data” (personal data that reveal racial or ethnic origin, political views, religious or philosophical beliefs, or trade union membership). As well as dealing with genetic data, biometric data to uniquely identify a person, data relating to the person’s health or sexual life or sexual orientation or “judicial data” (personal data relating to criminal convictions crimes or related security measures).
- Web hosting of the site is allocated at the Kualo Ltd provider based in 20-22 Wenlock Road London, N1 7GU, United Kingdom (www.kualo.com – VAT Reg No: GB 879 4400 88) and is maintained by Computer Design Srl – via Piave 46 in Santo Stefano Ticino (20010 – MI) – Italy, Italy, A.T.: 11980150152. Who is named companies responsible for processing the data on behalf of the Controller. The servers, for managing the site, placed within the European Economic Area; any transfer of data to sub-responsibles abroad will be covered by standard contractual clauses and/or its adequacy decision, in accordance with Articles. 45 and 46 GDPR.
- The updated list of persons authorised for treatment on behalf of the Holder as well as external treatment managers designated by Wanrise is available at the Holder’s office.
2. PURPOSES AND DISCLOSURES
2.1 Primary Purposes
- a) The personal data of data subjects are processed to stipulate and perform the contract for the provision of Wanrise S.r.L. services, other contracts with the suppliers of Wanrise S.r.L. or Brokers, Consultants and Collaborators of Wanrise, including professional services (hereinafter the “Contracts”).
Before the conclusion of a Contract, the personal data of the data subject may also be processed for pre-contractual purposes, such as replying to specific requests from the data subject for the purpose of a subsequent contractual relationship. In any case, personal data are also processed to enable the Data Controller to fulfil the obligations provided by law, a regulation or community legislation and for civil, accounting and tax purposes.
Personal data may also be processed to assert or defend in the competent fora (court, arbitration, administrative, etc) the rights of the Data Controller, whether or not they relate to the Contract (e.g. breach).
- b) The Data Controller may disclose the data subject’s data to private third-party suppliers who provide the Data Controller with services ancillary to the Contract, and also to accounting, tax, legal and administrative consultants, to banks for payment services, to the Data Controller’s internal staff (authorised and appointed), to public bodies (e.g. payment of withholding tax). The data will not be disseminated.
As required by the Transparency Guidelines (WP 260/2017) if the Data Controller chooses to indicate the categories of recipients of the personal data, he must justify why he considers this approach to be correct and, in any case, reference to the category must not be generic but specific, referring to the activities carried out, the sector, industry, and territorial location of the recipients identified by this category. In this perspective, the Data Controller considers the approach by recipient category of the disclosure to be correct, given that indication of the name of the suppliers and subcontractors would be exorbitant. Third-party suppliers are represented by the following categories: companies in the banking and credit sector that provide services for the management of financial transactions related to payments of the data subjects; providers of ICT services for installation, assistance and maintenance of IT and electronic systems and all services functionally connected and necessary to provide the Contractual services; people, companies or professional firms that provide assistance, advice or collaboration to the Data Controller in accounting, administrative, legal, tax and financial matters relating to the Contract.
- c) In all the above cases, the Data Controller is not required to obtain consent from the Customer. All the aforementioned processing operations pursue primary purposes for which article 6 of EU Regulation 679/2016 on data protection excludes the need to obtain the data subject’s specific consent, since the legal basis for the legitimacy of the processing is represented – as the case may be – by the Service and/or Supply Agreement, by the obligation to comply with the legal provisions, and by the need to implement measures requested by the data subject. In the case of actions to assert or defend a legal claim, the legal basis of the processing is represented by the legitimate interest of the Data Controller.
2.2 Secondary purposes
- a) The personal data collected will be processed – if the Data Subject consents – also for the following secondary and homogeneous processing purposes: for promoting and advertising products and services, for conducting market research and surveys (by telephone, online or using forms), for formulating statistics (in identifying form), and for other sample marketing research activities relating to the Data Controller’s products and/or services (hereinafter referred to as “Processing for Marketing Purposes”).
