Privacy Policy

Subject

This Privacy Policy is meant to describe the management modalities of the Portal http://www.numeroblu.it (the “Portal”), property of NUMERO BLU SERVIZI S.P.A. – Legal and Administrative Residence in Via di Monte Carmelo, 5 – 00166 Rome, P.IVA (VAT)/C.F./R.I. RM 08898571008 – R.E.A. 1125501, Social Capital: 120.000 Euro, fully paid up – in reference to personal data processing of Users who consult it.

This Privacy Policy constitutes Information given – pursuant to art. 13 of the Legislative Decree 30 June 2003, n. 196, containing the “Codice in materia di protezione dei dati personali” – Code regarding the protection of personal data (below “Privacy Code”), and to art. 13 of the Regulation (UE) 2016/679 of European Parliament and Council of April 27th 2016, (below also “Regulation”) – to Users who connect to Portal. The Information is only given for the website and not also for other websites possibly consulted by the User through specific links. 


The Information takes into account the contents of the Recommendation n. 2/2001 that European Authorities for personal data protection – reunited in the Group “WP 29”, instituted by art. 20 of directive n. 95/46/CE – adopted on May 17
th 2001, in order to identify some minimal requirements for the collection of online personal data, and specifically modalities, timings and nature of the information that the holders of the personal data processing have to provide to Users when these connect to web pages, independently from the connection purposes.

Users are required to carefully read this Privacy Policy before submitting any type of personal information and/or fill any electronic form present in the Portal.

In order for the Users to benefit from specific services, each time specific information will be provided, and requested – if necessary – specific consents to the treatment of their personal data. The Information is only given for the Portal and not also for other websites possibly consulted by the User through specific links. 

NUMERO BLU SERVIZI S.P.A. can in any moment modify the content of these Privacy Norms, issuing the new version on the Portal or on its own web Site. All the new terms and conditions about privacy will be effective from the publication date.

Holder of Personal Data Processing

NUMERO BLU SERVIZI S.P.A. – Legal and Administrative Residence in Via di Monte Carmelo, 5 – 00166 Rome, P.IVA (VAT)/C.F./R.I. RM 08898571008 – R.E.A. 1125501, Social Capital: 120.000 Euro, fully paid up, is the Controller for the data of Users who enter the Portal. The personal data controller manages the Portal and treats Users data who surf inside it and/or access to the following Sections:

  • Restricted Area”, in order to consult Qualitative Reports of CRM Applications and telephone Quantitative Reports of the Service;

  • Careers”, in order to submit job applications;

  • Contact us”, in order to send messages and communication.

The Data Controller ensures the respect of the rules it’s in charge of and foreseen by the Regulation, by Privacy Code and by the Guarantor of Privacy measures. Any information and request – pursuant to art. 7 of privacy Code and by art. from 15 to 22 and 34 of the Regulation – can be forwarded contacting the customer service of NUMERO BLU SERVIZI SPA: tel. 800120412, or writing to: privacy@numerobluservizi.it.

NUMERO BLU SERVIZI S.P.A collects, manages, preserves and deletes the personal data of Portal’s Users, through the collaboration of internal and external staff with the Responsibility for data processing and in Charge of the processing – appointed for that purpose – in compliance with the provisions of law and regulations. The complete list of the Appointed and Responsible persons for personal data Processing can be known writing to the customer service of NUMERO BLU SERVIZI SPA: tel. 800120412, or writing to: privacy@numerobluservizi.it.

Responsible for Data Protection (RPD)

NUMERO BLU SERVIZI S.P.A Controller of personal data collected within the Portal’s Users – in respect of art. 39 (and subsequent) of the Regulation – appointed as “Responsible for data protection” Mrs. Kathryn La Rocca, whose contact details are the following: kathryn.larocca@numeroblu.it.

Location of Data Processing

Users personal data processing – acquired through surfing in the Portal – is based in Italy, through servers located at the above mentioned NUMERO BLU SERVIZI S.p.A. headquarters and additional secondary offices; it is managed exclusively by the technical staff of the Department in charge of the processing, or by possible persons in charge of occasional maintenance operations.

Data processing takes place based on their storage in IT archives held at the Company and whose data access is limited to maintenance procedures in compliance with what foreseen by the Privacy Code Attachment B. No data processed through the Portal are communicated nor released.

