This Privacy Notice is intended to provide all the information relating to the processing of personal data carried out by the Digitouch Group when the User accesses the services available through this Website, as further described below.
Digitouch S.p.A., with its registered office at Viale Vittorio Veneto 22, Milan, Italy, VAT No. 05677200965 (hereinafter, the "Company"), together with its subsidiaries listed at www.gruppodigitouch.it/group-societies (hereinafter, collectively, the "Digitouch Group"), owner of the website https://www.gruppodigitouch.it/en (hereinafter, the "Website"), hereby provides this Privacy Notice pursuant to Article 13 of Regulation (EU) 2016/679 of 27 April 2016 (hereinafter, the "Regulation" or the "Applicable Legislation").
Digitouch Group places the utmost importance on the right to privacy and the protection of its Users' personal data. For any information regarding this Privacy Notice, Users may contact the Digitouch Group at any time using one of the following methods:
by sending a registered letter with acknowledgement of receipt to the Group's registered office at Viale Vittorio Veneto 22, Milan, Italy;
by sending an email to: privacy@gruppodigitouch.it.
Users may also contact the Digitouch Group's Data Protection Officer (DPO) using the following email address: dpo@gruppodigitouch.it.
By registering in the "Resources" section of the Website, the User may access the following Services: (i) register for and participate in training events, webinars and/or courses organised by the Data Controller (hereinafter, the "Events"); (ii) download the materials relating to the Events organised by the Data Controller; and/or (iii) obtain any additional information requested by the User (hereinafter, collectively, the "Materials").
The User's personal data will also be processed by the Data Controller solely for the purpose of verifying the User's identity.
This Website and any services provided through it are intended exclusively for individuals who are at least eighteen (18) years of age. Accordingly, the Digitouch Group does not knowingly collect personal data relating to individuals under the age of 18. Upon request, the Digitouch Group will promptly delete any personal data inadvertently collected from individuals under the age of 18.
In particular, Users' personal data will be lawfully processed for the following purposes:
1. Performance of the Service: the Users' personal data (namely, first name, last name, company name, email address and mobile phone number) will be lawfully processed by the Digitouch Group in accordance with the Applicable Legislation in order to enable each User to use the Services described above. The User's personal data will also be processed by the Data Controller solely for the purpose of verifying the User's identity.
2. Administrative and accounting purposes: namely, to carry out organisational, administrative, financial and accounting activities, including internal organisational activities and activities necessary for the fulfilment of contractual and pre-contractual obligations.
3. Compliance with legal obligations: namely, to comply with obligations imposed by applicable laws, regulations, public authorities or European Union legislation.
Without prejudice to the provisions set out elsewhere in this Privacy Notice, under no circumstances will the Data Controller disclose or make the Users' personal data accessible to other Users and/or third parties. The provision of personal data for the processing purpose referred to in Section 3, point 1 is optional but necessary. Failure to provide such data will prevent the User from registering in the "Resources" section of the Website, registering for and participating in the Events organised by the Data Controller, and/or receiving the Materials from the Digitouch Group. The personal data required to pursue the processing purposes described in this Section 3 are marked with an asterisk (*) in the relevant request form.
Some of the User's personal data (namely, first name, last name, company name, email address and mobile phone number) may also be processed by the Digitouch Group for marketing purposes, in order to contact the User by email or telephone (landline and/or mobile, including by means of automated calling or communication systems, with or without the intervention of an operator) to offer comprehensive consulting services supporting the digital transformation of Users and/or partner companies.
Failure to provide consent will not in any way affect the User's ability to register on the Website.
Where consent has been given, the User may withdraw it at any time by submitting a request to the Digitouch Group using the methods described in Section 8 below.
The User may also object to receiving further promotional communications by email at any time by clicking the unsubscribe link included in each promotional email. Once the consent has been withdrawn, the Digitouch Group will send the User a confirmation email acknowledging receipt of the withdrawal request. If the User wishes to withdraw consent to receive promotional communications by telephone while continuing to receive promotional communications by email, or vice versa, the User is requested to submit a request to the Data Controller using the methods set out in Section 8 below.
The Digitouch Group informs Users that, following the exercise of the right to object to receiving promotional communications by email, they may continue to receive a limited number of promotional messages for technical and operational reasons (for example, where contact lists have already been finalised shortly before the objection request is received by the Digitouch Group). Should the User continue to receive promotional communications more than 24 hours after exercising the right to object, the User is kindly requested to report the issue to the Digitouch Group using the contact details provided in Section 8 below.
Performance of the Service (as described in Section 3, point 1): the legal basis for processing is Article 6(1)(b) of the Regulation, as the processing is necessary for the performance of a contract to which the User is a party or in order to take steps at the User's request prior to entering into a contract.
Administrative and accounting purposes (as described in Section 3, point 2): the legal basis for processing is Article 6(1)(b) of the Regulation, as the processing is necessary for the performance of a contract and/or in order to take steps at the User's request prior to entering into a contract.
