Skip to main content

Privacy Policy

INFORMATION ON PERSONAL DATA PROCESSING PURSUANT TO ARTICLE 13 AND 14 OF EU REGULATION 2016/679

(For further disclosures about customers ) click here

This page details the "Privacy Policy" of this website and has the purpose of providing information on how the personal data of users interacting with this website, and using the services provided by the website to said users are processed.

This information is only provided for this website and not for other websites that might be browsed by the user via links found on the pages of this website.

EU Regulation 2016/679 on personal data protection (hereinafter, the “Regulation”) establishes rules relating to the protection of natural persons with regard to the processing of personal data, as well as rules relating to the free circulation of such data and protects the fundamental rights and freedoms of natural persons, with particular reference to the right to the protection of personal data.

Art. 4 of the Regulation sets forth that:
- “Personal Data” should refer to any information relating to an identified or identifiable natural person (hereinafter, “Data Subject”) – art. 4, no. 1 of the Regulation
- “Processing” should refer to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction - art. 4, no. 2 of the Regulation.

Pursuant to articles 12 et seq. of the Regulation, the Data Subject must also be made aware of the appropriate information related to the Processing activities that are performed by the Data Controller and to the rights of the Data Subjects.

The Data Controller pursuant to article 13 and 14 of the Regulation provides the following information:

DATA CONTROLLER
VISA S.p.a. s.u.
Via I Maggio 55
31043 Fontanelle (TV), Italy
PH: +39 0422 5091
Mail: visa@visa.it
Website: https://www.visa.it
VAT: IT02134890264

PURPOSES AND LEGAL BASIS OF THE PROCESSING
The personal data of the user shall be processed to pursue the following purposes and on the legal basis set out below:
1. for entering into and correct execution of the contract which the interested party is a party of and/or for the execution of pre-contractual measures adopted at the request of the same, including the subscription to the information newsletter requested by the user; the legal basis for the processing listed is art. 6 para. 1 lett. b) of EU Regulation 2016/679;
2. periodically sending, via remote communication technologies (email, telephone, sms, whatsapp, social networks), newsletters and marketing communications on the services and activities offered and promoted by the Data Controller; the legal basis is represented by consent as set forth by art. 6 para. 1 lett. a) of EU Regulation 2016/679;
3. periodically sending, via remote communication technologies (email, telephone, sms, whatsapp, social networks), newsletters and communications on the services, products and activities offered by group companies and partners and sponsors of the Data Controller (the list thereof will be available in the dedicated website section, also on the occasion of specific events and initiatives for extra EU partners and sponsors, the country will be specified; the legal basis is the consent as set forth by art. 6 para. 1 lett. a) of EU Regulation 2016/679;
4. guaranteeing that the marketing communications concerning the services and activities offered and promoted by the Data Controller, as well as those of its partners and sponsors, including online advertising, are relevant to the interests of the data subject; to this end, personal data may be used to better understand the interests and preferences of the data subject in order to predict which services, activities and information they may be most interested in, allowing us to customise communications to make them more relevant; the legal basis is the consent as set forth by art. 6 para. 1 lett. a) of EU Regulation 2016/679;
5. carry out market research to develop and improve the range of products and services offered by the Data Controller and by its partners and sponsors; the legal basis is the consent as set forth by art. 6 para. 1 lett. a) of EU Regulation 2016/679;
6. sending e-mails and/or newsletters and marketing communications on the products and services offered and promoted by the Data Controller, of the same type previously acquired by the Data Subject, notwithstanding the objection to the processing by the same, which can be raised at any time; the legal basis for this type of processing is the legitimate interest of the Data Controller as set forth by art.6 para. 1 lett. f) of EU Regulation 2016/679;
7. answering the enquiries sent by the user via email and/or form provided on the website; the legal basis for the listed processing is contractual fulfilment as indicated by art. 6 para. 1 lett. b) of EU Regulation 2016/679;
8. making website navigation possible and functional, as well as guaranteeing an adequate level of security, integrity and availability of the same; the legal basis for this type of processing is the legitimate interest of the Data Controller as set forth by art.6 para. 1 lett. f) of EU Regulation 2016/679;
9. for the analysis of statistical data on aggregate and/or anonymous data, with the aim of monitoring proper operation of the Website, traffic, usability and interest; the legal basis for this type of processing is the legitimate interest of the Data Controller as set forth by art.6 para. 1 lett. f) of EU Regulation 2016/679;
10. ascertaining, exercising and/or defending a right in court; the legal basis for this type of processing is the legitimate interest of the Data Controller as set forth by art.6 par. 1 lett. f) of EU Regulation 2016/679;
11. to fulfil the obligations set forth by the law, by a regulation, by EC regulations or by an order of the Authority; the legal basis for this type of processing is compliance with the rule of law that the Data Controller is subject to as set forth by art.6 para.1 lett. c)

TYPES OF DATA
The Data required to pursue the purposes set out above shall be collected and processed:
1. identifying data
2. contact data
3. data relating to the contractual relationship

NAVIGATION DATA
The computer systems and software procedures that operate this website acquire, during their normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected to be associated to identified data subjects, but by its very nature it might allow users to be identified, through processing and association with data held by third parties.
This category of data includes IP addresses or domain names of the computer used by users to connect to the website, URI (Uniform Resource Identifier) notation addresses of the required resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.
These data are used for the only purpose of obtaining anonymous statistical information on website use and to monitor its proper operation and are deleted immediately after processing.
The data might be used to ascertain responsibilities in the event of hypothetical computer crimes against the website.

