Information on the processing of personal data on the website

LCF MANAGEMENT Italia S.r.l., with registered office in Piazza Walther von der Vogelweide, 8, Bolzano, VAT No. IT02960520217, in its capacity as data controller (hereinafter, “DataController“), hereby informs you, pursuant to EU Regulation 2016/679 (“GDPR“) and current national legislation on the protection of personal data, that your data will be processed in the following ways and for the following purposes:

1 . Object of the processing

The Data Controller processes the personal identification and non-sensitive/particular data (hereinafter, “Data” or “Personal Data“) that you provide when browsing the Data Controller’s website https://www.lcfalliance.com (hereinafter, the “Site“) and the web portal http://lcfalliance.zohocreator.eu (hereinafter, the “Portal“) and, in particular:

  • e-mail address, first name, surname, company name, and any other data provided e.g. when requesting a contact, including via web form, quotes, signing a contract with the Data Controller and/or requesting services or subscribing to the Portal
  • navigation data such as the IP addresses or domain names of the computers used by users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This information is collected by means of the cookies described in the Site’s Cookie Policy to which reference should be made.

2 . Purpose and legal basis of the processing
Your Data are processed for the following purposes and legal bases

  1. without your prior consent for service purposes and, in particular, for:
  • the performance of the contract and/or pre-contractual commitments, in particular:
    • the use of the Site and the Portal and any technical assistance;
    • the handling of a contact request from you that is received through the channels available to you, such as e-mail and/or filling in the contact form
    • the registration and access to the reserved area of the Portal on your part;
  • the fulfilment by the Controller of legal obligations, such as:
    • the fulfilment of obligations provided for by laws, regulations or national and Community legislation or imposed by the competent Authorities
  • the pursuit of a legitimate interest of the Data Controller:
    • the management and maintenance of the Site and the Portal: the interest of the Data Controller relates to the general interest of a business in ensuring business operations, including through the operation of the Site, and possible improvements in the efficiency of the service offered;
    • perform statistics – performed by means of the analytical cookies described in the Cookie Policy of the Site and the Portal to which reference is made – aimed at optimising and improving website navigation without identifying the surfer: the Owner’s interest relates to the general interest of a business in wanting to know about any critical issues or suggestions for improving business operations
    • preventing or discovering fraudulent activities or abuses harmful to the Website and the Portal: the Holder’s interest relates to the general legitimate, real and current interest in not suffering damage as a result of the unlawful conduct of others
    • exercising the Owner’s rights, such as the right of defence in court: the Owner’s interest corresponds to the constitutionally guaranteed right of action (Article 24 of the Constitution) and, as such, is socially recognised as prevailing over the interests of the individual concerned.

3 . Processing modalities
Your Data is processed – electronically – by means of the operations of collection, recording, updating, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, deletion and destruction of the Data. The Data Controller has also adopted technical and organisational security measures to minimise the risk of destruction and loss (even accidental) of Data, as well as unauthorised access/use or use incompatible with the initial purpose of collection.

4 . Storage of Data
The Data Controller shall store the Personal Data for the time necessary to fulfil the purposes set out in point 2 above and in any case for no longer than

  • 10 years, and in any case for the period of prescription by law, from the collection of the Data for the Service Purposes;
  • the storage time described in the Cookie Policy of the Site and the Portal, to which we refer, for statistical activities aimed at optimising and improving website navigation without identifying the surfer.

5 . Provision of Data
The provision of Data is compulsory for service purposes, i.e. to navigate the Site and to forward a contact request to the Data Controller, as well as to access the Portal. Should you decide not to provide the Data, we will not be able to fulfil your request.

6 . Access to Data
Your Data may be accessed for the above purposes by

  • employees and/or collaborators of the Data Controller, in their capacity as data processors and/or internal data processors and/or system administrators;
  • Group companies or third parties (e.g. IT service providers, suppliers, professional firms, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.

