Privacy Policy

Pursuant to and for the purposes of Articles 12 and 13 of the European Regulation of 27 April 2016, no. 679 (in short also ‘GDPR’) the Data Controller wishes to provide the following information to its customers, also following the provision of information in relation to the conclusion of contractual relationships with the Data Controller.

  1. CONTACT DETAILS OF THE DATA CONTROLLER.

    The Data Controller is TCO S.R.L. - INTERNATIONAL DIVERSITY MANAGEMENT, with a registered office in P.zza Carlo Felice 18, 10121 - Turin, Italy, tax code no. 04227250372, in the person of its legal representative pro tempore, e-mail info.italy@tco-international.com, pec tco.srl-internationaldiversitymanagement@pec.it. The Data Controller has not currently appointed a Data Protection Officer (DPO).

  2. PURPOSE AND LEGAL BASIS OF THE PROCESSING.

    The data provided by the data subject are processed as provided for by the GDPR for inclusion in the customer file and are necessary for the possible conclusion of a contractual relationship and for the subsequent fulfilments of a civil, fiscal, managerial nature, to verify the needs of the data subject and offer and manage the services requested, for operations of an administrative nature, as well as to fulfil specific obligations or follow specific tasks provided for by law. The data may also be used for statistical extrapolations, for the receipt of newsletters or information related to the activities of the Data Controller, including commercial and promotional ones, without prejudice to the Customer's right to communicate at any time his wish to no longer receive such communications.

    The legal basis of the processing described above consists in the performance of the contract to which the data subject is party and in legal obligations. A request for an expression of consent will also be made for promotional purposes.

  3. RECIPIENTS OR CATEGORIES OF RECIPIENTS TO WHOM PERSONAL DATA MAY BE DISCLOSED.

    The data will not be disclosed except for contractual and legal obligations and may be communicated to third parties operating in aid of and on behalf of the Data Controller, to business partners, only for the execution and management of the relationship and for the activities and purposes described above, for operations of an administrative nature, legal and contractual consultancy, or for legal obligations. Internal staff as well as those responsible for the management and maintenance of the processing systems may become aware of the data. Communication to the aforementioned subjects will in any case take place with a guarantee of protection of the rights of the data subject as provided for in the GDPR. The list of any data processors is available from the Data Controller.

  4. POSSIBLE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION WITH INDICATION OF ANY PRIVACY GUARANTEES.

    Any transfer of data outside the EU will take place in full compliance with the levels of protection and safeguards provided for in the GDPR.

  5. RETENTION PERIOD OF PERSONAL DATA OR CRITERIA USED TO DETERMINE THIS PERIOD.

    The data will be stored in a form that allows the identification of the data subjects for a period of time that does not exceed the fulfilment of the purposes of the processing, consistent with other legal obligations. The data controller has adopted a procedure for the storage of data: also for reasons relating to the ordinary statute of limitations, the minimum storage period is currently set at 10 years.

  6. RIGHTS OF THE DATA SUBJECT

    The Data Controller informs you of the following rights:

    a) right of access, rectification, cancellation, restriction, opposition:

    the data subject may at any time access his/her data, request rectification if incorrect, request deletion of data that is excessive but not required by law from the Data Controller, may limit data access to certain figures;

    b) right to data portability:

    the data subject has the right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her provided to a Data Controller and has the right to transmit such data to another Data Controller without hindrance from the Data Controller to whom he/she provided it exclusively in the cases provided for in Article 20 of the GDPR;

    (c) right to withdraw consent at any time:

    the data subject may withdraw consent at any time, assuming the consequences thereof (including the interruption of contractual services), without prejudice to the obligation of the Data Controller to continue to hold the personal data subject to this processing when this is necessary to comply with a legal obligation of the Data Controller or for the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the Data Controller.

    d) the right to lodge a complaint with a privacy supervisory authority.

  7. OBLIGATORY OR OPTIONAL NATURE OF THE PROVISION.

    The provision of data is compulsory given the nature of the contractual relationship established between the data subject and the Data Controller, except for that relating to promotional operations, which is optional.

  8. CONSEQUENCES OF ANY REFUSAL TO ANSWER.

    If the data subject refuses to provide the compulsory data requested, the Data Controller reserves the right to assess the consequences to be attributed to such a refusal, which will not necessarily preclude in full the conclusion or execution of the contract with the data subject, unless the obligation to provide the data requested derives directly from the law or is strictly essential to the proper functioning of the contractual relationship. In the latter cases, if the data subject refuses to provide the requested data, the contract cannot be initiated or performed, and if this happens during performance, the relationship must necessarily be terminated. On the other hand, no consequences are envisaged for failure to provide data of an optional nature.

  9. EXISTENCE OF PROFILING ACTIVITIES OR AUTOMATED DECISION-MAKING PROCESSES, LOGIC USED AND CONSEQUENCES FOR THE DATA SUBJECT.

    No profiling activities are performed on the data subject or any form of automated processing of personal data consisting in the use of such personal data relating to a natural person, in particular, to analyse or predict aspects concerning professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

    TCO S.R.L. - INTERNATIONAL DIVERSITY MANAGEMENT