Guidelines for cookies and other tracking tools dated 10 June 2021 [doc. no. 9677876]; Directive 2002/58/EC of 12 July 2002 (Directive and Privacy) and Art. 122 of the Privacy Code; EU Regulation 2016/679 of 27 April 2016 (General Data Protection Regulation).
THE DATA CONTROLLER
Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR), the Data Controller is Etica SGR S.p.A. with registered office in Milan, Via Napo Torriani, 29 – 20124 Milan (hereinafter, “Etica SGR”), which provides you with the following information regarding the cookies installed on the domain www.eticasgr.com/en (hereinafter, “website”).
WHAT ARE COOKIES?
Cookies are small text files, usually consisting of letters and/or numbers, which are sent by the Website and stored by the browser installed on your device. Cookies are then sent back to the Website on your next visit.
Cookies make it possible to store information about visits to the Website and are a very useful technology, as they help the Website to function more efficiently. Without cookies, the Website would have no way of tracking certain information, such as storing your authentication credentials
Cookies can be classified according to:
- duration: session or persistent cookies;
- origin: first-party or third-party cookies;
- purpose: strictly necessary cookies, performance analysis cookies and behavioural advertising cookies.
Cookies which expire at the end of a browser session (normally when the browser is closed or when the session expires) are referred to as session cookies and are useful, for instance, for keeping the browsing session active. Cookies which, on the other hand, are stored for a longer period of time (between sessions) are called persistent cookies and are used, for example, to remember your preferences or to recommend targeted advertising.
The definition of first or third party refers to the website or web server that installs the cookie. First-party cookies are installed directly by the Website, whereas third-party cookies are installed by a different Website or web server, for instance, if the Website incorporates elements from other services, such as advertising platforms.
It should be specified that the purposes usually fulfilled by a cookie can also be achieved through other similar technologies, including the use of certain functionalities that allow devices to be identified so that visits to the Website can be analysed. In fact, this policy applies to any technology that stores or accesses information on your device. This could include, for instance, HTML5 local storage, Local Shared Objects (also called flash cookies) and fingerprinting techniques. Henceforth, when reference is made to cookies, this definition will also include other assimilated technologies.
What are the purposes of the cookies used by the Website?
Strictly necessary cookies
These cookies enable the Website to function properly and allow you to use its content and services easily. For example, you can browse the Website while keeping your language settings or store your authentication credentials. Strictly necessary cookies cannot be disabled. These cookies are stored in your browser for the time necessary to ensure the proper functioning of the Website.
|Strictly necessary cookies|
|Cookies subgroup||Cookies||Cookies used||Duration|
|eticasgr.com/en||_ga, _gat_UA-||Part One||730 Days, A few seconds|
|www.eticasgr.com/en||PHPSESSID, OptanonAlertBoxClosed, OptanonConsent||Part One||Session, 365 Days, 365 Days|
Performance analysis cookies
|Performance analysis cookies|
|Cookies subgroup||Cookies||Cookies used||Duration|
|eticasgr.com/en||_gid, _gclxxxx||Part One||1 Day, 90 Days|
|tr.outbrain.com||outbrain_cid_fetch||Third Parties||A few seconds|
These cookies enable the Website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services have been added to our pages. If you do not authorise these cookies, some or all of these services may not function properly.
|Cookies subgroup||Cookies||Cookies used||Duration|
|my.eticasgr.com||pll_language||Part One||365 Days|
Social media cookies
These cookies are set by a number of social media services we have added to the Website to enable you to share our content with your friends and connections. They are able to monitor your browser on other Websites and create a profile of your interests. This may have an impact on the content and messages displayed on other websites you visit. If you do not accept these cookies, you cannot use or view these sharing tools.
|Social media cookies|
|Cookies subgroup||Cookies||Cookies used||Duration|
|linkedin.com||li_gc, bcookie, lidc||Third Parties||729 Days, 730 Days, 1 Day
Behavioural advertising cookies
These cookies are used to track your navigation on the Website in order to analyse your behaviour for marketing purposes and create a profile of your tastes, habits and choices. In this way, Etica SGR can send you targeted advertising messages in relation to your interests and in line with the preferences you have expressed when browsing. These cookies are not necessary for the operation of the Website, so your consent is required for their installation.
