Privacy Policy
Privacy notice pursuant to art. 13 of the EU Regulation n. 2016/679 and the relevant applicable legislation
Pursuant to art. 1 of the EU Regulation n. 2016/679 (the “Regulation” or “GDPR”), as well as the applicable privacy legislation, BASICNET S.p.A. with sole shareholder (hereinafter the “Company” or the “Data Controller”), in its capacity of Data Controller of the processing of your personal data, informs you that the personal data you provided or that were acquired during the registration process to request the fidelity card BasicCard (hereinafter the “BasicCard”) will be processed in compliance with the applicable legislation as well as the principles of fairness, lawfulness, transparency and confidentiality protection provided therein.
Source and category of data processed
The personal data of the user interested to the benefits linked to the BasicCard are acquired by the Data Controller at the BasicNet Group stores or by means of the BasicBank.net website.
The data which might be subject to processing are mainly identification, contact and personal data (by way of example, first and last name, residential address, telephone number, e-mail address, etc.). Under no circumstance will personal data of a sensitive nature (pursuant to Art. 9 of the Regulation) or judicial data (pursuant to Art. 10 of the Regulation) be processed.
The optional sending, explicit and voluntary, by the user who is forwarding an information request by means of the form available in the “Contacts” section of the BasicBank.net website involves the acquiring and the processing by the Data Controller of such data and of any other information within such communications for the purposes stated in the following paragraph.
Complete details on each category of data collected shall be provided by means of other specific informational texts which the user can view before the collection of the data itself (and, if necessary, provide his or her consent).
Purposes of the processing and nature of the providing of data
The data processing will be for the purpose of carrying out the activities listed below:
| Purposes | Related processing activities | Lawfulness of processing and necessary consent | Consequences in the event of failure to provide the required consent / data | |
|---|---|---|---|---|
a) | Allowing the Data Controller to comply with legal obligations and regulations (including those necessary to guarantee an adequate cybersecurity, limiting the possibility of malware dissemination and the tracking of any malicious activity) or carry out an order of a judicial authority or of other authorities to which the Data Controller is subject. | Data collection (IP address, type of device and browser, etc) and technical cookies necessary for safe browsing on BasicBank website. Collection of the data necessary for the activities of univocal identification of the User (login and registration phases, and browsing in restricted areas) | The processing is lawful pursuant to letter c) paragraph 1 article 6 of the GDPR “Legal obligation” and f) “Legitimate interest” concerning the cybersecurity of the IT systems. Therefore, the consent is not required. | The browsing of the website will only be possible in an anonymous form. The login/registration will not be allowed. |
b) | Outline the authentication profile required to access the website [•] and therefore allowing the User to access the user registration for the purposes of the issuance of the fidelity card and enabling the User to enjoy the benefits associated with the BasicCard and the services rendered as a result of the user registration, as well as the management of any requests submitted by the User. | Collection of the personal data and pairing with the fidelity card “BasicCard” Support provided to the User (information requests, bug reports, etc) | The processing is lawful since to use the BasicCard it is necessary to adhere to general terms and conditions of a contract (pursuant to letter b), paragraph 1 of the GDPR). Therefore the consent is not required. | Failure to provide the data will result in the Company not being able to duly implement the above. In particular, the fidelity card BasicCard contract shall not be executed and the card shall not be issued. |
c) | Direct marketing activity (BasicNet Group) | Sending of advertising material and reporting of commercial contents (discounts, promotional offers, etc) | The processing is lawful because of the consent (letter a) paragraph 1, art. 6 of the GDPR) where given by the User. The BasicCard can be used for all brands of the BasicNet Group: the granting of the consent authorizes the companies of the BasicNet Group to provide the direct marketing and commercial service. | In case of failure to grant the required consent, the interested customer will not be able to benefit from the marketing and commercial content: the BasicCard can be issued and used without any further consequence |
d) | Profiling activities (BasicNet Group). In particular, the collection, the analysis of the User’s behavior, the profiling, the registration and the processing of the purchase data, including those relating to the detail of the frequency, the quantity and the type of purchase (even if only potential), will be carried out to prepare and propose customized promotions and offers, as well as to carry out market analysis and research. | Defining the purchasing characteristics of the interested customer to suggest the most appropriate commercial opportunities | The processing is lawful because of the consent (letter a) paragraph 1, art. 6 of the GDPR) The BasicCard can be used for all brands of the BasicNet Group: the granting of the consent authorizes the companies of the BasicNet Group to tailor the Group’s offers on the basis of the detected purchasing characteristics. | In case of failure to obtain the required consent by the interested customer, only generic commercial and marketing contents, where necessary, will be displayed: the BasicCard can be issued and used without any further consequence. |
The Data Controller safeguards the data from dissemination processing.
Place of the processing
The data of the data subjects shall be processed at the premises of the Data Controller and of the data processors which process the data on its behalf, within the European Economic Area. The Data Controller shall in any case implement measures to mitigate the risk as provided by the GDPR, in those cases where it is necessary to process data in cloud systems owned by companies with registered office outside the EU.
Methods of data processing
The processing of personal data shall be carried out by means of hard copy, electronic and telematic tools, and with regard to the use of personalized services by means of profiling, if consent were to be given, the processing will take place through an automated decision-making process and by means of a specific algorithm which shall decide which communications are best suited to the User’s profile or which might be of most interest. The Data Controller adopted safety measures suitable to ensure the safety and confidentiality of the User’s personal data as well as, with reference to profiling, to protect of your right, freedoms, and legitimate interests, and, in particular, to protect of your right to obtain human intervention by the Data Controller, to express your own opinion and to challenge the (Data Controller’s) decision.
Personal data recipients
The data may be communicated to:
- subjects (in particular, public authorities and entities) whose processing power is recognized by mandatory legal provisions;
- subjects, also external and therefore ascribable to the role of External Data Processors, to whom the Data Controller refers to carry out instrumental and/or ancillary activities for the management of the BasicCard and the provision of services and benefits related thereto. These Processors are subject to specific personal data security and protection provisions ex article 28, paragraph 3, GDPR.
The Data Controller’s personnel has been duly trained and appointed with regard to personal data protection.
Data retention
In accordance with the principles of proportionality and necessity, the data will not be retained for periods of time longer than those strictly indispensable to fulfill the purposes mentioned above, without prejudice to any legal obligations, or anyways according to what is necessary for the safeguard of the rights and the interests of both the users and the Company, and, in any case, if applicable, until the withdrawal of the User’s consent, which might take place at any moment.
In the event of withdrawal, disabling sue to non-use within a specific time frame, expiry or restitution of the BasicCard, the personal data shall be retained exclusively for administrative purposes for a period of time not exceeding three months, without prejudice to any legal obligations.
Rights of the data subject
The data subjects the personal data refer to have the right at any moment to exert all rights pursuant to articles 15 – 22 of the GDPR (the main ones including the right of access, of erasure, of rectification, of restriction and to object to the processing).
Moreover, we inform you that you have the right to withdraw at any moment any consent granted with regard to specific optional activities, without prejudice to the lawfulness of the processing carried out before such withdrawal.
These rights can be exercised by written communication to be sent to: basiccard@basicbank.net
Data Controller
The Data Controller is BasicNet S.p.A. with sole shareholder with registered office in Torino, Largo Maurizio Vitale 1, 10152 Torino, Italy.
A list of the External Data Processors is published on the Data Controller’s website.
Data Protection Officer (“D.P.O.”)
The mail contact address of the D.P.O. is: dpo@seefree.it