- b) Based on the data subject’s specific and separate consent, the data subjected to Processing for Marketing Purposes may be disclosed to the following third parties: suppliers of electronic communication goods and services, internet service providers, advertising agencies. The data will not be disseminated.
- c) In order to proceed with the Processing for Marketing Purposes, the Data Controller must obtain an informed, free, unambiguous, specific, separate, express, documented, preventive and completely optional consent from the Data Subject. A further and separate consent is also required in order to be able to disclose personal data to third parties so that they in turn can process them for marketing purposes. The user is free to give the Data Controller only consent to the Processing for Marketing Purposes but not also additional consent to disclose the data to third parties for marketing purposes. If the user does not intend to give any consent to the processing of data for marketing purposes (to the Data Controller and to disclose data to third parties), there will be no consequence or impact on the Contract currently existing with the Data Controller.
- d) All consents, if given by the user for any purpose, and with particular reference to the marketing consent and relative disclosure to third parties, can be withdrawn at any time without formalities by sending an email to firstname.lastname@example.org email@example.com/.. This shall be without prejudice to authorised processing carried out at the time of withdrawal.
3. DATA TRANSFER AND RETENTION PERIODS
3.1 Data will be kept on the servers of the Data Controller or by third-party companies, appointed as external data processors on behalf of the Data Controller, whose servers are located within the European Economic Area; any transfer of data to sub-processors abroad will be covered by standard contractual clauses and/or by the sub-processors adherence to an adequacy decision in accordance with articles 45 and 46 of the GDPR.
3.2 Data processed for primary purposes will be kept for ten years as required by the applicable laws (tax, civil, and anti-money laundering). Personal data subject to Processing for Marketing Purposes will be kept in accordance with the principle of proportionality and minimisation for the duration of the Contract and up to 36 months after its termination (to allow the Data Controller to propose new services and/or products within a reasonable period of time) or until withdrawal of the Data Subject, if earlier.
4. YOUR RIGHTS
4.1 You may freely exercise the following rights in relation to the processing of data by Wanrise S.r.L.:
- Obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to obtain access to data and information relating to said processing.
- Request rectification of inaccurate data;
- Request cancellation of data in the event that, among other reasons, they are no longer necessary for the purposes for which they were requested; in this case, Wanrise S.r.L. will cease to process the data, except where said data are necessary to establish, exercise or defend a legal claim.
- Request application for the restriction of data processing, in which case said data may only be processed with the prior consent of the data subject; except for the retention of the data and use for establishing, exercising or defending a legal claim or for protecting the rights of other natural or legal persons or for reasons of significant public interest of the European Union or a Member State.
- Oppose, in whole or in part, for legitimate reasons, the processing of data, in this case Wanrise S.r.L. shall cease to process the data, unless they are necessary to defend a legal claim.
- Receive the data provided to Wanrise S.r.L. in a structured, commonly used and machine-readable format, or to request Wanrise S.r.L. to transfer those data to another controller when technically possible.
- Withdraw the consent given, if relevant, for the purposes outlined in point 2 above, without this affecting the lawfulness of the processing based on consent given before its withdrawal.
4.2 The above rights of access, rectification, cancellation, restriction, opposition and portability of data may be exercised directly by the data subject or by his/her legal or voluntary representative, by means of a request sent by registered letter with return receipt to Wanrise S.r.L. in Via G. Leopardi, 14 – 20100 Milan Italy MI Tel. 39 02 87169441, c.f. and p.i.: 09598190966 which you can also contact at the following contact details: firstname.lastname@example.org or email@example.com/.
The data subject has the right to lodge a complaint with a Supervisory Authority.
5. UPDATING OF THE POLICY
It should be noted that this policy may be reviewed periodically, also as required by applicable laws or regulations. Any significant changes will be notified by posting a prominent notice on the homepage of the www.Wanrise.com website. In any case, the data subject should periodically check this policy for any updates.