Information notice on the processing of personal data
CMP Group Middle East DWC LLC, Office 07-31st Floor – Single Business Tower – Sheikh Zayed Road – Business Bay Area – Dubai (UAE)
(hereinafter referred to as ‘controller’) in its role of data controller wishes to inform you that, pursuant to art. 13 of Legislative Decree no. 196 of 30 June 2003 (hereinafter referred to as ‘Personal Data Protection Code’) and art. 13 and 14 of General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as ‘GDPR’), your personal data will be processed with the methods and for the purposes indicated below.
1. MATERIAL SCOPE
The controller processes the non-sensitive personal data – e.g. name, last name, tax code, VAT number, email, telephone number, hereinafter referred to as “personal data” or “data” – which you have communicated upon registration to the website cmpgroup.ae
2. PURPOSE OF DATA PROCESSING
Your personal data are processed:
A) Without your explicit consent (art. 24 letters a, b, c and art. 6 letter b of Personal Data Protection Code, and GDPR) for the following Service purposes:
- to let you contact us through the contact form available in the website;
- to let you register to the website or its specific services, if any;
- to manage and maintain your account on the website, if any;
- to fulfil the obligations laid down by law, by a regulation, EU legislation or any order issued by the Authority;
- to prevent or detect any fraudulent activities or any abuses which may damage the website;
- to exert the controller’s rights, such as the right to legal defence.
B) Only with your prior specific and distinguishable consent (art. 23 and 130 of Personal Data Protection Code and art. 7 of GDPR), for the following marketing purposes:
- to email you newsletters, commercial communications and/or promotional materials on the products or services provided by the controller.
C) Automatically and for the operation of this website. The navigation data are not collected for the purpose of associating them with interests of the data subjects concerned, but due to their own nature, they may identify the users through processing and matching with data held by third parties or by the data controller. The objective is to obtain anonymous statistical information on the use of the website so as to control the operation of the same.
Data may be used to ascertain responsibilities in case of computer crimes against the site or other users.
Please note that if you are already our customer, we could send you commercial communications related to services and products provided by the controller and similar to the ones you have already used, unless you withdraw your consent (art. 130 paragraph 4 of Personal Data Protection Code).
3. METHODS OF PROCESSING
Your personal data are processed by means of the operations indicated in art. 4 of Personal Data Protection Code and art. 4 no. 2) of GDPR and specifically: collection, recording, organisation, storage, consultation, processing, alteration, selection, comparison, use, interconnection, blockage, disclosure, erasure or destruction of data. Your personal data are processed using electronic, manual and/or automatic means.
Specific security measures are implemented to prevent the loss of data, any unlawful or incorrect use and unauthorised access.
4. RIGHT OF ACCESS
For the purposes as per art. 2(a) and 2(b), your personal data may be made accessible to:
- employees or co-workers of the controller or partner companies the controller belongs to, in their function of persons authorised to data processing and/or internal processors and/or system administrators;
- third parties (e.g. for marketing and promotional activities, surveys, personal data storage, providers in charge of the management and maintenance of the website, suppliers, banks, professional practices etc.) to whom the controller has outsourced the activity as external processors.
5. DISCLOSURE OF DATA
Without your explicit consent (pursuant to art. 24 letters a), b), d) of Personal Data Protection Code and art. 6 letters b) and c) of GDPR) the controller can disclose your data for the purposes referred to in article 2(a) to Supervisory Authorities, Legal Authorities as well as other subjects to whom disclosing the data is mandatory by law for the said purposes.
The controller will not communicate any information of the data subjects concerned to third parties without their consent, unless it is requested by law. The personal data processed will not be disseminated under no circumstances.
6. TRANSFER OF DATA
Personal data are managed and stored on servers located within the EU and held by the controller and/or third companies entrusted with and duly designated as data processors. Personal data will not be transferred outside the EU. It is however understood that the controller, if needed, shall have the right to move the servers in Italy and/or in the EU and/or in non-EU countries. In this case, the controller ensures that any transfer of data to non-EU countries will be made in compliance with applicable law provisions, by also entering into agreements, whether needed, to guarantee appropriate data protection and/or by adopting standard contractual clauses laid down by the European Commission.
