PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA
(article 13 of EU Regulation 679/2016 - General Data Protection Regulation - GDPR)
DATA CONTROLLER
BRT S.p.A., with registered office in Italy, at Piazzale Luigi Cadorna 4, postcode 20123 Milan, and administrative headquarters in Italy, Via Enrico Mattei 42, 40138 Bologna, with tax and VAT number 04507990150, registered with the Milan Register of Companies, "R.E.A." 1734257 (hereinafter also referred to as "BRT").
DATA PROTECTION OFFICER (DPO)
BRT's Data Protection Officer can be contacted at the following e-mail address
[email protected].
SOURCE OF THE PERSONAL DATA
Your personal data (hereinafter "Data"), indicated in article 4 below, have been provided by you to BRT or by the person who sent a request to BRT, if it was not you.
1 - PURPOSE OF PROCESSING
1.1 - Responding to requests: The Data you provide will be processed by BRT to respond to your requests of any nature.
1.2 - Direct Marketing: the Data will be processed for the purpose of sending direct sales advertising material, through the use of automated contact tools such as e-mail or other tools.
You can refuse such treatment and in this case there will be no negative consequences for you.
1.3 - Rights of the Data Controller: the Data will be processed, if necessary, to ascertain, exercise or defend the rights of BRT in court.
2 - LEGAL BASES FOR PROCESSING
2.1 - Responding to requests: execution of a contract to which you are a party.
2.2 - Direct marketing: consent.
2.3 - Rights of the Data Controller: legitimate interest
3 - PERSONAL DATA RETENTION PERIOD
3.1 - Responding to requests: the Data collected will be kept for a maximum of 30 days.
3.2 - Direct marketing: until you revoke your consent to this purpose.
3.3 - Rights of the Data Controller: in the case of out-of-court litigation, for the entire duration of the litigation, until the time limit for appeals has been reached
Once the above mentioned retention periods have expired, the Data will be destroyed, deleted or made anonymous, compatibly with the technical procedures of deletion and back-up.
4 - CATEGORIES OF PERSONAL DATA PROCESSED FOR CONTRACTUAL PURPOSES - DIRECT MARKETING - DATA CONTROLLER'S RIGHTS
Common data, biographical data, contact details.
5 - OBLIGATION TO PROVIDE DATA
The provision of the Data highlighted with a star (*) is compulsory in order to fulfil your requests; therefore, failure to provide such Data will not allow BRT to process your request.
The provision of Data not highlighted with a star (*) is optional.
6 - DATA RECIPIENTS
The Data may be processed by external subjects operating as autonomous data controllers such as, by way of example, authorities and supervisory and control bodies and in general subjects, public or private, entitled to request the Data.
The Data may also be processed by external parties on behalf of BRT designated as data processors, who are given adequate operating instructions. These entities are essentially included in the following categories:
a. enterprises providing management, maintenance and development services for information systems.
b. companies that offer support in relation to customer assistance services or in carrying out market studies.
7 - PERSONS AUTHORISED TO PROCESS DATA
The Data may be processed by the employees of BRT's corporate functions and by the data processors appointed by BRT to pursue the purposes indicated above, who have been expressly authorised to do so and who have received adequate operating instructions.
A complete and updated list of BRT's appointed Data Processors can be obtained by writing to
[email protected].
8 – DATA PROCESSING METHODS
The data Controller processes your Personal Data in accordance with the provisions of current legislation, both with the aid of electronic and automated means and through paper archives, with logic strictly related to the purposes of the processing, through databases, electronic platforms, IT systems managed by the Data Controller or by third parties (appointed Data Processors), and/or websites owned or used by the Data Controller.
The Data will be processed using methods designed to ensure maximum security and confidentiality and only by persons trained and authorized to process it. BRT adopts appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the processing.
BRT may also use systems based on artificial intelligence technologies to support its activities, in full compliance with applicable data protection legislation and Regulation (EU) 2024/1689 (the "AI Act"), adopting in any case suitable measures to guarantee the transparency, fairness and security of processing, as well as the possibility of human intervention at every decision-making or automated stage.
9 - YOUR RIGHTS AS A DATA SUBJECT - COMPLAINT TO THE SUPERVISORY AUTHORITY
By contacting BRT, you can request:
1) access to the Data concerning you,
2) their deletion,
3) the rectification and integration in case of inaccurate or incomplete Data,
4) the restriction of processing in the cases provided for by art. 18 of the GDPR,
5) the objection to the processing in the hypothesis of legitimate interest of the Data Controller,
6) in the event that the processing is based on consent or contract and is carried out by automated means, you have the right to receive your Data in a structured, commonly used and machine-readable format, as well as, if technically feasible, to transmit them to another data controller without hindrance.
7) in the cases provided for by article 22 of the GDPR, the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or affects him/her in a similar way. In particular, you may object to automated processing relating to the purpose referred to in point 1.2.
To exercise your rights as set out in the above list, you may send an e-mail to the following address:
[email protected].
You also have the right to lodge a complaint with the competent supervisory authority in the Member State where you normally reside or work or in the State where the alleged infringement has occurred.
10 - STORAGE OF PERSONAL DATA AND TRANSFER TO COUNTRIES OUTSIDE THE EUROPEAN UNION
The Data will be stored and processed within the European Union. Details of the EU countries by application are available at
[email protected].
If, in order to pursue the purposes of the processing, the Data are transferred to countries outside Europe, BRT will adopt appropriate guarantees for the transfer provided by law.