|Behavioural advertising cookies|
|Cookies subgroup||Cookies||Cookies used||Duration|
|www.eticasgr.com/en||outbrain_cid_fetch||Part One||A few seconds|
|eticasgr.com/en||_fbp||Part One||90 Days|
|twitter.com||personalization_id||Third Parties||730 Days|
|linkedin.com||AnalyticsSyncHistory, lang, UserMatchHistory||Third Parties||30 Days, Session, 30 Days|
|youtube.com||CONSENT, YSC, VISITOR_INFO1_LIVE||Third Parties||5,957 Days, Session, 180 Days|
|www.linkedin.com||bscookie||Third Parties||730 Days|
Name of service and purpose
|Name of service||Origin||Purpose|
|www.eticasgr.com/en||Part One||Ensuring the functioning of the Website.|
|AddToAny (AddToAny LLC)||Third party||AddToAny is a service provided by AddToAny LLC that displays a widget enabling interaction with social networks and external platforms and the sharing of content on this Application. Depending on the configuration, this service may display widgets belonging to third parties, e.g. the managers of social networks on which interactions are shared. In this case, the third parties providing the widget will also become aware of the interactions and Usage Data relating to the pages where this service is installed. For further information: http://www.addtoany.com/privacy|
|Google Analytics||Third party||The Website uses Google Analytics, an analysis tool from Google that helps website and app owners understand how visitors interact with their content. A set of cookies may be used to collect information and generate website usage statistics without Google personally identifying individual visitors. In addition to generating reports on website usage statistics, the Google Analytics pixel tag may be used along with some advertising cookies to enable more relevant results to be displayed in Google properties (such as Google Search) and across the Web. More information on Analytics cookies and privacy: https://www.google.com/analytics/learn/privacy.html?hl=it. Add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout/|
|Google Maps||Third party||Google Maps is a map display service operated by Google, Inc. which allows this Application to integrate such content into its pages. Google uses these cookies to store user preferences and information every time the user visits web pages containing Google Maps. These cookies contain enough information to allow tracking. Read more about the use of data and its processing by Google: https://policies.google.com/technologies/partner-sites?gl=it&hl=en-GB|
|ScorecardResearch||Third party||Tracks the online behaviour patterns of our users anonymously (i.e. without making data subjects identifiable). The tags used by ScorecardResearch cannot identify the user visiting a page. For instance, ScorecardResearch Beacon tags can collect data such as timestamps, the URL and the title of the web page. In addition, the data collected by ScorecardResearch is only used in aggregate form. In other words, the reports created from this data will not say that Computer 1 went from Website A to Website B to Website C. For more information: http://www.scorecardresearch.com/privacy.aspx|
|SoundCloud||Third party||Audio tracks from the company’s official SoundCloud channel can be embedded on the Website. SoundCloud is an audio content delivery service operated by SoundCloud Limited which allows this Application to integrate such content into its pages. The personal data collected is usage data. For more information: https://soundcloud.com/pages/cookies|
|X||Third party||X social widgets can be embedded on the Website, showing recent tweets from the company’s official X profile. X social widgets are services for interacting with the social network X, provided by X Corp. For more information: https://twitter.com/en/privacy|
|YouTube||Third party||Videos from the company’s official YouTube channel can be embedded on the Website. YouTube is a video content display service operated by Google, Inc. which allows this application to integrate such content into its pages. The personal data collected are cookies and usage data. For more information: https://www.youtube.com/static?template=terms|
How do you manage cookie preferences?
When you first access any page of the Website, you will see a banner containing a short disclosure and a link to open the cookie consent centre through which you can easily choose which cookies to install. You can access the cookie consent centre at any time and easily via a specific link in the footer of the Website.
In addition to the above, you can also change your cookie settings via your browser, either by deleting all or some cookies or by restricting cookies to certain Websites. Below are instructions for changing the cookie settings for the most common browsers used:
- Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB&sjid=13317196159373659877-NA
- Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
- Internet Explorer: http://windows.microsoft.com/it-it/windows7/how-to-manage-cookies-in-internet-explorer-9
- Opera: http://help.opera.com/Windows/10.00/it/cookies.html
- Safari: https://support.apple.com/en-gb/HT201265
Please note that you can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on your browser. To disable Google Analytics, please refer to the link below: https://tools.google.com/dlpage/gaoptout. Disabling cookies or deleting them may affect the optimal use of certain areas of the Website or prevent certain functionalities, as well as affect the functioning of third-party services.
