Privacy Policy Member Portal
Privacy Policy Member portal Gruppo UNA
PERSONAL DATA PROCESSING POLICY
In order to comply with articles 13 and 14 of EU Regulation no. 2016/679 - General Data Protection Regulation (hereinafter also “the Regulation”), we would like to inform you that registration in the reserved area (hereinafter also “Reserved Area”) and use of the services it offers and that you choose to enable (hereinafter also the “Services”) involve the processing of personal data that refers to you.
The personal data controller is Gruppo UNA S.p.A. (www.gruppouna.it), with headquarters in Milan, Via Gioacchino Murat, 23 (hereinafter, “Gruppo UNA” or the “Company”).
- The categories of data we process
The personal data that is processed is the data required to register with the Reserved Area and to use the Services. This data is provided directly by you when you register with the Reserved Area, or is collected when you enable the Services.
The following categories of personal data will be collected and used (hereinafter referred to as the “Data” or “Personal Data”):
- your first name and surname and contact email address;
- date regarding operations performed and services used, including your payment history;
- data regarding the payment methods and tools selected and indicated.
- Why we request your data
The Data will be processed for the purposes and on the basis of the following legal grounds:
- (F1) - Registration in the Reserved Area: Data will be processed in order to permit registration in the Reserved Area which allows you to use the Services;
- (F2) - Provision of Services: processing will take place in order to provide you with the Services you have requested;
- (F3) - Management of information requests, contact requests and/or requests for assistance and support during purchasing procedures or in the pre-contractual phase or technical assistance: processing will take place in order to meet your requests for information and clarification, or to provide you with operational and/or technical assistance to manage order and purchasing procedures, as well as for any other support.
Categories of Data |
Legal basis |
Providing the Data |
|
F1 |
a); |
The legal basis for processing is the need to perform a contract to which you are a party or provide you with a service that you have requested. |
The provision of your Data is necessary to achieve the stated purpose; if you do not provide it, you will not be able to proceed with registration in the Reserved Area. |
F2 |
a); b); c); |
The legal basis for processing is the need to perform a contract to which you are a party or provide you with a service that you have requested. |
The provision of your Data is necessary to achieve the stated purpose; if you do not provide them, we will not be able to provide you with the Services you have requested. |
F3 |
a); b) |
The legal basis for processing is the need to perform a contract to which you are a party or to implement a pre-contractual measure you have requested. |
The provision of your Data is necessary to achieve the stated purpose; if you do not provide it, we will not be able to provide you with assistance and/or the support you have requested. |
- How we process Data
Data is held in full compliance with the security measures required by privacy laws and managed also using electronic tools, adopting special computerised procedures and data processing methods in accordance with the aims pursued. Data may be accessed and operations performed only by staff authorised and trained to do so, and always under the supervision of the data controller or data manager.
- Scope of data disclosure and data managers
Personal data will not be distributed. When necessary to pursue the aims mentioned above, Personal Data may be disclosed to the following categories of parties:
- companies that provide payment services: disclosure is necessary so that the Company can provide you with the payment services you have requested;
- parties entitled to access data in accordance with regulatory provisions (such as, for example Judicial Authority, Judicial Police Authority, Supervisory and Security Authorities, etc.): in such cases, disclosure is necessary for the purposes of complying with legal and regulatory obligations or European legislation, or on the basis of an order by the Judicial Authority or other public Authorities;
- third-party companies who perform certain activities on our behalf (for example, IT services companies) and with whom we have agreements governing the processing of personal data.
- How long will we process the Data for?
The Data will be processed for the time strictly necessary to pursue the purposes indicated above. In particular:
Purpose |
Retention time |
F1 |
Two (2) years from the last access to the Reserved Area. After this time, the Reserved Area will be disabled and the Data associated with it will be deleted, unless it is necessary to retain it for other purposes and on the basis of other legal grounds (for example, for administrative and accounting purposes). |
F2 |
The Data will be retained for the entire period of use of the Services and until the account is disabled; after which the Data may be retained, within applicable limits, for ten (10) years from the last entry in the account books or for as long as may be required by applicable individual laws. |
F3 |
For the time strictly necessary to process the request and subsequently in compliance with the terms established for the contractual relationship, if applicable. |
- Rights of the data subject
Articles 15-22 of the Regulation guarantee you the right to access data regarding you at any time, to have it rectified and/or supplemented, if it is inaccurate or incomplete, to have it deleted or to restrict its processing, if the conditions are met, to oppose its processing for legal reasons relating to your particular situation, and to the portability of the data you have provided, when processed using automated means to perform the contract or on the basis of your consent.
If you have any doubts or queries about the processing of your Data or requests regarding exercising the rights you are entitled to under the Regulation, as well as for more detailed information about Data processing, you can contact the “Data Protection Officer” at this email address: privacy@gruppouna.it.
This does not affect your right to contact the Data Protection Authority, including by lodging a complaint, where deemed necessary, to protect your Data and your rights.