7. NATURE OF PROVIDING DATA AND CONSEQUENCES OF OBJECTION
The provision of data for the purposes referred to in art. 2(a) is mandatory. In case they are not provided, we cannot guarantee the registration to the website and the services as per art. 2(a).
The provision of data for the purposes referred to in art. 2(b) is optional. You can therefore decide not to give any data or to subsequently withdraw your consent to processing of the data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material concerning the services provided by the controller. However, you will continue to be entitled to the services referred to in art. 2(a).
8. RIGHTS OF THE DATA SUBJECTS
The data subjects have the rights laid down in art. 7 of Personal Data Protection Code and art. 15 of GDPR and namely the rights:
- to obtain confirmation as to whether or not personal data concerning them have been collected, even if not registered yet, and to access them in an intelligible form;
- to obtain information about a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied if processing is carried out using electronic means; d) the identification details of the controller, the processors and the representative appointed pursuant to art. 5, paragraph 2 of the Personal Data Protection Code and art. 3, paragraph 1 of GDPR; e) the subjects or categories of subjects to whom personal data may be disclosed or who can learn about them as appointed representative in the territory of the State, processors or however subjects responsible for it;
- to obtain: a) updates, rectification or, when interested, integration of data; b) erasure, transformation into anonymous form or blocking of data processed unlawfully, including data whose conservation is not necessary for the purposes for which they were collected or subsequently processed; c) confirmation that the operations referred to in letters a) and b) have been communicated, also with regard to their content, to the recipients to whom data have been disclosed or disseminated, unless this proves impossible or involves disproportionate effort with respect to the right being protected;
- to object in whole or in part: a) on legitimate grounds, to the processing of their personal data, even though the data are relevant to the purpose for which they are collected; b) to the processing of their personal data for the purpose of sending advertising materials or direct selling or for the performance of market or commercial communication surveys using automated calling systems without operator intervention by email and/or through conventional marketing methods by telephone and/or post. Please note that the data subject’s right to object, as set out in point b) above, for direct marketing purposes through automated methods, extends to conventional ones and that in any case the data subject can exercise the right to object even partially. Therefore, the data subject can decide to receive only communications provided through conventional means or only automated communications or none of them.
Where applicable, the user also has the rights referred to in articles 16-21 of GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to submit a claim to the Data Protection Authority.
9. PROCEDURES FOR THE EXERCISE OF THE RIGHTS
You can exercise your rights at any time by sending:
- a registered letter with return receipt to CMP Group Middle East DWC LLC, Office 07-31st Floor – Single Business Tower – Sheikh Zayed Road – Business Bay Area – Dubai (UAE)
- a PEC email to PECIND
- an email to email@example.com
10. CONTROLLER, PROCESSOR AND PERSONS AUTHORISED TO DATA PROCESSING
The controller is CMP Group Middle East DWC LLC, Office 07-31st Floor – Single Business Tower – Sheikh Zayed Road – Business Bay Area – Dubai (UAE)
The updated list of data processors and any persons authorised to process personal data, if foreseen, is available at the registered office of the controller.
11. CHANGES TO THIS INFORMATION NOTICE
The controller reserves the right to modify, integrate or update periodically this information notice in compliance with the applicable regulation or any provisions adopted by the Data Protection Authority.
12. DATA COLLECTED THROUGH A MARKETING AUTOMATION PLATFORM
For the sake of completion, we specify that we send marketing emails through the Logicamail Marketing Automation Platform, which uses statistical tracking (i.e. web beacons) to determine whether a message has been opened, how many clicks have been made on the hyperlinks contained in the email, the IP address or browser used to open the email and other similar details. Data collection is necessary for the use of the platform and is an integral part of the functions of the email sending system.
The legal basis that legitimates the processing of these data is the execution of a contract the data subject is part of.