Information on

the processing of personal data

The EU Regulation No. 2016/679 (hereinafter referred to as the GDPR – General Data Protection Regulation), has regulated the protection of natural persons in relation to the processing of personal data. Ysbel intends, in the development of its activities, to process any personal data it could possibly obtain according to principles of rectitude, lawfulness, transparency and protection of the privacy of the interested persons, according to the above mentioned regulation.

According to art. 13 of the GDPR, therefore, we are providing the following information:

1) Who will be in control of data processing? Data will be processed by Ysbel, with headquarters in Turin, Italy, in the person of its protempore legal representative. Any interested persons can address any requests to the Data Controller to the email address info@ysbel.it.

2) What data will be processed? The personal data which we might collect and process during the development of our activities are personal data (e.g. name, surname, address, date and place of birth, National Insurance Number), contact data (e.g. telephone number, personal email addresses), payment data (e.g. bank current account, credit card number), as well as all data required for invoicing. We will not process data regarding health and, in general, particular data indicated in articles 9 and 10 of the GDPR. For any data collected by cookies on the website please refer to the website Cookie Policy.

3) According to what purpose will be data processed? The available personal data will be processed according to the following purposes:
a) law purpose: compliance to any national or EU law obligations, regulations, as well as any regulations issued by any Authorities qualified by law;
b) marketing purposes: preparation and mailing (via email and/or postal service and/or telephone) of information or advertising material related to the activities of Ysbel.

4) What is the nature and what are the consequences of any provision or refusal to provision of personal data? The provision of personal data in accordance to the purposes in the above mentioned letter a) is compulsory and the processing does not require the consent of the interested person. The juridical base is the implementation of a law obligation. The provision of data necessary for the purposes in the above mentioned letter b) is merely discretional. The processing of data to those purposes is made according to the specific consent of the interested person, who will be granted the right to revoke it in any moment..

5) What will be the processing modalities? Data processing
a) will be made both manually and through electronic and information tools, with particular attention to the safeguard and privacy of any personal data provided;
b) through the operations or set of operations defined in art. 4, no. 2 of the GDPR (e.g. collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, alignment or combination, restriction, erasure or destruction).

6) For how long will data be stored? The data processed according to marketing purposes, as per letter b) in the art. 3 of this document will be stored for a maximum period of 36 months.

7) Who are the recipients to whom data can be disclosed? The Data Controller can disclose the data collected for the purposes in the above mentioned letters a) and b) in the art. 3 of this document, spreading excluded, to the following recipients:
a) Recipients who shall receive communication as per national or EU law obligations;
b) Holder recipients who need access to data for auxiliary purposes related to the relationship between the Data Controller and the natural person involved, for purposes strictly connected to the implementation of their activities (e.g. staff working in post offices, banks, information technology companies);
c) Any consulting persons or companies or recipients providing to the Data Controller instrumental services connected to the purposes for which data are collected, for purposes strictly connected to the implementation of their services, who are entitled as Data Controller according to the Art. 28 of the GDPR (e.g. accountants, etc.);
d) Natural persons being part of the following categories: Data Controller employees or co-operators or employees of the third parties designated as Data Controller.

8) Can data be transferred to third Countries? Should the Company utilise service providers with headquarters in third Countries outside the EU, it will have the necessity of transferring personal data towards those Countries. The transfer will be made according to the art. 44-47 of the EU Regulation 679/2016 in order to guarantee, also in that case, the safety and integrity of personal data. The list of the data transferred and of the destination Countries can be required to the Data Controller at the email address info@ysbel.it.

9) What are the rights of the natural persons involved and how can they be exercised? Art. 15 and following of the GDPR grant the natural persons involved a series of rights, such as: (i) the right of accessing personal data and information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of any communication of personal data, period of storage of personal data; (ii) of adjustment; (iii) of cancellation; (iv); of limiting the processing; (v) of data portability; (vi) of opposition; (vii) of opposition to automated decisional processes; rights that can be exercised, if applicable, by addressing to the Data Controller a registered mail to the headquarters of the company, or an email to the address indicated in art. 1, by clearly stating the subject of the request. The natural person involved has also the right to complain to the Data Protection Authority and the right to obtain from the Data Controller an entire and actual refund for any damage deriving from any personal data processing in violation of the law. Should the processing be legitimated by consent, the natural person involved can revoke such consent in any moment.