INFORMATION ON THE PROCESSING OF PERSONAL DATA OF CUSTOMERS PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679 ("GDPR")
Dear Data subject,
Pursuant to Art. 13 and 14 of the GDPR, the companies of the Retelit Group indicated below (hereinafter, the "Companies" or "Joint Controllers"), as Data Controllers, inform you that the data relating to your company (hereinafter, the "Customer") and the personal data relating to the individuals acting on its behalf (hereinafter, the "Data"), will be used and stored in compliance with the provisions of the European Regulation for the Protection of Personal Data EU 2016/679 (hereinafter, "GDPR"), the applicable legislation on the protection of personal data, and in accordance with this policy.
It is understood that it is your responsibility to inform the individuals acting on your behalf, of the processing of the Data referred to in this notice and to seek their consent where necessary.
1. Who we are.
The Companies, depending on the specific purposes pursued and indicated in this Policy, process your Data independently, as data controllers, or jointly, as Joint Controllers, through the conclusion of a specific agreement pursuant to Article 26 of the GDPR, the essential contents of which will be made available, upon your written request, to the contacts below.
The following is the list of co-owners:
Retelit S.p.A., Parent Company of the Companies in the list (hereinafter also the "Group") listed below, with registered office in Milan, Via Pola 9, 20124 tax code, VAT number 12897160151;
Retelit Digital Services S.p.A., with registered office in Milan, Via Pola 9, 20124 tax code, VAT number 12862140154;
Brennercom S.p.A. with registered office in Bolzano, Via Antonio Pacinotti 12 - 39100 - tax code, VAT number 01710910215;
PA ABS S.r.l., with registered office in Milan, Via Pola 9, 20124 tax code, VAT number 02690660309;
PA Expertise S.r.l., with registered office in Milan, Via Pola 9, 20124 tax code, VAT number 02204750976;
IRIDEOS S.p.A., with registered office in Milan, Viale Luigi Bodio 33/37, 20158 tax code, VAT number 09995550960;
IRIDEOS DATA CENTER ITALIA S.r.l. with registered office in Milan, Viale Luigi Bodio 33/37, 20158 tax code, VAT number 11920940969;
Brennercom Tirol GmbH, with registered office in Eduard-Bodem-Gasse 8 - A-6020 Innsbruck, VAT, ATU 628 358 19.
Hereinafter, severally the Controllers or jointly the "Joint Controllers" or the "Retelit Group".
More information on the corporate structure of the Retelit Group, as well as contact details, can be found at www.retelit.it .
For any request regarding the processing of Data, it will in any case be possible to contact the Parent Company Retelit, by sending
2. Data Protection Officer.
The Retelit Group, in order to facilitate the relationship between you and each Data Controller, have designated a Data Protection Officer (DPO) who can be contacted via
These contact methods are also made available on the Parent Company Retelit website www.retelit.it where any updates will also be posted.
3. Type of Data and Method of Processing.
In the context of the activities related to the establishment and subsequent management of the contractual relationship with you and/or the organization for which you are a referral, Joint Controllers collect and process the following categories of Data:
The Joint Controllers collect the Data:
4. Purpose and legal basis of data processing.
Data will be collected, used, and stored:
The processing of Data for the purposes under a), b) and c), does not require your consent as it is necessary to comply with legal obligations, for the performance of contracts to which you are a party and/or for the adoption of pre-contractual measures taken at your request, pursuant to Art. 6, c. 1, lett. b) and c) of the GDPR.
The processing of Data for the purposes sub d), e), f), g), k) does not require your consent as it is necessary for the pursuit of the legitimate interest of the Companies, pursuant to Art. 6, c. 1, lett. f) of the GDPR.
The processing of Data for the purposes sub (h), (i) and (j) requires your consent in accordance with Art. 6, c. 1 (a).
With reference to the activities referred to in (j) above, it should also be noted that, in accordance with the relevant provisions of the Guarantor (Data Protection Authority), further processing information may be provided to you by the third parties to whom the Data may be disclosed.
5. Data provision.
The provision of Data for the purposes under a), b) c) constitutes a legal and contractual obligation, respectively: in these cases, failure to provide the Data will result in the impossibility for the Companies to establish and/or continue business relations with you.