Communication and dissemination of data
The data collected using cookies may be processed by employees and collaborators of the company functions assigned to the pursuit of the above-mentioned purposes who have been expressly authorised to process them and who have received appropriate operating instructions. Such data may also be processed by trusted companies that perform tasks of a technical and organisational nature on behalf of Etica SGR. These companies act as data controllers. Furthermore, they may be processed by external parties acting as independent data controllers, such as, for example, authorities and supervisory and control bodies. Data collected using cookies may be transferred to the United States of America, subject to the guarantees set out in Chapter V of the GDPR.
By contacting the Data Controller by sending an e-mail to firstname.lastname@example.org, you may ask Etica SGR for access to the data concerning you, their deletion, the restriction of their processing in the cases provided for by At. 18 of the GDPR, as well as objection to processing in cases of legitimate interest.
If the processing is based on consent or a contract and is carried out by automated means, you have the right to receive the data in a structured, commonly used and machine-readable format and, if technically feasible, to send them to another data controller without hindrance. You also have the right to withdraw consent for unnecessary cookies without affecting the operation and functionality of the Website. Additionally, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).
Data Controller and Data Protection Officer
The Data Controller is Etica SGR, which can be contacted at Via email@example.com with registered office at Via Napo Torriani, 29 – 20124 Milan, Italy
The Data Protection Officer can be contacted at firstname.lastname@example.org.
INFORMATION IN ACCORDANCE WITH ARTICLE 13 Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter the “Regulation”).
Etica Sgr S.p.A., in its role as Data Controller, wishes to provide you with some information regarding the use of the personal data you have entered in the newsletter registration form.
- Purpose of processing, legal basis for processing and data retention periods
The personal data you register will be processed to manage your registration and send you our regular newsletter. The legal basis for carrying out such processing is the consent you have given in an informed manner and manifested by means of the newsletter subscription request (Article 6(1)(a) of the Regulation). In this regard, we would like to inform you that, since the processing of your data through this form is exclusively dedicated to guaranteeing your subscription to the newsletter, your consent will be expressed by clicking on the “Subscribe” button, thereby expressing your unequivocal intention to receive the newsletter. The data will be stored for as long as the newsletter service is active, i.e. until your consent is revoked.
In addition, personal data may be processed, subject to specific consent, for the following purposes:
- sending marketing information relating to Etica Sgr products and services, other than the information covered by the newsletter. The legal basis for carrying out such processing is your freely given and informed consent (Article 6(1)(a) of the Regulation). The data will be stored for as long as the newsletter service is active, i.e. until your consent is revoked.
- contacting you for direct offers or to ask you to complete satisfaction questionnaires and/or carry out market surveys regarding Etica Sgr’s products and services. The legal basis for carrying out such processing is your freely given and informed consent (Article 6(1)(a) of the Regulation). The data will be kept for the period of time necessary to achieve the purposes in question and, in any case, until you revoke your consent.
- responding to enquiries or complaints that you may have sent us by e-mail following subscription to the newsletter. The provision of data for this purpose is necessary for the provision of the service you have requested. The legal basis for such processing is the performance of the contract to which you are party or the performance of pre-contractual measures taken at your request (Article 6(1)(b) of the Regulation). The data will be kept for the period of time strictly necessary to comply with your request and, in any case, for a period not exceeding ten years from the time of conclusion of the contract.
With exclusive regard to processing based on consent, we inform you that, if given, you have the right to revoke your consent at any time without prejudice to the lawfulness of processing based on consent given prior to revocation. The provision of data for the purposes described in a and b above is optional. It is understood that, if you do not provide the data marked as mandatory, it will be impossible to proceed with your subscription to our newsletter.
- Data recipients and transfer to third countries
Your data will not be disseminated. In the event that it is necessary for the performance of specific processing activities, personal data may be communicated and/or transferred to third parties entrusted with carrying out instrumental activities for achieving the envisaged purposes and designated pursuant to Article 28 of the Regulation as Data Processors. In order to ensure the lawful processing of Data, third parties may only use Data in accordance with instructions given and documented by us. Third parties may include but are not limited to companies that manage and maintain the company’s information systems or companies appointed to carry out services related to email marketing activities. Your personal data may be transferred to entities located in third countries (meaning countries outside the EU and EEA). In such cases, Etica SGR shall obtain the necessary guarantees that the transfer of Data is carried out in compliance with the provisions of Chapter V of the Regulation.