Purpose and Modalities of Data Processing

The Portal provides information about the company NUMERO BLU SERVIZI S.P.A and the services offered by the same. Besides the surfing data, the Controller can process Users data – voluntarily provided – in the Sections “Careers” or “Contact us”.

The user expressly authorizes the Data Controller to use the personal data received for the following purposes:

– management of the account of the “Restricted Area”, for consulting the present Qualitative Reports of CRM Applications and of telephone Quantitative Reports of the Service;

to analyze and answer to the job applications received in the Section Careers”;

to answer to messages received in the Section “Contac us”.

Personal data provided by Users that access to the Sections “Restricted Area”, “Careers” or “Contac us” are used exclusively in order to accomplish the service and/or manage and /or take charge the request and are communicated to third parts only in case this is necessary to that end, in compliance with the applicable law norms and regulations. These data are not used for direct marketing purposes.

Personal data are treated with automated electronic tools, with computer aid (for example using electronic procedures and supports) and/or manually (for example on paper) for the time strictly necessary to attain the purposes for which data have been collected, and in compliance with the current regulatory provisions. After this time, data will be deleted.

Types of data processed

Surfing data

The IT systems and the software procedures in charge of the functioning of the Portal acquire – during their normal operations – some personal data (log files) whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be linked to identified persons, but – given its own nature – might allow to identify the Users through processing and associations with data held by third parties.

In this category of data, IP addresses or domain names of computers used by Users who connect to the website are included, as well as URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the form used for submitting the request to the server, the dimensions of the file obtained in response, the numeric code indicating the answering status of the response provided by the server (successful, mistake, etc.) and other parameters relevant to the operating system and to the User’s IT environment.

For any access to the Portal – independently from the presence or not of cookies – it is possible that the Site registers the following information: type of browser (ex. Internet Explorer, Netscape), operating system (ex. Windows, Macintosh), host and URL from the visitor, together with the data on the requested page. These data are used only in order to obtain anonymous statistical information on the use of the Site and to control the correct functioning of same; these data are deleted immediately after the processing. The data might be used to ascertain any responsibilities in case of hypothetical computer crimes against the Site or third parties: apart from this possibility, to date the data about web contacts are not stored in a permanent way, unless possible requests from user.

Data provided voluntarily by the User

The User can surf on the Site without revealing to the Data Controller his/her personal identity. However, if the User decides to provide his/her personal data, he/she consents to the collection and use of same, as described in the present Privacy Policy.

Should the User – connecting to this Portal – send in an optional, explicit and voluntary way his/her own personal data in the “Careers” section or through a message in the Section “Contact us”, this will imply the acquisition by the Data Controller of the sender address and/or of other possible personal data which will be processed exclusively to answer to the communication received.

With ‘personal data voluntarily provided’ it is meant:

– personal data (first name, last name, date of birth), identification data (fiscal Code), location data (address etc.), contacts (telephone data, email).

The Data Controller of the Portal does not process the particular data, pursuant to art. 9 of the Regulation.

Cookies

Cookies are not used for transmitting personal information, nor are used systems for tracking, identification and profiling of Users.

The use of cookies is strictly limited to the transmission of session identifiers (consisting of casual numbers generated by the server) necessary to allow a safe and efficient exploration of the site and used for statistical purposes for the detection of single monthly visitors. Cookies can be eliminated by the navigators using the functions of their own navigation program.

For more information, please verify the “Cookie Policy”.

Option of providing data

Besides what specified for surfing data, the User is free to provide his/her own personal data required in the sections “Careers”, “Contact us”, “Restricted Area”.

Personal data voluntarily provided in the section “Careers” or through a message in the section “Contact us”, are mandatory in order to receive an answer by the Data Controller. The lacking in providing them inhibits in fact the possibility of submitting the request to the relevant section.

The lacking in providing the necessary data for opening the account “Restricted Area”, inhibits to the Data Controller the provision of the relevant service to the Client, besides the fulfillment of the contractual provisions.

It should be remembered that in some cases strictly established (not subject of the ordinary management of the Portal), the Authority can ask for news and information – pursuant to art. 157 of legislative decree n. 196/2003 – in order to control the personal data processing. In these cases the answer is mandatory under penalty of administrative sanction.

Data communication setting

No personal data deriving from the surfing in the Portal and processed to work the requests of the User – accessing to the Sections “Careers”, “Contact us” or “Client Area” – is communicated or released.