7 . Communication of Data
Your Data may be communicated, even without your consent, for the purposes set out above, to control bodies, law enforcement agencies or the judiciary who will process them, at their express request, in their capacity as autonomous data controllers for institutional purposes and/or by virtue of the law in the course of investigations and controls. Your Data may also be communicated to third parties (e.g. partners, freelancers, agents, etc.), in their capacity as autonomous data controllers, for the performance of activities instrumental to the purposes described above.

8 . Transfer of data
The Data will not be disseminated but may be transferred for the above-mentioned purposes to countries outside the EU for the Service Purposes. In order to ensure an adequate level of protection of Personal Data, the transfer will take place pursuant to adequacy decisions approved by the European Commission or the adoption by the Data Controller of the Standard Contractual Clauses prepared by the European Commission. The list of non-European countries to which data is transferred is available at the Controller’s premises.

9 . Rights of the data subject
The Data Controller informs you that, as a data subject, if the limitations provided for by law do not apply, you have the right to

  • obtain confirmation of the existence or otherwise of your personal data, even if not yet registered, and that such data be made available to you in an intelligible form;
  • obtain an indication and, where appropriate, a copy of a) the origin and category of the personal data; b) the logic applied in the event of processing carried out with the aid of electronic instruments; c) the purposes and methods of processing; d) the identification details of the data controller and data processors; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them, in particular if they are recipients from third countries or international organisations (e) where possible, the data retention period or the criteria used to determine this period; (f) the existence of an automated decision-making process and, if so, the logic used, its importance and the consequences foreseen for the data subject; (g) the existence of adequate safeguards in case of transfer of data to a non-EU country or an international organisation;
  • obtain, without undue delay, the updating and rectification of inaccurate data or, where interested therein, the integration of incomplete data
  • obtain the deletion, transformation into anonymous form or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in the event of revocation of the consent on which the processing is based and if there is no other legal basis, d) if you have objected to the processing and there is no overriding legitimate reason to continue the processing; e) in the event of compliance with a legal obligation; f) in the case of data relating to minors. The Data Controller may refuse to erase data only in the event of: a) exercise of the right to freedom of expression and information; b) fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in a court of law;
  • obtain the restriction of processing in the event of: a) contestation of the accuracy of personal data; b) unlawful processing by the Data Controller to prevent their deletion; c) exercise of a right of the Data Controller in court; d) verification of whether the Data Controller’s legitimate reasons prevail over those of the data subject;
  • to receive, where the processing is carried out by automatic means, without hindrance and in a structured, commonly used and readable format the personal data concerning you in order to transmit them to another data controller or – if technically feasible – to obtain direct transmission by the data controller to another data controller
  • object, in whole or in part: a) on legitimate grounds relating to your particular situation, to the processing of personal data concerning you; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for the performance of market or commercial communication surveys, by means of automated calling systems without the intervention of an operator, by email and/or by traditional marketing methods using telephone and/or paper mail
  • lodge a complaint with the Data Protection Authority.

In the above cases, where necessary, the Data Controller shall inform the third parties to whom your personal data is communicated of any exercise of rights by you, except in specific cases (e.g. when such fulfilment proves to be impossible or involves a manifestly disproportionate use of means compared to the right protected).

10 . Procedures for exercising rights
You may exercise these rights at any time

  • by sending a registered letter with return receipt to: LCF MANAGEMENT Italia S.r.l., with registered office in Piazza Walther von der Vogelweide, 8, 39100 Bolzano;
  • by sending an email to privacy@lcfalliance.com;
  • by telephoning +39 06 89221444.

11 . Data controller and processor
The data controller is LCF MANAGEMENT Italia S.r.l., with registered office in Piazza Walther von der Vogelweide, 8, 39100 Bolzano.
The updated list of data processors and system administrators is kept at the registered office of the Data Controller at Piazza Walther von der Vogelweide, 8, 39100 Bolzano.

Rome, 31.01.2020
LCF Management Italia S.r.l.

I declare that I have read the information of LCF Management Italia S.r.l. regarding the processing of my Personal Data.

LCF Alliance – registered office: Piazza Walther von der Vogelweide 8, 39100 Bolzano, Italy | Pec: lcfmanagementitaliasrl@pec.it | VAT: 02960520217