REFUSAL TO PROVIDE DATA
Except as specified for navigation data, users/visitors are free to provide their personal data. Provision of the data is in some cases necessary because any refusal to provide them might entail failure to conclude or incorrect fulfilment of the contract that the Data Subject is a Party of and/or failure to comply with the legal obligations that the Data Controller is subject to.
Provision of the Data for the processing that require consent is optional, failure to provide them will not entail the inability to use the products/services offered by the Data Controller. Also in case of consent, the data subject will however have the right to object subsequently, wholly or in part, to the processing of their Personal Data for the aforementioned purposes, simply by sending a request to the Data Controller at the above contact information.

SOURCE OF THE DATA
The Data shall be provided by the Data Subject or collected from Third Parties.

METHODS OF THE PROCESSING
In compliance with the provisions of art. 5 of the Regulation, the Personal Data concerned by Processing shall be:
1. processed lawfully, fairly and in a transparent manner in relation to the Data Subject;
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4. accurate and, where necessary, kept up to date;
5. processed in a manner that ensures appropriate security of the personal data;
6. kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed.

Processing shall be carried out both with manual and/or IT and telematic tools with organisational and processing logics strictly related to said purposes and however in order to guarantee the security, integrity and confidentiality of the data in compliance with the organisational, physical and logical measures set forth by the provisions in force.

COMMUNICATION OF THE DATA
The personal data may be disclosed to subjects authorised to processing, as well as to external data Processors appointed by the Data Controller (the complete list of external Data Processors is available from the Data Controller), in charge of managing the aforementioned purposes. When pursuing the aforementioned purposes, the data may be disclosed to other subjects that act in the capacity of independent Data Controllers.

DISSEMINATION OF THE DATA
The personal data shall not be disseminated.

TRANSFER OF THE DATA ABROAD
For the aforementioned purposes, the Personal Data shall be processed within the European Economic Area (EEA). Should they be transferred to third countries, failing a decision on adequacy by the European Commission, the requirements laid down by the applicable regulations on the transfer of Personal Data to third countries, such as the Standard Contract Clauses provided by the European Commission shall however be complied with. For the partners and sponsors whose main office is located in extra EU countries, consent to the transfer is required and the country shall be specified for each subject having these characteristics.

DATA RETENTION
In general, Personal Data shall be stored for the time strictly required to pursue the purposes for which they were collected and underwent Processing, including the retention period required by the applicable laws and, in any case, for a maximum period of 10 years from the termination of the relationship with the Data Controller and for a maximum period of 2 years or until revocation for the purposes that require your consent, without prejudice to the Data Controller’s need to defend their rights in Court, if required.

RIGHTS OF THE DATA SUBJECT
Pursuant to EU Regulation 2016/679 art. from 15 to 22 and to the national regulations in force, the data subject may exercise the following rights, according to the methods and within the limits set forth by the regulations in force:
- request confirmation as to whether or not personal data concerning him or her are being processed (right of access);
- know their origin;
- receive their communication in intelligible form;
- have information on the logic, methods and purposes of the processing;
- request their update, rectification, integration, erasure, transformation into anonymous form, blocking of data processed in breach f the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
- as well as, more in general, exercise all the rights that are recognised by the provisions of the laws in force.

The rights may be exercised by sending a request without any formality to the Data Controller at the addresses provided above.

Before providing an answer, the Data Controller might need to identify the Data Subject, by requesting a copy of their Identity document.
A written answer shall be provided without undue delay and, however, no later than one month from receipt of the request.

COMPLAINT
Should the Data Subject believe that the processing of their personal data breaches the provisions of EU Regulation 2016/679 they have the right to lodge a complaint with the Italian Authority for the Protection of Personal Data, based in Rome, pursuant to art. 77 of said Regulation, in addition to appealing to the judicial Authorities.



LINK TO THE WEB USERS DISCLOSURE AND FURTHER DISCLOSURES FOR DATA COLLECTION OTHER THAN THE WEB (downloadable PDF versions)

• 2020 WEB users disclosure art. 13 and 14 EU Reg. 2016/679 (PDF)

• 2020 B2B customers disclosure without consent art. 13 and 14 EU Reg. 2016/679 (PDF)

user icon menu

USER MENU

User not logged in