The personal data provided by Users who submit job applications, messages or informative material (newsletters, answers to queries, etc.) are used exclusively for answering to the queries received and accomplish the service or the performance required, and are communicated to third parties only in case it is necessary to this end. Personal data provided by Users will be communicated to third parties only in case the communication is necessary in order to comply with the Users requests.

Users personal data are known, processed and managed by employees – and possibly parasubordinate subjects – of the Data Controller, to this end in charge of the Processing, in compliance with the applicable legal and regulatory provisions, and by the Persons in Charge of Data Processing, internal and external, specifically appointed, and their indicated employees and collaborators.

The User acknowledges and accepts that the Data Controller is allowed to divulge the personal data upon request of the Judicial Authority, within the limits prescribed by the law, and in cases of violations of Privacy Rules, of civil and criminal proceedings, also for violation of the rights of third parties, with the aim of protecting the rights, the property or the safety of any User, pursuant to art. 24 of the Privacy Code and 6 of the Regulation.

The Privacy Policy is exclusively referred to the use and to the disclosure of the data directly provided by the User. If the personal data are communicated to other parties on other Internet sites, the use and the disclosure of data communicated might be subjected to other rules. NUMERO BLU SERVIZI S.p.A. does not share or control the privacy policies or rules of third parties, and about other surfing please note that the User is subjected to the privacy rules of those third parties, if applicable. We therefore invite the Users to take information about this before communicating to others their personal data.

Marketing

The Data Controller does not sell nor transfer to third parties against payment the User’s personal data collected during the surfing in the Portal for marketing purposes without the involved User’s explicit consent.

The Data Controller may associate the Users data to the information gathered by other companies, aimed to improve and customize the services and the contents offered in the Portal.

Data transfer abroad

Portal Users personal data processed by the Data Controller and by any Person in Charge of the Processing – for this purpose appointed pursuant to the applicable Italian and Community regulatory provisions – are not transferred abroad to other European Union Countries nor to Third Countries.

Rights of Persons Concerned

Transparent Communication: Pursuant to art. 7 of personal data protection Code and to art. 15 -22 and 34 of the Regulation for Portal Users, contacting the customer service of NUMERO BLU SERVIZI S.p.A. (ph. 800120412) or writing to privacy@numerobluservizi.it, the Users can receive all the necessary information relevant to the processing in a concise, transparent, intelligible and easily accessible way, with a clear and simple language, particularly in case of information intended specifically for minors. Information is provided in writing or through other means, even – if applicable – electronically. If requested by the person concerned, information can be provided orally, if the identity of the person is proven through other means. The Data Controller cannot refuse to satisfy the person concerned request in order to exercise his/her rights, unless the Controller proves that it is not possible to identify the person concerned. The Data Controller provides to the person concerned the information relative to the action taken about a request, without unjustified delay and in any case at the latest within one month after having received the request itself.

Except for what prescribed by art. 12, paragraph 5 of the Regulation, information is given free of charge.

Without prejudice to the Data Controller of requiring any documents attesting to the identity of the subject requesting the information pursuant to art. 7 of the Privacy Code and art 12-22 and 34 of the Regulation, in case there are reasonable doubts about the identity of the physical person who presents the requests, pursuant to the above mentioned applicable regulatory requirements.

Right of access: The User expressly takes note that he/she has the right to obtain the indication:

  • of the origin and category of their personal data;

  • of processing purposes and modalities;

  • of the logic applied in case of processing through electronic tools;

  • of the identification details of the Controller, of the people in charge and of the designated representative;

  • of the subjects or of the categories of subjects to whom the personal data have been or will be communicated, particularly if recipients of third countries or international organizations , or who can get to know them as representative designated in the territory of the State, of persons in charge of or appointees;

  • of the foreseen personal data retention period, or – if it’s not possible – the criteria used to determine that period;

  • the data update, correction or – in case of interest – integration;

  • the personal data deletion or the restriction of the processing of the relevant personal data, or the opposition to their processing;

  • the transformation into an anonymous form or the block of data processed in violation of the law, included those for which the retention is not necessary for the purposes for which data have been collected or subsequently processed;

  • of knowing all the information available about the data origin;

  • the existence of an automated decision-making process, including profiling, meaningful information about the logic, and the importance and the foreseen consequences of such processing for the person concerned.