Compliance with legal obligations (as described in Section 3, point 3): the legal basis for processing is Article 6(1)(c) of the Regulation, as the processing is necessary for compliance with a legal obligation to which the Data Controller is subject.
Additional processing purposes: with regard to processing for marketing purposes (as described in Section 4.1), the legal basis for processing is Article 6(1)(a) of the Regulation, namely the data subject's consent to the processing of their personal data for one or more specific purposes.
The Digitouch Group will process Users' personal data using both manual and electronic means, in accordance with procedures strictly related to the purposes for which the data are collected and, in any event, in a manner that ensures the security and confidentiality of such data.
Users' personal data will be retained only for the period strictly necessary to manage the User's registration for and participation in the Events, as well as to provide the Materials, in accordance with the purposes described above.
The email addresses and personal data referred to in Section 4.1 will be used by the Data Controller until the User objects to such processing or withdraws consent and, in any event, for a maximum period of 12 (twelve) months from the User's last activity on the Website or in connection with the services provided by the Data Controller. Activities include, by way of example, accessing the Website, interacting with communications sent by the Data Controller, participating in Events organised by the Data Controller, or accessing the Website's content and services.
Where necessary, for example in the event that the data subject exercises the right to restriction of processing, or where required by the competent authorities or pursuant to a legal obligation, the personal data strictly necessary for such purposes will be processed for the period required to safeguard the data subject's rights or to comply with the applicable legal obligation or the relevant authority's order.
Users' personal data may be transferred outside the European Union. In such cases, the Digitouch Group will ensure that any such transfer is carried out in compliance with the Applicable Legislation and, in particular, with Articles 45 (Transfers on the basis of an adequacy decision) and 46 (Transfers subject to appropriate safeguards) of the Regulation.
Users' personal data may be accessed by the employees and/or collaborators of the Digitouch Group who are authorised to manage the Website and handle Users' requests. Such individuals, who have been duly instructed by the Data Controller pursuant to Article 29 of the Regulation, will process Users' personal data exclusively for the purposes set out in this Privacy Notice and in accordance with the Applicable Legislation.
Users' personal data may also be accessed by third parties acting on behalf of the Digitouch Group as Data Processors pursuant to Article 28 of the Regulation, including, by way of example, providers of IT and logistics services necessary for the operation of the Digitouch Group Website, outsourcing and cloud computing service providers, as well as professional advisers and consultants.
The User has the right to obtain a list of the Data Processors appointed by the Digitouch Group by submitting a request using the contact methods indicated in Section 8 below.
Users may exercise the rights granted to them under the Applicable Legislation by contacting the Digitouch Group using one of the following methods:
by sending a registered letter with acknowledgement of receipt to the Group's registered office at Viale Vittorio Veneto 22, Milan, Italy;
by sending an email to privacy@gruppodigitouch.it;
by contacting the Digitouch Group's Data Protection Officer (DPO) at dpo@gruppodigitouch.it.
Pursuant to the Applicable Legislation, the Digitouch Group informs Users that they have the right to obtain information regarding: (i) the origin of their personal data; (ii) the purposes and methods of processing; (iii) the logic applied where processing is carried out by electronic means; (iv) the identity of the Data Controller and any Data Processors; and (v) the recipients or categories of recipients to whom the personal data may be disclosed or who may become aware of the data in their capacity as Data Processors or authorised persons.
Users also have the right to obtain:
a) access to, updating, rectification of, or, where they have an interest, completion of their personal data;
b) erasure, anonymisation or restriction of personal data processed in breach of the law, including data whose retention is no longer necessary in relation to the purposes for which they were collected or subsequently processed;
c) confirmation that the operations referred to in points (a) and (b) have been notified, including their content, to those to whom the data have been disclosed or disseminated, unless such compliance proves impossible or involves a manifestly disproportionate effort compared to the right being protected.
Users also have:
a) the right to withdraw their consent at any time where processing is based on consent;
b) the right to data portability (i.e. the right to receive all personal data concerning them in a structured, commonly used and machine-readable format);
c) the right to object:
in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even where such processing is relevant to the purpose for which the data were collected;
in whole or in part, to the processing of personal data concerning them for the purposes of sending advertising material, direct marketing, market research or commercial communications;
where personal data are processed for direct marketing purposes, at any time, to the processing of their personal data for such purposes, including profiling insofar as it is related to such direct marketing;
d) where they consider that the processing of their personal data infringes the Regulation, the right to lodge a complaint with a supervisory authority (in the Member State of their habitual residence, place of work or the place of the alleged infringement). The Italian supervisory authority is the Italian Data Protection Authority (Garante per la protezione dei dati personali), with registered office at Piazza Venezia 11, 00187 Rome, Italy (https://www.garanteprivacy.it/web/garante-privacy-en/home_en)
The Digitouch Group is not responsible for ensuring that all links contained in this Privacy Notice remain updated. Therefore, whenever a link is unavailable or no longer up to date, Users acknowledge and accept that they should refer directly to the relevant document and/or section of the website to which the link refers.