Privacy Policy

Information notice pursuant to Article 13 of EU Regulation 2016/679

Following the entry into force of EU Regulation 2016/679, we hereby provide you with the information notice regarding the processing of your personal data by our Company, as provided by you upon entering into the contract.

We invite you to carefully read the following information regarding the processing that will be carried out on your personal data.

1. Who is the data controller

Your personal data is processed by DEVERSE SRL, headquartered in Frosinone, Viale Volsci 60, in its capacity as Data Controller.

2. Who is the Data Protection Officer and how to contact them

The Data Protection Officer is the person responsible for overseeing the correct application of data protection regulations by DEVERSE SRL and for ensuring that your rights are respected by DEVERSE SRL with regard to the processing of your personal data.

The Data Protection Officer can be contacted at the following email address: privacy@deverse.eu.

3. Purpose and legal basis for processing

Your personal data is processed as part of the normal activities carried out by DEVERSE SRL for the following purposes:

• Purposes strictly connected and instrumental to the management of the contractual relationship (for example, acquisition of information preliminary to the conclusion of a contract, execution of operations based on the obligations arising from the contract concluded with the client, etc.). No specific additional consent is required beyond the conclusion of the contract.
• Purposes connected to obligations established by laws, regulations and European legislation, as well as provisions issued by Authorities legitimised by law and by supervisory and control bodies. No specific consent is required as these are fulfilments of legal obligations.
• Other purposes not essential to the conclusion or execution of the contract, for which you are given the right to freely and preventively express or deny your consent, such as:
  • promotion and sale of DEVERSE SRL products and services carried out through paper letters, questionnaires, email, telephone, instant messaging;

In the cases mentioned above, DEVERSE SRL will only carry out processing that has been expressly authorised.

4. Categories of recipients to whom data may be disclosed

DEVERSE SRL may disclose, in the exercise of its rights or in fulfilment of its duties, your personal data to third parties such as IT service companies, payment service providers, and outsourcing companies.

5. Processing methods

In relation to the stated purposes, the processing of your personal data is carried out by means of the following methods: interviews (in person and by telephone), paper correspondence, questionnaires, email, telephone, and instant messaging, with organisational and processing logic strictly related to the purposes themselves and, in any case, in a manner that ensures the security and confidentiality of the data.

6. Data retention period

Personal data collected by DEVERSE SRL is retained for the entire duration of the contract and for a period not exceeding 10 years from its termination.

The legitimate interest in protecting the rights of the Data Controller may also persist following the termination, for any reason, of the contractual relationship between the Controller and the data subject, and for the time strictly necessary to protect the rights of the Controller and the data subject or to comply with orders of judicial, administrative, or supervisory authorities.

7. Your rights as a data subject

You have the right to access at any time the data concerning you by contacting DEVERSE SRL and, with regard to your personal data stored in credit information systems, the contact details of the individual managers indicated above.

In particular, Articles 13-21 of EU Regulation 2016/679 grant you specific rights.

You are entitled, at any time during the processing, to:

• obtain from DEVERSE SRL confirmation of the existence of your personal data and have such data made available to you in an intelligible form;
• transmit such data to another data controller without hindrance from DEVERSE SRL («data portability»);
• withdraw consent at any time without affecting the lawfulness of processing based on consent given prior to the withdrawal;
• know the origin of the data as well as the logic, purpose, and methods on which the processing is based;
• know the possible categories of recipients to whom the data is disclosed;
• obtain, where the conditions are met, the erasure («right to be forgotten»), transformation into anonymous form, or blocking of data processed in violation of the law, as well as the updating, rectification, or, where there is an interest, the integration of data;
• object, on legitimate grounds, to the processing, including solely in relation to certain purposes or methods.

We invite you to address any requests intended for DEVERSE SRL to the Data Protection Officer at the following email address: privacy@deverse.eu.

Finally, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), the independent administrative authority that ensures the implementation in the Italian legal system of national and European data protection regulations:

Garante per la Protezione dei Dati Personali
Piazza di Monte Citorio n. 121 - 00186 Roma
www.gpdp.it - www.garanteprivacy.it
E-mail: garante@gpdp.it
Fax: +39 06 696773785
Telephone switchboard: +39 06 696771.

We invite you to verify on the Authority's website any updates to the above contact details.

DEVERSE S.r.l. does not collect or install cookies. For third-party cookies, we invite you to review the relevant information notice published on the third-party websites. Your data may be associated with online identifiers produced by devices, applications, tools, and protocols used, such as IP addresses, temporary markers (cookies), or other types of identifiers.

Privacy notice pursuant to Regulation 2016/679/EU

DEVERSE S.r.l. – headquartered in Frosinone, Viale Volsci, 60 – Data Controller, provides you with clear and simple information regarding the processing of your data. In case of any doubt or clarification regarding the following, we invite you to contact us at privacy@deverse.eu.

Key definitions

Data means any information relating to an identified or identifiable user; a user is considered identifiable if they can be identified, directly or indirectly, by a name, an identification number, location data, an online identifier, or one or more characteristic elements.

Processing means any operation or set of operations, carried out with or without the aid of automated processes, applied to personal data, such as collection, recording, organisation, structuring, storage, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination, making available, comparison, interconnection, restriction, erasure, destruction.

Data Controller means the legal entity that, individually or together with others, determines the purposes and means of the processing of personal data.

Joint Controller means the legal entity that jointly determines, with one or more Controllers, the purposes and means of processing the data subject's personal data, the responsibilities regarding compliance with the obligations arising from applicable regulations.

Data Processor means the natural or legal person who processes personal data on behalf of the Data Controller.

