<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=366101480444551&amp;ev=PageView&amp;noscript=1">

Keep in touch

Don’t miss hearing about our newest soluons, offerings, andopportunies. Select which informaon you want to receive:

    Policy on personal data processing

    Mod. ICONT – Date Updated 03/2023

    Pursuant to Article no. 13 of EUROPEAN REGULATION No. 679/2016

    Dear Data Subject,

    GRS srl as Data Processor in accordance with article no. 13 of the European Regulation no. 679/2016 "General Data Protection Regulation (GDPR)" (hereinafter referred to as the EU Regulation), containing provisions on the processing of personal data, would like to inform you about the processing of your personal data.

    The provision requires that anyone who processes personal data must inform the data subject of the data processed and the elements qualifying the processing, which must in any case be carried out in a lawful, correct and transparent manner, as well as protect the confidentiality and guarantee the rights of the data subject.

    It should be noted that data processing means any operation or series of operations concerning the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, distribution and destruction of data.

    1.The Data Processor

    The Data Controller is GRS srl, with registered office in Via Cavalieri di Vittorio Veneto 14 in Martellago (VE) and an operational headquarters in Via Chiesa Campocroce 4 – real estate unit 0/1 – 31021 Mogliano Veneto (TV), tax code and VAT No. 04071710273, which can be contacted at the following addresses: phone +39 041 4069438, e-mail: info@grsnet.it.

    1. Nature of the Data Processed, the Purpose and Legal Basis of the processing

    Nature of the data processed. In relation to the purposes of the processing below, please note that only "common personal data" will be processed, such as, for example:

    • company identification data (company name, VAT number, tax code, type, address, telephone number,
      email, etc.);
    • company and legal representative contact details (name, surname, etc.);

    Purpose of processing. Your personal data will be processed for the following purposes:

    1. to reply to your requests: by filling in the appropriate form in this contact area on a voluntary basis;
    2. to fulfil legal obligations;
    3. to send you newsletters about events and/or congresses etc.. organised by the company;

    Legal basis of processing. Personal data for the purposes set out in 2A and 2B will be lawfully processed to fulfil pre-contractual and contractual obligations between us and the user (article 6, paragraph1 letter b), to fulfil our legal obligations (article 6 paragraph1 letter c).

    Your personal data, for the purposes referred to in point 2C of this policy, may be processed lawfully only with your consent (Article 6. par.1 letter a EU Regulation), specific, separate, express, documented, prior and entirely optional.

    The consent you have given may be withdrawn at any time, without affecting the lawfulness of the processing based on the consent given before the withdrawal (article 7 paragraph 3 EU Regulation)

    We also inform the data subject that, pursuant to article 21 of the EU Regulation, the data subject has the right to object at any time to the processing of personal data concerning them carried out for the purposes of direct marketing (including profiling) and that, should the data subject object to the processing, the personal data may no longer be processed for such purposes.

    3.Recipients of the data and processing methods

    The processing of your personal data will be based on the principles of fairness, lawfulness and transparency and may be carried out using paper and electronic tools both by the staff of the undersigned Company, authorised/charged with the processing of personal data, and by external parties called upon to carry out specific tasks, on behalf of the Data Processor, in their capacity as Data Processors, pursuant to article 28 of the EU Regulations, subject to our letter of appointment requiring them to observe the duty of confidentiality and security in the processing of personal data, and the adoption of suitable security measures to prevent the loss of data, unlawful and incorrect use, and unauthorised access, in compliance with the provisions in force on the protection of personal data.

    For the sake of brevity, the detailed list of these figures is available at the Data Controller's headquarters and is at your disposal.

    Your personal data will not be disclosed and will not be transferred to third countries or international organisations, will not be disclosed to third parties except for legal or contractual obligations

    1. Data retention periods

    Your personal data will be retained for a period of time not exceeding the purposes for which they are processed, in compliance with the principle of retention limitation provided for in the EU Regulation and/or for as long as necessary for legal and contractual obligations or until you revoke your specific consent, and therefore

    • with reference to the purposes set out in points 2A-2B, the data will be kept for a period of time not exceeding the fulfilment of the purposes for which they are processed and/or for the time strictly necessary for the fulfilment of legal and contractual obligations;
    • with reference to the purposes indicated in point 2C, data processed will be retained no longer than 24 months after being collected.