- Rights of Data Subjects and Contact Details
As a data subject, you have the right to obtain from the Data Controller, in the cases provided for, access to your personal data, rectification of inaccurate data, deletion of data, restriction of processing, portability of Data, as well as the right to notify or object to processing, including the right not to be subject to a decision based solely on automated processing, including profiling. You may exercise your rights at any time by contacting the Data Controller using the following contact details:
Etica Sgr S.p.A.
Corporate Protection – Privacy
Via Napo Torriani, 29 – 20124 Milan, Italy.
Tel. +39 02/67071422
Fax +39 02/67382896
- Contact details for the Data Protection Officer (DPO)
Pursuant to Article 37 of the Regulation, the Data Controller has appointed a Data Protection Officer (DPO) who can be reached at the following e-mail address: email@example.com
- Right to complain
If you believe that the processing of your data is in breach of the Regulation, you have the right to lodge a complaint with a supervisory authority.
DISCLOSURE PURSUANT TO ARTICLE 13 of Regulation (EU) 2016/679 (General Data Protection Regulation) hereinafter the “Regulation”.
Etica Sgr S.p.A., as Data Controller, is required to provide some information regarding the use of personal data.
PURPOSE OF DATA PROCESSING
Personal data subject to registration will be processed for activities strictly related to the provision of the requested service.
The same data may also be processed, in the event of explicit consent of the customer pursuant to Art. 6 of the Regulation, for the following purposes:
- sending marketing information for Etica Sgr products and services, including the sending of the newsletter;
- direct offers or market surveys relating to Etica Sgr products and services.
Consent for the purposes described in points a and b is optional.
As part of the consultation of this Website, data relating to identified or identifiable persons may be processed. The Data Controller for the purpose of their processing is Etica SGR S.p.A, Via Napo Torriani 29, 20124 – Milan, Italy.
LOCATION OF DATA PROCESSING
The processing connected to the web services of this Website take place at the premises of the supplier and is carried out only by technical personnel duly appointed for the purpose or by persons responsible for performing occasional maintenance.
DATA PROCESSING METHODS
Personal data is processed, including by means of automated tools, for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are followed to prevent loss of data, unlawful or incorrect use and unauthorised access. Etica Sgr S.p.A has adopted all the minimum security measures required by law and, drawing inspiration from the main international standards, has also adopted additional security measures to minimise the risks concerning the confidentiality, availability and integrity of the personal data collected and processed.
DATA SHARING, COMMUNICATION AND DISSEMINATION
The data collected may be transferred or communicated to other companies for activities strictly connected with and instrumental to the operation of the service, such as managing the IT system. The personal data provided by users who request dispatch of informative material (brochures, informational material, etc.) is used for the sole purpose of performing the service or provision requested and are communicated to third parties only if necessary for that purpose (companies that provide enveloping, labelling, mailing services). Outside of these cases, personal data will not be communicated or granted to anyone, unless contractually stipulated or authorised by the parties. In this sense, personal data may be sent to third parties, but only and exclusively in the event that there is explicit consent to share the data with third parties, there is a need to share the information with third parties in order to provide the requested service, and it is necessary to comply with requests from judicial or public security authorities. No data from the web service is disseminated.
ACCESS VIA EXTERNAL IT SYSTEMS
If access to the reserved area is through an IT service equipped with an identification system, a service for which a party other than Etica Sgr S.p.A. is the Data Controller, this party will provide Etica Sgr with the personal data necessary to use the service requested (name, surname and tax ID).
Data shall be stored in its entirety for the entire duration of the contract; subsequently, data shall be stored for a period of ten years in compliance with legal obligations, including the provisions of Article 2220 of the Italian Civil Code. Any further storage of the data or part of the data may be arranged to assert or defend rights in any court and, in particular, in the judicial courts.