The provision of Data for the purpose sub d), e), f), g), k) is optional, but necessary for the pursuit of the legitimate interest of the Companies, without prejudice to your right to object to the processing at any time in the case of special situations that concern you.
The provision of Data for the purposes sub h), i) and j) is optional and failure to provide it will result in the impossibility for the Companies to carry out the functional activities to achieve the purposes in question, without any consequences with reference to the establishment and/or execution of the contract.
With regard to the purpose sub f), it will be possible for the Companies to use the e-mail details you have provided in the context of a previous sale of products and services without prejudice to your ability to object to such processing at any time (initially or on the occasion of subsequent communications), in the manner described in the appropriate section of this policy.
6. Recipients or categories of recipients.
The Data may be made accessible to, brought to the attention of, and/or communicated to the following parties, who may be appointed by the Data Controllers - as appropriate - as data processors, authorized persons, co-processors, or will act as independent data controllers:
In any case, the Data will not be disseminated.
7. Data retention.
The Contractors will process your Data for as long as is strictly necessary to achieve the purposes stated and described in this policy.
Specifically, depending on the purpose of processing, the expected retention periods are as follows:
|Pre-contractual activities||Up to 24 months after the collection of the Data|
|Fulfillment of legal obligations||Up to 10 years after the termination of the provision of services/products|
|Administrative, accounting and tax purposes||Up to 10 years after the termination of the provision of services/products|
|Verification of the degree of financial reliability, solvency and fraud prevention||For the duration of the contractual relationship|
|Marketing purposes||Until consent is revoked or 24 months after termination of the contractual relationship|
|Profiling for marketing purposes||Until consent is revoked or 24 months after termination of the contractual relationship|
|Treatment for carrying out direct marketing activities||24 months after termination of the contractual relationship unless the right to object is exercised in accordance with Article 21(2) and (3) of the GDPR|
|Treatment for the management of extrajudicial, judicial and regulatory litigation||For the duration of the contractual relationship, unless extended in the event of any pending litigation with customers and/or users of our Company's websites|
|Recording of calls for verification of service quality and training of customer care workers||For 6 months from the acquisition of the recording of the phone call|
|Conducting surveys and other "Customer Satisfaction" surveys.||24 months after termination of the contractual relationship|
|Processing of telephone and/or computer traffic data for service billing purposes||Up to 6 months, unless extended, for litigation management|
|Retention of telephone and/or computer traffic data for the purpose of investigating and prosecuting crimes||12/24/72 months, according to specific legal provisions|
|Aggregate profiling of traffic data to improve the quality of services and/or products marketed||For 24 months after termination of the contract relationship, unless the right to object is exercised in accordance with Article 21(2) and (3) of the GDPR|
8. Data Transfer to Third Countries.
The Retelit Group undertake to process and store the Data within the European Union.
Notwithstanding the above, in order to achieve the purposes referred to in paragraph 4, the Data may be transferred to entities established in countries outside the European Economic Area, which provide the Data Holders with services related to the processing activities performed (e.g., technology service providers, cloud, CRM, etc.).
Such a transfer, where appropriate, will take place in compliance with the conditions set forth in the GDPR and will be regulated, depending on the recipients, through the use of the standard contractual clauses adopted by the European Commission or - alternatively - on the basis of an adequacy decision of the Commission and/or any other instrument allowed by the relevant legislation, including adherence to the certification mechanism of the "EU-U.S. Data Privacy Framework."
9. Rights that can be exercised by the Data Subject.
During the period in which the Data Controllers carry out the processing of your Data, you, as a data subject may, at any time, exercise the rights provided for in Articles 15 to 22 of the GDPR:
10. Right to file a complaint with the Guarantor.
You have the right to file a complaint with the Guarantor if you believe that your rights under the GDPR have been violated, in the manner indicated on the Guarantor's website to the link below - www.garanteprivacy.it .
11. Final Provisions.
The Retelit Group reserve the right to amend and/or update this policy also on the basis of developments in applicable data protection legislation, as well as in the face of any changes in the corporate structure of the Group.
The updated version of the disclosure can always be found on the Group Company's website at www.retelit.it.