Consent means the free, specific, informed, and unambiguous expression of the data subject's wishes, by which they signify their agreement, through a statement or a clear affirmative action, to the processing of personal data concerning them.

Marketing means the performance of commercial, advertising, and promotional activities, such as, but not limited to, the sending of advertising material, direct selling, market research or commercial communication, or promotional activities.

Profiling means processing by automated, computerised means, consisting of the use of such data to evaluate certain personal, professional, economic, and technical aspects (such as location, movements, behaviour).

Persons authorised to process personal data

In relation to its services, DEVERSE S.r.l. may process your data together with other:

Controllers, when they determine the purposes and means of processing exclusively for their area of competence within the execution of the requested service. Such entities are required to provide their own privacy notice to the client;

Joint Controllers, when they determine, jointly with DEVERSE S.r.l., the purposes and means of processing within the execution of a specific requested service. In such case, the privacy notice is provided by the Joint Controller together with DEVERSE S.r.l.. Furthermore, for the performance of certain activities instrumental to the execution of the requested service, or in relation to legal obligations and in any case in compliance with personal data protection regulations, DEVERSE S.r.l. may appoint external Data Processors (third parties that process personal data on behalf of DEVERSE S.r.l.). Authorised persons are the employees of DEVERSE S.r.l. and similar figures, materially assigned to data processing and authorised by the Controller, directly or through delegates.

Categories of data recipients

Without the need for explicit consent, DEVERSE S.r.l. may disclose your data to the following categories of recipients:

• entities operating, for example, in the field of electronic systems, assistance, consulting, and quality;
• entities to whom such disclosure must be made in order to comply with requirements set by national and EU regulations (e.g., anti-money laundering, tax and fiscal audits).

For administrative and accounting purposes, without the need for your consent, DEVERSE S.r.l. may carry out organisational, administrative, financial, and accounting activities, regardless of the nature of the data processed.

Origin of personal data

The personal data processed by DEVERSE S.r.l. is collected through electronic contact or call centre and may be obtained through other channels such as:

• websites (social networks, chat, apps, cookie installation: for third-party cookies, you are invited to review the relevant information notice published on the third-party websites. Your data may be associated with online identifiers produced by devices, applications, tools, and protocols used, such as IP addresses, temporary markers (cookies), or other types of identifiers.
• other Data Controllers/Joint Controllers.

Legal basis, purpose of processing, and data provision

DEVERSE S.r.l. processes your personal data to fulfil your specific requests, or when it is necessary in the context of a contract or for the purpose of entering into and performing a contract, or for the execution of pre-contractual measures taken at your request. Data processing may also be carried out in compliance with a legal obligation. For these purposes, the provision of data is necessary; without it, the requested service cannot be provided. Data processing may also be considered lawful when:

• it is necessary for the performance of a task carried out in the public interest;
• it is based on Union or Member State law for the exercise of public powers;
• it is necessary to protect an essential interest for the life of a data subject or another natural person;
• it is carried out for purposes other than those for which the data was initially collected;
• it is carried out for the legitimate interest of the Data Controller, or of third parties.

Furthermore, DEVERSE S.r.l. may process data where explicit and voluntary consent has been given for marketing activities, or for profiling activities. With consent to profiling, DEVERSE S.r.l. will carry out, by automated means, analyses or elaborations aimed at identifying preferences in the use of services offered in order to improve them and make them more aligned with needs, both by aggregating data into homogeneous classes and by creating individual profiles.

Data processing and retention methods

Data processing is carried out in a manner that ensures security and confidentiality and prevents unauthorised access or use of data. Accordingly, corporate personal data will always be processed and stored in full compliance with the principles of necessity, data minimisation, and limitation of the retention period, through the adoption of technical and organisational measures appropriate to the level of risk of the processing and for a period of time not exceeding the achievement of the purposes for which the data is processed, in any case for the period required by law.

Rights of the data subject

Users have the right to obtain from DEVERSE S.r.l. access to the following information: the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom personal data has been or will be disclosed, the expected data retention period or, if not possible, the criteria used to determine that period, the origin of personal data, the existence of a profiling process, and information about the logic used. Furthermore, you have the right to:

• obtain the rectification of inaccurate personal data;
• obtain the completion of incomplete personal data;
• obtain the restriction of data processing (in which case, data is processed only with consent, except for necessary storage);
• object to their processing;
• obtain erasure («right to be forgotten»);

To exercise your rights, you can contact DEVERSE S.r.l. via email: privacy@deverse.eu

Right to lodge a complaint

Should you believe that the processing carried out by DEVERSE S.r.l. may have violated the provisions of the European Regulation on personal data protection, you have the right to lodge a complaint with the Data Protection Authority pursuant to Article 77 of Regulation 2016/679/EU.

Right to withdraw consent and contact channels

We remind you that any consent given may always be withdrawn. Withdrawal does not affect the lawfulness of processing based on consent given prior to the withdrawal. The contact channels used by DEVERSE S.r.l. for marketing activities are: telephone with or without an operator, paper mail, email, SMS messages or other types of messages, and websites. You may object at any time to the processing of data for marketing purposes, including profiling purposes related thereto.

Transfer of personal data to a third country

The transfer of personal data from EU Member States to “third” non-EU countries is prohibited, in principle, unless the Data Controller or Data Processor ensures an “adequate” level of protection. No data transfers to third countries will be carried out.

Protection of minors

As a rule, minors cannot be admitted to the use of our services; in any case, the processing of personal data requires the explicit consent of the minor and is lawful where the minor has reached the minimum age required by applicable law.