RIGHTS OF DATA SUBJECTS
With regard to your personal data, we would like to inform you that you may exercise your rights under Articles 15 to 22 of Regulation (EU) 2016/679:
- Access to the following information:
- purpose of processing,
- categories of personal data concerned,
- recipients or categories of recipients to whom such personal data have been or will be disclosed, in particular if they are recipients from third countries or international organisations,
- existence of the data subject’s right to request from the data controller the rectification or erasure of personal data concerning them or to object to the processing of personal data concerning them;
- Rectification, by which we mean:
- correction of inaccurate personal data concerning them without justified delay,
- supplementation of incomplete personal data, including by providing a supplementary statement;
- deletion of data concerning you without undue delay, if:
- the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
- consent is revoked and there is no other legal basis for the processing,
- you object to the processing and there is no overriding legitimate reason to proceed with the processing,
- personal data has been unlawfully processed,
- personal data must be deleted to fulfil a legal obligation,
- personal data was collected in connection with the provision of information society services;
- limitation of the data processing:
- if you contest the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
- when the processing is unlawful and the data subject objects to the deletion of the personal data and requests instead that its use be restricted;
- when the personal data is necessary to the data subject for the establishment, exercise or defence of a legal claim, even though the data controller no longer needs them for the purposes of the processing;
- if you object to the processing by virtue of your right to object;
- Receipt of notification in the event of rectification or deletion of personal data or restriction of processing;
- Data portability, i.e. the right to receive personal data concerning you in a structured, commonly used and machine-readable format, and the right to send such data to another data controller if:
- processing is based on the express consent of the data subject for one or more specific purposes or takes place pursuant to a contract entered into with the data subject, and
- the processing is carried out by automated means;
- Objection at any time, on grounds relating to their particular situation, to the processing of personal data concerning them.
You have the right to lodge a complaint with a supervisory authority if you feel that you have not been granted the rights set out herein.
To exercise the above rights, you may contact the Data Controller by sending a registered letter with acknowledgement of receipt to the address indicated or an email to firstname.lastname@example.org
Etica Sgr S.p.A periodically checks its privacy and security policy and, if necessary, revises it in relation to regulatory, organisational or technological changes. If the policies change, the new version will be published on this page of the Website.
QUESTIONS, COMPLAINTS AND SUGGESTIONS
Anyone wishing to obtain more information, contribute their suggestions or lodge a complaint about or dispute our privacy policies or the way our company processes personal data may do so by writing to email@example.com.
Any enquiries regarding the protection of personal data may be addressed to:
Etica Sgr S.p.A.
Corporate Protection – Privacy
Via Napo Torriani, 29 – 20124 Milan, Italy.
Tel. +39 02/67071422
Fax +39 02/67382896
The company uses the Group’s DPO, who can be reached at the following e-mail address: firstname.lastname@example.org
Information pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”)
Etica SGR (hereinafter, “Etica” or “Data Controller”) provides the information required by the GDPR regarding the processing of personal data related to the possible establishment and subsequent execution of the contractual relationship between Etica and “institutional clients”, i.e. professional/qualified investors, such as pension funds, insurance companies, investment companies, etc. (hereinafter, “Institutional Client”).
- Data Controller
The Data Controller is Etica SGR with registered office at Via Napo Torriani 29, Milan, Italy.
Tel. +39 02-67071422, fax +39 02-67382896, e-mail address email@example.com
- Contact details of the Data Protection Officer (“DPO”)
The DPO can be contacted at the following e-mail address: firstname.lastname@example.org
- Categories and sources of processed data
- common data (e.g. name, surname, e-mail) referring to the Institutional Client’s legal representative or possibly referring to the Institutional Client as a natural person (sole proprietor or freelance professional), as well as to the Institutional Client’s employees/collaborators;
- special data, if necessary, for anti-money laundering purposes;
- data on criminal convictions and offences, for anti-money laundering purposes.
Data source: data are either provided directly by the data subjects (also by handing over a business card) or:
- by the Institutional Client, when establishing or executing the relationship, in the case of employees/collaborators;
- by third parties, e.g. agencies organising industry events or public databases
- Purposes of processing, legal bases and data retention periods
|WHY IS PERSONAL DATA PROCESSED?||WHAT IS THE CONDITION THAT MAKES THE PROCESSING LAWFUL?||HOW LONG DO WE KEEP PERSONAL DATA?|
|For the possible establishment and consequent execution of the contractual relationship (e.g. acquisition of information prior to the conclusion of the contract, execution of operations on the basis of the obligations arising from the contract, sending of informative communications/updates/etc. concerning the service provided).||The legal basis of the processing consists of:
– in the performance of pre-contractual measures taken at the request of the data subject or in the performance of a contract to which the data subject is a party for the data of the Institutional Client (natural person individual entrepreneur or legal representative of the exhibitor legal person);
– in the legitimate interest for the data of the Institutional Client’s employees/collaborators.
|For the entire duration of the contractual relationship and, upon termination, for 10 years thereafter, without prejudice to further legal obligations.
