Information in accordance to the Legislative Decree no. 196, art. 13 of June, 30 2003, (Italian Personal Data Protection Code) and to the EU Regulation 2016/679 on data protection (GDPR, General Data Protection Regulation UE 2016/679)
in accordance to the art.13 of the “Italian Personal Data Protection Code” and to the EU regulation on personal data protection (GDPR, General Data Protection Regulation UE 2016/679), Swascan srl (hereafter also “SWASCAN”) as data controller, provides the information concerning personal data processing of the users that browse the following websites:
Types of data
- Registration data: These data are required when signing up, also through informatic tools and procedures (registration form https://security.swascan.com/accounts/signup/ )
- Surfing data: The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols.
- Service activation data: The computer systems and software procedures used to operate the services acquire, during their normal operation, data related to the IP address used by the users that connect to the source website and the related service logs
Purposes of data processing
Data can be processed by Swascan for the following purposes:
- To grant the user the access to the website, to consent the provision of the on-line services of Swascan;
- To ensure a right and effective technical support;
- To send marketing communications, information on our services, regulations and conditions. Users’ information is also used to provide an answer in case of a contact;
- In order to make our website user-friendly, the gathered data serve the purpose of facilitating the browsing experience and make it more efficient in the future;
- To establish and verify responsibilities in case of a cyber crime at the expense of the website or third parties;
- To verify customers’ satisfaction;
- To make market analyses and statistics
Methods of data processing
The processing of the personal data is carried out both with and without using electronic or in any case automated, informatic and telematic instruments, with the only purposes listed above. Data processing will be lawful and correct, compliant with the regulation, with methods and tools to ensure maximum security and confidentiality and could be done with automated tools that memorize, handle and transmit the data.
Data processing is carried out, mainly by the internal organization of our company, under direction and control of the data controller, and for the previously listed purposes, also by companies of the group or third parties.
The personal data will be kept in a form which allows data subject recognition for a period not exceeding the purposes for which the data were collected and processed.
Registration data underwriting of points 1) and 3) of the first paragraph of this policy are mandatory, the missing provision of data, even if it is partial, will make it impossible for Swascan to erogate the requested service.
Without prejudice to the communications made in compliance with law obligations, Personal Data can be communicated for the purposes set out before to:
Third parties, appointed by Swascan to the execution of activities directly linked or instrumental to the erogation and the distribution of the services offered through the website www.swascan.com.
Entities in our commercial network, partnerhip and service distributors;
Entities that might become aware as “responsible” or “appointed” by Swascan, such as administrative staff, commercial staff, production staff and the IT office;
The updated list of the entities aware of the data is available, upon request, at Swascan office.
Personal data won’t be, anyway, matter of disclosure.
In accordance to the EU regulation on personal data protection (GDPR, General Data Protection Regulation UE 2016/679), data given to Swascan through electronic or in any case automated, informatic and telematic instruments are transferred and memorized in:
- GERMANY through the Service Provider Digital Ocean
Legal address: DigitalOcean 101 Avenue of the Americas Tenth Floor New York, NY 10013
- USA through the Google Cloud Computing service
Legal address: Mountain View, California, Stati Uniti
- ITALY at the Swascan operational headquarters
Legal address: Piazzale Giovanni dalle Bande Nere n° 9 Milano
Data transfer has been made by Swascan in accordance to the 2016/679 Regulation, and to the art. 25, comma 1 of the Directive 95/46/EC. For more information about the decisions of the Commission in terms of adequacy of Third Countries, it is available at this link.
Rights of the data subjects
According to the art. 7 of the 196/2003 Directive and GDPR 2016/679, the data subject can turn to Swascan srl, e-mail address firstname.lastname@example.org , to assert the following rights:
- Be aware of processing operations that might concern him/her;
- Obtain the confirmation as to whether or not personal data concerning him/her exist, regardless of their already being recorded, as well as the communication in an intelligible form of the data and their origin and the logic and the purposes on which the processing is based on;
- the erasure, anonymisation or blocking of processed data for unlawful purposes, including the data for which their storage is not necessary in accordance with the purposes for which data is collected or subsequently processed;
- Be informed of the source of the personal data;
- Be informed of the purposes and methods of the processing;
- Be informed of the logic applied, should the processing be carried out by means of electronic instruments;
- Be informed on personal data transfer from EU countries to “third” countries (not in the UE or not in the European Economic Space);
- Be informed of the identification data concerning Data Controller, Data Processors and the Representative appointed pursuant to article 5, paragraph 2;
- of the entities or categories of entities to which or whom personal data may be disclosed or that can be made aware of it as representative appointed in the State’s territory, as Data Processors or Persons in Charge of the processing.
- Obtain the updating, amendment or, where interested therein, integration of data;
- The Data Subject is entitled to object, in full or in part:
- on legitimate grounds, to the processing of personal data concerning him/her, although it is relevant to the collection purpose;
- to the processing of personal data concerning him/her in order to send advertising or direct sale material or to carry out market or trade communication surveys;
Anyway the Data Subject is free, anytime, to revoke his/her consent writing, without any formality, to Swascan srl to the e-mail address email@example.com
- Freely transfer his/her data to other service providers;
- Ask for modification, cancellation and removal of his/her data;
- File a complaint to the supervisory authority.
- Ensure the rights of the data subjects;
- Ensure what stated in the art. 13, Legislative Decree 30 June 2003, n. 196 (Italian Personal Data Protection Code);
- Ensure what stated in the EU Regulation 2016/679 on Data Protection (GDPR, General Data Protection Regulation UE 2016/679);
- Promptly inform the data subject in case of a data breach;
- Reply to all the requests from data subjects within 3 business days;
- Ensure the correct data management and processing in compliance with current laws;
- Ensure data safety and privacy in compliance with current laws.
Data Controller and Data Protection Officer
The data controller is Swascan Srl, with legal address in Piazzale Giovanni dalle Bande Nere,9, 20146 Milano. The list of people responsible for data processing is deposited with Swascan srl offices.
Data Protection Officer contact information is:
- Email: firstname.lastname@example.org
- Tel: + 39 0278620700
Data Controller contact information is:
- Email: email@example.com
- Tel: + 39 0278620700
The updated list of people responsible for data processing is available at Swascan srl legal address.