Therefore pursuant to the regulation referred to in the epigraph, we provide you the following information:
1. Purposes of the processing for which the data are intended
The processing of data requested to you is carried out by these methods and purposes:
- creating an account to access the service by means of username and password (hereinafter “Account” for short);
- creating one or more personal profiles containing your minimum data useful to make the provision of Service easier; Data such as: e-mail address, telephone number and home address (hereinafter “Profile” for short”);
- digital archiving of sales receipts, tax receipts or purchase invoices (hereinafter “Proof of Purchase or Proofs of Purchase” for short) in order to activate Warranties;
- digital archiving of images, technical information and manuals (hereinafter “Datasheets” for short) of purchased products (hereinafter “Products” for short) in order to simplify the identification of Products covered under warranty;
- digital archiving of data concerning the Stores where you made the purchases (hereinafter “Store or Stores” for short) in order to simplify the warranty management in case of defects;
- digital archiving of information regarding statutory warranties, conventional warranties, extended assistance, insurance policies, etc (hereinafter “Warranties” for short) related to Products in order to calculate expiry dates, identify restrictions and activation modalities;
- consultation of archived Data, such as Account, Profile, Proofs of Purchase, Datasheets, Warranties, Stores (hereinafter “Data” for short) in order to make easier for you to ask for assistance in case of Products defects, malfunctions or damages;
- dissemination of archived Data to other Service users in order to allow the transfer or sharing of those data; for instance, in case of gifted Products;
- dissemination of archived Data to third parties, such as manufacturing companies or technical support centers, in order to enable the Warranties activation and management or the Products repair.
2. Method and duration of processing
The processing shall be carried out by automated means and/or manually by methods and instruments, in compliance with security measures imposed by article 32 GDPR. The processing shall be done by internal entities and external Representatives specially appointed by Garanteasy, in accordance with the provisions of article 29, clause 3, point a) of GDPR. We inform you that, in compliance with the principles of lawfulness, purpose limitation and Data minimization, pursuant to article 5 of GDPR 2016/679, your personal data shall be processed within a time period no longer than is necessary for the purposes for which personal data are collected and processed and in compliance with the time limits prescribed by Law, in other words the effective period of statutory Warranty and any other warranty related to the product that you purchased. Your Data shall be erased within 72 hours following the expiry date of any Legal obligation related to any form of warranty of the products that you purchased. Pertaining to the mentioned purposes, Your data shall be processed electronically. Upon your request data may be still saved longer on the Platform as a function of future use such as, for instance, out of warranty repair requests or product transfers to third parties.
3. Nature of data provision
Data requested for processing must be accompanied by your free and informed explicit Consent, in this regard we invite you to read more about your Rights (Point 6 – Rights) and the Purposes of data Processing (Point 1 – Purposes) before giving your potential consent.
The Platform on which your Data shall be entered has been designed by Garanteasy according to criteria set out by article 25 of GDPR, EU Regulation 2016/679, considering since design phase the stringent requirements of your Privacy protection.
4. Scope of data communication and dissemination
Your data may be transmitted to:
– all parties to whom the right to access these data is recognized under regulatory measures;
– Garanteasy coworkers and employees, within the scope of their duties;
– potential third-party Companies appointed as Data Processors by Garanteasy;
We also inform you that collected Data shall never be disseminated and shall not be subject of communication, except for Controller and Processors, without your explicit consent.
5. Data Controller, Data Processor and Data Protection Officer
In case you manually archive Data on the Platform, the Data Controller is Garanteasy in the person of the Legal representative Dr. Carmela Magno firstname.lastname@example.org.
The processing of your Data by Processors shall be carried out more precisely as laid down in the New Privacy Code, EU Regulation 2016/679 (GDPR) article 28, clause 3, point a), in other words by means of a written agreement and on the instructions of the Controller (Garanteasy).
For any clarification and to exercise the Rights specified below (except for the withdrawal of consent to Data processing and erasure the procedure of which is indicated in the following Point 8 – withdrawal/erasure), you can freely address to Garanteasy managers by sending an e-mail to this address: email@example.com.
6. Your Rights as regards the processing
You can exercise your rights at any time, pursuant to article 7 of Privacy Code and articles 15-22 of GDPR EU Regulation 2016/679, against the Data Controller and/or Data Processors – The rights guaranteed by the above-mentioned articles are:
– to request the confirmation of the existence or not of your Data in the Platform;
– to obtain indications about the purposes of processing, the categories of your personal data, the
recipients or categories of recipient to whom your Data have been or will be disclosed and, where
possible, the data retention period;
– to obtain the rectification and/or erasure of your Data;
– to obtain the restriction of processing of your Data;
– to obtain the Data portability, that is to receive data by Data Controller or Processor, in a structured,
commonly used and machine-readable format, and to transmit those data to another controller of your
Data without hindrance;
– to object to the processing of your Data at any time and also in case of processing for direct marketing
– to object to an automated decision-making process relating to the processing of your Data.
7. Processing of sensitive data
In case of purchases that are connected to your personal circumstances, such as electro-medical equipment or medical equipment in general, or connected to sexual or ideological orientation, your Data, as in any other case, shall be processed with the utmost confidentiality, as provided by New Privacy Code (GDPR, Regulation 2016/679 and its transposition Law, Legislative Decree 101/2018) article 9, clauses 1 and 2, points a) and b). Data shall not be disseminated, tracked or profiled, but only archived and they may be erased as provided for in previous Point 6 – Rights.
8. Withdrawal of consent to processing of Data about the Purchase made from a licensee and erasure of all the Data in the Platform
You have the right to request to Garanteasy the erasure of all your Data from the Platform by logging into your personal area in the settings section where there is a specific functionality of erasure . The erasure request shall entail the erasure of all your Data from the Platform; included your Profile data, even though those Data was manually archived by you or was related to purchases from other licensees. Therefore the total erasure of your Data shall entail the complete interruption of the Service. The erasure shall be accomplished within the following 72 hours starting from the receipt date of your erasure request.