Privacy policy

Privacy: processing of personal data

In accordance with article 13 of the Legislative Decree 196/2003, we here inform that the personal and sensitive data, provided when subscribing to the services supplied by AVR Space srl, shall solely be processed by AVR Space srl with marketing and commercial purposes, as stated in the current regulations.

Data processing shall only be allowed in our headquarters, relying both on paper documents and IT procedures, in compliance to the methods and restrictions required to accomplish the above mentioned purposes.

The data shall be shared with the different players involved in the relationship, such as the tax and accounting office, the data processing centre, the legal practice (for contractual support), the financial administration and banks and companies that will be appointed to process the data of third parties. In our company the data, or part of them, are only accessible to the data processor and to the staff dedicated to the processing of data.

Data collection is intended for the proper compliance to the terms of the contract and the lack of such data may make it impossible to adequately fulfill the contractual terms and conditions we are responsible for.

The Controller, as far as the handling of data is concerned, is AVR Space srl. Data subjects are recognised the rights stated in article 7 of the above mentioned Code, with particular reference to the right concerning the access to one’s own data and having them rectified, updated or erased if incomplete, inaccurate or collected unlawfully, in addition to the right to object to the processing of one's own data on legitimate grounds. All requests regarding the use of data, the list of the internal and external subjects involved in the processing of data, the list of data processors (whether appointed) and any other request of information, shall be addressed to the Controller for the processing of data.

We here point out that, according to article 7 of the Code, You shall exercise the right to access Your personal data, update, rectify and integrate them and, furthermore, to have them erased, turned into anonymous form (whether possible) or even blocked if the processing is unlawful. Finally, we inform You that lacking Your authorization to use Your personal data, we shall not be allowed to supply the services required.

Art. 13. Information

  1. The data subject or the entity collecting the personal data are previously informed either orally or in writing, with reference to:
    1. The purposes and processing procedures the data are intended for;
    2. Compulsory or discretionary communication of data;
    3. The consequences deriving from a potential denial in answering;
    4. The subjects/categories of subjects who can access the data or with whom the data can be shared due to their role as appointed processors/controllers and the dissemination environment of data;
    5. The rights mentioned in article 7;
    6. The ID details regarding the controller, those of the State’s representative possibly appointed according to article 5 and those of the data processor. If the data controller appointed various processors, at least one of them is specified, and either the site communication network or the procedures to easily access the updated list of processors, shall be specified. If a single processor is appointed to provide responses to the data subjects wanting to exercise the rights mentioned in article 7, such data processor is to be specified.
  2. The informative notice mentioned in sub-clause 1, also reports the elements provided by specific regulations of this code and may not include the elements already known by the person providing the data or whose knowledge may factually interfere with the activity of a public subject, carrying out inspections and controls for the defense and safeguard of the State or to prevent, verify and repress crimes.
  3. The Data Protection Authority (DPA) may issue a provision to set out simplified information in particular for telephone services to rely on, when providing assistance and information to the public.
  4. Should the personal data not have been collected directly from the data subject, the informative notice mentioned in sub-clause 1, also including the categories of processed data, shall be provided to the data subject when registering the data or, in case such data are to be transmitted, no later than their first transmission.
  5. The regulation mentioned in sub-clause 4 shall not apply if:
    1. The data are processed in compliance with a legal obligation, a regulation or the Community legislation;
    2. Data processing is aimed at carrying out the defensive investigations mentioned in law n. 397, 7th December 2000 or to assert or defend a right during judicial proceedings, provided that the data are solely processed for such purposes and for the time strictly necessary to their accomplishment;
    3. Providing the information notice to the data subject requires such efforts the Data Protection Authority (DPA), who should consequently call for appropriate actions, considers patently disproportionate or even impossible, in relation to the right to be protected.

Art. 7. Right to access personal data and other rights

  1. The data subject shall have the right to be informed whether personal data, even unrecorded ones, concerning him/her exist and to have them transmitted in intelligible form.
  2. The data subject shall have the right be informed on:
    1. The source of personal data;
    2. The purposes of the processing and the related procedures;
    3. The logic applied in case the data are processed relying on electronic tools;
    4. The ID details regarding the controller, the data processor and the representative appointed, in respect of article 5, sub-clause 2;
    5. The subjects/categories of subjects who can access the data or with whom the data can be shared, due to their role as appointed State’s representatives, data processors or appointed staff.
  3. The data subject shall have the right to obtain:
    1. Updating, rectification or, when required, integration of the data;
    2. Erasure, conversion into anonymous form or blocking of data, if processed unlawfully, the above said also including data not requiring retention, in relation to the purposes they were collected for and/or further processed;
    3. The certification that the procedures mentioned in a) and b), with reference to their content, too, are notified to the entities the data are transmitted to or shared with, only insofar as this is feasible or does not require a disproportionate effort in relation to the right to be protected.
  4. The data subject can in whole or in part object to the processing of data in case of:
    1. Legitimate reasons regarding the processing of one’s own data, in spite of them being relevant for the collection;
    2. Processing of one's own data for commercial information purposes and/or for sending advertising or direct selling materials and/or for market research purposes.