Privacy Policy

In this Privacy Policy we describe the way Advanced Global Solution A.G.S. S.p.A. as Controller (hereinafter, the “Controller”) collects, uses, shares and stores your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Regulation on data protection and, subsequently, “GDPR”).

  1. Subject of the Treatment

The Controller processes personal, identifying and non-sensitive data (by way of example but not limited to: name, surname, company name, address, telephone number, e-mail address – hereinafter, “personal data” or even “data”) that you have communicated on access to the website of the Controller (hereinafter, “Site”) for spontaneous application submission, filling in the registration form through the Site to courses and events organized by the Owner, participation in satisfaction surveys, online information requests, clarifications or support requests, newsletters. The Information is provided for this Site and for other websites relating to products and services of Advanced Global Solution A.G.S. S.p.A. and possibly consulted by the user through links.

  1. Purpose of the processing

Your personal data are processed:

  1. A)Without your express consent (Article 24 letter a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
  • manage and maintain the site;
  • allow you to take advantage of any services requested by you;
  • participate through the Website in initiatives organized by the Data Controller (for example, courses and events);
  • process a contact request;
  • fulfil the obligations established by law, by a regulation, by the community legislation or by an order of the Authority;
  • prevent or discover fraudulent activities or malicious activities harmful to the Site;
  • allow the exercise of the rights of the owner;
  1. Only subject to your specific and distinct consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following Other Purposes:
  • send them via e-mail, newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller and the assessment of their level of satisfaction, invitations to courses and / or events to which they belong or are organized by Holder.

Please note that if you are already a customer, we may send you commercial communications relating to services and products of the Owner similar to those you have already used, subject to your disagreement (Article 130 paragraph 4 of Privacy Code).

  1. Processing methods

The processing of your personal data is carried out by the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction of data. Your personal data are processed either on paper or on electronic and/or automated, using a website hosted on servers owned by the Owner and located in Italy. The Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the Service Finality relationship and for no more than 2 years from the collection of data for the other purposes.

  1. Security

The Controller took security measures to protect your data against the risk of loss, misuse or alteration and in particular: has adopted the measures set forth in articles. 32-34 of the Privacy Code and art. 32 GDPR; uses secure data transmission protocols known as HTTPS.

  1. Access to data

Your data may be accessible for the purposes referred to in art. 2.A) and 2.B) of this Information Notice:

  • to the employees and collaborators of the Data Controller, in their capacity as persons in charge and / or internal process managers and / or system administrators;
  • to third-party companies or other subjects (as an indication, web site provider, cloud provider, suppliers, hardware and software assistance technicians, credit institutes, etc.) that carry out activities also in outsourcing on behalf of the Owner, in their quality of data processors.
  1. Data communication

Without express consent (pursuant to Article 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Judicial Authorities, to Supervisory Bodies, as well as to all other subjects to whom the communication is mandatory by law for the purpose of carrying out the aforementioned purposes. These subjects will process the data in their capacity as independent data controllers.

Your information will not be disseminated.

  1. Data transfer

The management and storage of personal data will take place in Europe, on servers located in Italy of the Owners and / or third-party companies appointed and duly appointed as Data Processors.

  1. Nature of the provision of data and consequences of refusal to respond

The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we cannot guarantee you neither the registration to the Site nor the Services referred to in art. 2.A).

The provision of data for the purposes referred to in art. 2.B) is optional. You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not receive invitations to courses and events, information, clarifications or support requests, newsletters, commercial communications and advertising material on products o services offered by the Owner and detection of the degree of satisfaction on the quality of the same.

  1. Temporary transit of data in non-EU countries

In order to provide you with some services, it may be necessary to temporarily transfer your data to IT systems located in countries outside the European Union: if this happens, the transit of the Data will take place exclusively for the service requested and for the time strictly necessary to this purpose.

  • Rights of interested party

As in interested party, you have the rights set forth in art. 7 of the Privacy Code and art. 15 GDPR and precisely of:

  1. obtaining confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
  2. obtaining the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the Data Controller, the Data Processors and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or agents;
  • obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfilment is it proves impossible or involves a use of means manifestly disproportionate to the protected right;
  1. to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b), for direct marketing purposes through automated methods extends to the traditional ones and that in any case the possibility remains for the interested party to exercise the right of opposition even if only partly. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.

Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.

  • How to exercise rights

You may at any time exercise the aforementioned rights by sending:

– a registered mail A/R to Advanced Global Solution A.G.S. S.p.A., via Figino n. 20, 20016 – Pero (MI);
– an e-mail to the address privacy@ags-it.com.

  • Controller, responsible and Processors

Controller is Advanced Global Solution A.G.S. S.p.A. with registered office in Strada Statale del Sempione 170, 20016 Pero (MI), and VAT number n. 01692340035. The updated list of data processors is kept at Controller’s headquarters.

L’elenco aggiornato dei responsabili e degli incaricati al trattamento è custodito presso la sede del Titolare del trattamento.

  • Updates to Policy

This information may change. It is therefore advisable to regularly check this information and refer to the latest version.

Pero (MI), 24th May 2018