    In order to guarantee the stated retention periods, a periodic check is to be carried out annually on the data processed and on whether it can be deleted if it is no longer needed for the intended purposes.

    1. Consequences of non-disclosure of data

    The personal data referred to in points 2A-2B of this information sheet are necessary, without which it would be impossible for us to proceed with registration (creation of your personal account) and fulfil our contractual and legal obligations.

    On the other hand, the personal data referred to in point 2C are optional, and refusal to provide them will not result in any consequences and will not affect your request to proceed with registration or to perform your contractual and legal obligations. You may therefore decide not to provide any data or subsequently refuse to process data already provided at any time.

    1. Data subject rights

    Data subjects have the rights set out in articles 15 to 22 of the EU Regulation below, and more specifically, data subjects have the right to:

    • obtain acknowledgement of the existence and processing of personal data concerning them, and in that case, obtain access to their data (so-called right of access);
    • obtain details on the purposes of the processing, the categories of the data concerned, the recipients or categories of recipients to whom the data have been or will be disclosed, in particular if they are recipients from third countries or international organisations, the intended data retention period or the criteria used to determine that period; and where the data are not collected from the data subject, obtain all available information on their origin;
    • obtain rectification of the data concerning them (so-called right of rectification)
    • obtain the deletion of data concerning them (so-called right to be forgotten);
    • obtain the limitation of processing (so-called right of restriction of processing);
    • obtain the portability of data, i.e. receive the data from a Data Processor in a structured, commonly used and machine-readable format and transmit them to another Data Processor without any obstacle (so-called right to data portability);
    • object to the processing at any time (so-called right of objection). We would like to specifically inform you, as required by article 21 of the EU Regulation, that if personal data are processed for direct marketing purposes (including profiling), the data subject has the right to object at any time to the processing of personal data concerning them carried out for such purposes, and that if the data subject objects to the processing for direct marketing purposes, the personal data may no longer be processed for such processing;
    • be made aware (with the option to object) of the existence of an automated decision-making process concerning natural persons, including profiling;
    • withdraw consent at any time, without affecting the lawfulness of any processing based on consent given prior to revocation;
    • submit a complaint to the Supervisory Authority for Data Protection in Italy (Data Protection Authority).

    Please note that there may be conditions or limitations to the rights of the data subject. It is therefore not certain whether, for example, data subjects have the right to data portability in all cases as this depends on the specific circumstances of the processing activity.

    A further example: if you choose to object to the processing of your data, the Data Processor is entitled to assess your request, which may not be accepted if there are clear legitimate grounds for processing that override your interests, rights and freedoms.

    1. Methods for exercising rights

    At any time, you may exercise your rights in a clear and explicit manner by submitting:

    - a registered letter with advice of receipt to the company (see address on letterhead);

    - an email to info@grsnet.it.

    Or by contacting the Data Processor directly on the following number: +39 041 4069438.

    1. Minors

    What the Data Controller offers and what is the subject of the relationship with you in existence does not provide for the intentional acquisition of personal information referring to minors. If information on minors is unintentionally recorded, the Data Processor will delete it in a timely manner on the request or indication of the data subject.

    1. D.P.O. – Appointed/Authorised – Data Processors

    Below we provide you with some information that we need to bring to your attention, not only in order to comply with legal obligations, but also because transparency and fairness towards the Interested Parties is a fundamental part of our business.

    DPO (Data Protection Officer). You may also contact the Data Protection Officer to obtain information, send requests about your data or to report service disruptions or other issues.

    The Data Controller has appointed Mr Nicola Ghinello, who can be contacted as follows: telephone +39 348 3165267, email: nicola.ghinello@dpo-rpd.com.

    Appointees/Authorised Persons. The updated list of the appointees/Authorised persons and the staff involved in data processing is kept at the Data Controller's registered offices.

    Data controllers. For the sake of brevity, the detailed list of these figures is available at our office and is at your disposal.

    Keep in touch

    Receive news from us. Choose which blog you want to subscribe