The data will be retained in accordance with the terms of the law, i.e. for a period of 10 years after the termination of the ongoing relationship, professional service or occasional transaction.
|In the event of the establishment of a contractual relationship, for the performance of administrative, accounting, tax and further legal obligations (e.g. anti-money laundering), as required by the law, regulations and EU legislation or by provisions issued by authorities empowered to do so by law and by Supervisory and Control Bodies.||The legal basis for the processing is found:
– in a legal obligation to which the Data Controller is subject for the performance of administrative, accounting, tax and other legal obligations;
– for anti-money laundering purposes, in the public interest as referred to in Article 6 let. e) of the GDPR, for which the processing is necessary for the performance of a task carried out in the public interest or in connection with the exercise of public authority vested in the Data Controller. This legal basis is explicitly referred to as a condition of lawfulness legitimising the processing of such information in Art. 2(6-bis) of Legislative Decree no. 231/07
|For the possible establishment, exercise or defence of the Data Controller’s rights in court.||The legal basis for the processing is the legitimate interest of the Data Controller.||For the entire duration of the litigation, until the time limits for appeal have been exhausted.|
|For sending commercial communications on services similar to those purchased by the data subject.||The legal basis for the processing consists of thelegitimate interest of the Data Controller (“soft spam” pursuant to Art. 130, c. 4 Legislative Decree 196/03).||Until objection exercised by the data subject.|
|For the implementation of customer satisfaction aimed at obtaining information from customers on the quality of the services offered.||The legal basis for the processing is the legitimate interest of the Data Controller to improve its services by shaping them on the basis of customer feedback.||Up to the processing of the (anonymised) survey results.|
- Provision of data
The provision of data is mandatory for the establishment and execution of the contractual relationship with the Institutional Client. In the event of failure to do so, it will therefore not be possible to finalise the contract and provide the services. Furthermore, the provision of data is also mandatory for the fulfilment of administrative, accounting, tax and further legal obligations. Refusal to provide the requested information may make it impossible to perform the requested operation.
- Categories of data recipients
The data may be communicated to third parties acting as independent data controllers, such as public authorities and supervisory and control bodies entitled to request them, professional firms and auditing firms.
The data may also be processed, on behalf of Etica, by third parties, designated as Data Processors pursuant to Art. 28 of the GDPR, such as natural and/or legal persons carrying out activities functional to or connected with the contractual relationship (e.g. IT service providers, outsourcing companies, banks and credit institutions, etc.).
The data will not be disseminated in any way or transferred outside the European Union.
- Rights of the Data Subject
The GDPR gives the data subject specific rights, including the right to obtain from Etica confirmation as to whether or not personal data relating to them is being processed and, if so, access to such data and the information referred to in Art. 15, rectification of inaccurate data, integration of incomplete data, deletion of data in the cases provided for by Art. 17 (it is specified that the right to erasure of data cannot be exercised where the processing is carried out in compliance with a legal obligation requiring the processing to be carried out in accordance with the law of the Union or of the Member State to which the data controller is subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller), the restriction of the processing in the cases provided for in Article 18, as well as to object, on grounds relating to their particular situation, to the processing carried out in the legitimate interest of the data controller (e.g. to object to the sending of commercial communications about services similar to those purchased by the data subject.)
The data subject also has the right to receive the data in a structured, commonly used and machine-readable format and, if technically feasible, to pass them on to another data controller without hindrance (“right to data portability”) where the processing is based on a contract and is carried out by automated means.
In order to exercise their rights, the data subject may contact the Controller by sending a written communication to the above address or an e-mail to the following address email@example.com
The data subject has the right to lodge a complaint with the competent supervisory authority in the Member State where they normally reside or work or in the State where the alleged infringement occurred.