The Data Controller provides a copy of the personal data subjected to processing. In case of additional copies possibly requested by the person concerned, the Data Controller may charge a reasonable expense contribution based on the administrative costs. If the person concerned presents the request through electronic means – and unless otherwise indicated by the person concerned – information is provided in electronic format in common use.

The User always has the right of making a complaint to Guarantor for the protection of personal data.

In case the personal data are transferred to a third country or to an international organization, the person concerned has the right of being informed of the existence of adequate guarantees, pursuant to the UE Regulation 2016/679.

Right to data correction: The User has the right of obtaining by the Data Controller the correction of incorrect personal data without unjustified delay, as well as the integration for incomplete personal data.

Right to data cancellation: The User has the right of obtaining by the Data Controller his/her personal data cancellation without unjustified delay, and the Data Controller is obliged to cancel without unjustified delay the personal data – if the conditions foreseen by the Regulation, by the Privacy Code and by the Privacy Guarantor measures subsist.

Right to Data Processing Restriction: The User has the right of obtaining by the Data Controller the restriction of data processing when one of the following hypothesis occurs: a) the person concerned contests the exactness of his/her personal data, for the time necessary to the Data Controller to verify the exactness of those data; b) the data processing is illicit and the person concerned opposes to the cancellation of his/her personal data and asks – instead – that its use is restricted; c) although the Data Controller does not need them for processing purposes, personal data are necessary to the person concerned for the ascertainment, the exercise or the defense of a right in court; d) the person concerned opposed to the data processing pursuant to art. 21, paragraph 1 of the Regulation, awaiting the verification about the possible prevalence of Data Controller legitimate reasons vs. those of the person concerned.

Right to data portability: The User has the right to receive in a structured format – of common use and readable from an automatic tool – the personal data that concern him/her and has the right to transmit those data to another Data Controller without any impediments by the Data Controller to whom the data have been provided.

Right to opposition: The User has the right to oppose at any time – for reasons depending on his/her particular situation – to his/her personal data processing, included their profiling. The Data Controller refrains from further processing the personal data unless it can be demonstrated the existence of cogent legitimate reasons for proceeding to their processing that prevail on interests, rights and freedoms of the person concerned, or for the ascertainment, the exercise or the defense of a right in court. If personal data are processed for direct marketing purposes, the person concerned has the right to oppose at any time the processing of his/her personal data carried out for this purpose, including the profiling in so far as it is connected to such direct marketing, i.e. any data processing aimed to send advertising material or direct sale or for carrying out market researches or commercial communication.

Ban on spamming

The Controller of the Portal data and the Users do not tolerate the “spamming”, i.e. the unsolicited and not requested sending of commercial and advertising material and information. The Data Controller periodically carries out an automatic control of the messages and can use manual filters to verify the presence of spamming, viruses, attempts to acquire personal data, to put in place other illicit activities or to transmit illicit or forbidden contents, but does not file permanently the messages sent through these tools. The emails sent to the Data Controller will not be filed in a permanent way; the email address will not be used for marketing purposes nor will be ceded or sold.

Portal’s Restricted Area

Login and passwords are the only “keys” that allow the User to access the “Client Area” section. It is suggested that the User utilizes complex numbers, special writing letters and characters and does not reveal to third persons such information. Should the User decide to provide to third persons his/her login and password or personal information, he/she will be responsible for all the actions made through the use of his/her account. If the User loses the control of his/her password, he/she might not be able anymore to control the use of his/her personal data and he/she could be subjected to legally binding actions undertaken on his/her behalf. Therefore, if for any reason the password should result compromised, it is necessary to report it to the Data Controller, in order to immediately change the same.

Safety

The Data Controller ensures the safety of Users personal data, in compliance with art 31 and following of the Privacy Code and of the Attachment B of same, and art. 32 of the Regulation.

Principles of relevance and non-excess of processing.

User’s personal data will be treated according to the principle of relevance and non-excess in relation to the objectives pursued. Personal data will be stored for the strictly necessary time to the objectives pursued with the processing of same.

Right to Complaint

The User expressly takes note that the data processing carried out by the Controller is subjected to the control of the Guarantor for the protection of personal data, to whom it is possible to address any complaint about the data collection, management and processing in accordance with the Privacy Code.

Ban on Profiling

Portal’s Users data are not subject of profiling or processing through an automated decision-making process.