DIRECTA S.I.M.p.A., data controller ("Controller" or "Directa") with registered office in Via Bruno Buozzi, 5 - 10121 Turin, informs you that it uses the personal data in its possession in compliance with the provisions of the GDPR and that such use is based on principles of fairness, lawfulness, transparency and protection of confidentiality of the persons to whom the data refer ("data subject").
Personal data, collected directly from the data subject, or from third parties, are processed by the controller - in accordance with the principle of lawfulness as per Art. 6 letter a) of the GDPR - in the context of its activity for the pursuit of the following purposes:
a) provide the requested services and manage client relations. The provision of the personal data necessary for these purposes is not mandatory, but refusal to provide them makes it impossible to perform what was requested;
b) comply with the requirements of national and EU regulations (e.g. anti-money laundering, tax and fiscal assessments, provision of investment services) as well as with the provisions issued by the Supervisory and Control Bodies. The provision of personal data for these purposes is mandatory and the respective processing does not require consent.
c) send information notices also concerning the Controller's products and services. The provision of data is not mandatory and the Data Subject can decide at any time not to receive these communications by opting for the relative cancellation (for example, "opt out" at the bottom of the e-mail).
With regard to the above, the legal bases for data processing are as follows:
- with regard to letter a), the stipulation and execution of a contract to which the data subject is a party, or the assistance and response to the data subject’s requests;
- with regard to letter b), fulfilment of legal obligations, regulations and orders of the Authorities (in compliance with legal and regulatory obligations such as, for example, those to prevent money laundering and the funding of terrorism, to comply with current regulations on sanctions and embargoes, to combat tax fraud and fulfil tax control and reporting obligations, to respond to an official request from a public or judicial authority in the cases provided for by law).
- with regard to lett. c), the legitimate interest of the Controller who intends, for example, to report on the status of the activity, design and manage new products and services, and provide financial information to the Data Subjects.
Directa does not carry out automated processing (including profiling) of the personal data in its possession.
The subject of processing is personal data that generally consist of elements of personal identification collected directly from the data subjects.
The data will remain confidential and will not be disclosed to third parties for purposes other than those listed in paragraph 1.
Personal data will not be disclosed and may be communicated to companies contractually linked to Directa within and outside the European Union, in order to comply with the purpose for which they were collected. The data may be communicated to:
Personal data are not transferred on the initiative of Directa abroad (inside or outside the European Union) except in certain cases (for example, for a class action) for which the personal data of the clients concerned are communicated to competent foreign authorities as well as to subjects appointed for this purpose by Directa.
In addition, some third parties, service providers, may have their own servers physically located abroad (as in the case, for example, of server providers). In such cases, the transfer of data abroad will take place exclusively within the scope of and in compliance with current legislation.
Personal data are processed automatically and manually, using methods and tools designed to ensure maximum security and confidentiality, by persons specifically mandated in compliance with the provisions of arts. 28 and 29 of the GDPR.
In accordance with the provisions of art. 5, par. 1, letter e) of the GDPR, the personal data of the data subject are stored in a form that allows identification for a period of time not exceeding the achievement of the purposes for which the data were collected and subsequently processed and, in any case, no later than 10 years after termination of the relationship, for compliance with regulatory obligations but not beyond the period set by law for the prescription of rights.
The processing of personal data of which Directa is in possession takes place at the aforementioned premises and is carried out by persons authorised to carry out such processing.
The data subject may exercise his rights as established by the GDPR, by contacting DIRECTA S.I.M.p.A. with registered office in Via Bruno Buozzi, 5 (Turin), directly at the following e-mail address: email@example.com or the Data Protection Officer (DPO) at the following e-mail address: firstname.lastname@example.org; the data subject has the right at any time to:
Via Bruno Buozzi, 5
+39 011 530101