INFORMATION FOR THE TREATMENT OF PERSONAL DATA
The company Diacron Limited, with registered office in London at Northern & Shell Building, 8th Floor - 10, Lower Thames Street EC3R 6AF, London, United Kingdom as the owner of the processing of personal data (hereinafter the "Owner") of the website www.diacrongroup.com (hereinafter the "Site"), informs visitors to the Site (hereinafter the "Data Subjects") pursuant to Article 13 of European Regulation No 2016/679, the General Data Protection Regulation (GDPR).
The Owner is aware of the importance of the treatment of the personal data of the interested parties and, for this reason, takes care to indicate which data are treated and how they are treated. By proceeding to browse the Site or by indicating the desire to use the services provided by the same, the interested party declares to have read and accepted this information (hereinafter "Information"), thus giving consent to the processing of personal data by the Owner.
For any information, doubt or request relating to this Policy, the Owner provides the following email address: email@example.com
What are the rights of the interested party in relation to the processing of personal data?
The Data Subject has the following rights:
- The right to be informed that there is an ongoing data processing concerning him/her and, if so, to have access to the processed personal data;
- right of rectification of personal data;
- the right to erasure (right to be forgotten) of personal data concerning him/her;
- right to limitation of the processing of personal data concerning him;
- right to data portability to receive, or have transmitted to another Holder, personal data concerning him/her in a structured, commonly used and machine-readable format;
- Right to object to the processing of personal data;
- Right to withdraw consent previously given;
- The right to lodge a complaint with the competent authorities for violation of personal data processing.
How to exercise your rights?
The interested party may exercise its rights by writing to the above email address.
The Data Controller does not intend to charge Data Subjects any costs to exercise any of their rights, but to do so the Data Controller may require specific information to follow up on the Data Subject's communications in relation to the rights.
The above mentioned communications are usually acknowledged within 30 days from the receipt of the communication itself, but in case this term cannot be respected (e.g. due to excessive load of requests or complexity of the answer) it will be care of the Holder to communicate it to the interested party and to keep him updated on the developments of the communication sent.
What personal data are processed?
The Data Controller processes the personal data provided by the Data Subject and by third parties in order to be able to follow up on the Data Subject's contact requests received through the Site (hereinafter the "Services").
a) Data provided directly by the interested party
|Category of personal data
Identification and contact details
First name, last name, residence/domicile, email address, phone number
b) Data collected by third parties
|Third party source of personal data
|· Behavioral data
· Technical Data
The Owner may collect, use and share aggregate data, such as statistical or demographic data, for any purpose.
Aggregated data may be derived from the Data Subject's personal data, but once aggregated does not constitute personal data under the GDPR as it is not capable of directly or indirectly identifying the Data Subject. However, if the Data Controller combines or connects aggregated data with the Data Subject's personal data in a way that allows the Data Subject to be identified, directly or indirectly, the Data Controller will process the resulting data in accordance with the provisions of the Disclosure.
The Data Controller does not process any category of special data of the Data Subject (special data means data relating to ethnic or racial origin, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, genetic, biometric and health data), and does not process any data relating to criminal convictions and offences committed by the Data Subject.
Why are personal data processed?
The Data Controller processes personal data for the following purposes indicated in the table below. The GDPR requires that for each purpose of processing personal data, the Data Controller has a legal basis for carrying out the processing.
The Data Controller may carry out the processing of the personal data of the Data Subjects through the consent of the Data Subjects as the legal basis for the processing. The consent can be revoked at any time, but the processing carried out until the consent is revoked cannot be affected.
Below is a table summarizing the goals and a description of them:
Provide support to stakeholders
Resolve technical issues encountered by Interested Parties while browsing, their requests for assistance, improve the Services and the Site, and provide support requested by Interested Parties.
The data will be kept until the processing of the request for support of the interested parties.
The Data Controller may send updates, not of a commercial nature, to inform the Data Subject of developments in its business such as agreements with commercial partners and participation in events.
Personal data will be stored for 24 months
Comply with legal, regulatory and business protection obligations of the Owner
The Data Controller may process the personal data of the Data Subject in order to comply with legislative and regulatory obligations, such as to comply with the provisions of judicial and administrative authorities. The Data Controller may also process data in order to protect its rights and interests, such as, for example, in case of judicial protection or due diligence in case of evaluations of changes in the corporate structure.
Personal data will be stored for the period of time determined by law, regulation and/or the relevant authority.
What happens if the Data Subject does not provide the necessary personal data?
If the data is necessary to provide the Services and to support the interested parties, the Owner will not be able to provide the Services and support the interested parties in their requests. In this case the Owner may, alternatively, request the integration of personal data or delete the personal data of the interested party preventing the provision of Services.
For purposes other than providing the Services and providing support to Data Subjects, the provision of data is optional and failure to provide personal data will not affect the aforementioned purposes of Processing.
To whom are personal data disclosed and disseminated?
The personal data of the interested parties may be communicated to third parties other than the Data Controller, as better indicated in the following table:
|Purpose of communication
The Owner's suppliers support it in the provision of the Services with, but not limited to, Site development, hosting, maintenance, backup, virtual infrastructure.
In case of legal obligations or obligations relating to a relationship established with the interested party, the Owner may communicate personal data to external consultants, such as, for example, the accountant and the lawyer.
Authorities and legal proceedings
The Data Controller may disclose the personal data of data subjects to state and/or administrative and/or judicial authorities if this is required by law, regulations or measures of the authorities or to defend its own rights and/or interests.
The personal data of the interested parties will not be disseminated.
Where do we store personal data?
The Data Controller stores personal data in paper archives within the Data Controller's premises, as well as in computer archives located both within and outside the European Union if this is instrumental to the pursuit of the purposes indicated above. In the latter case, the Data Controller ensures that companies not based within the European Union are treating personal data with the utmost confidentiality in compliance with the decisions of adequacy of the European Commission, any Privacy Shield or, if necessary, entering into agreements that ensure an adequate level of protection.
How are personal data processed?
The Data Controller processes the personal data of the Data Subjects by adopting appropriate security measures to prevent unauthorised access, disclosure, modification and destruction.
The data processing is carried out through computer procedures, telematic means and, residually, on paper by specially authorized internal subjects as well as by external managers if appointed, and this also according to contractual agreements in place.
What is the policy on data processing for minors?
The Owner is aware of the delicacy of the data processing of minors. In particular, the Services are not intended to be provided to minors under 14 years of age and the Owner does not voluntarily process the data of minors under 14 years of age: in this sense, the interested parties are requested not to request the provision of the Services if they are under 14 years of age.
The Owner encourages those who exercise parental responsibility over children under the age of 14 to ensure that they do not request the provision of the Services and, in any case, to educate children under the age of 14 not to release their personal data via the Site.
In the event that the Data Controller becomes aware that certain personal data relates to children under the age of 14, the Data Controller will take steps to delete the personal data.
What happens if there are links to other websites?
The Data Controller informs the Data Subjects that this Policy applies only to the Site and, in the event that there are links to other websites, the Data Subject must check the policies of those sites before releasing his/her personal data.
The Data Controller takes no responsibility for personal data provided by Data Subjects on other websites.
The Data Controller reserves the right to modify this Policy at any time. In case of changes, the Owner will upload on this page the new information and, in this sense, if it urges the interested party to check the changes in the Information: the interested party can see the history of information by checking the date affixed.
By continuing to use the Site following the changes, you accept those changes and consent to the processing of your data as modified.