PRIVACY POLICY – BROCHURE
PRIVACY POLICY – BROCHURE
Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation , hereinafter “GDPR” or “Regulation”) We inform you that the personal data that you provided to IMQ Minded Security S.r.l. (hereinafter the “Company”), in compliance with the aforementioned legislation and in accordance with the confidentiality obligations which inspire the activity of our Company, will be processed as referred into Article 4 GDPR.
DATA CONTROLLER
IMQ Minded Security S.r.l., located at Via Marco Fabio Quintiliano 45 – 20138 – Milano (MI) Italy, VAT n. IT05756380480, e-mail: [email protected]. The Data Controller has appointed a Data Protection Officer, who may be contacted at the following email address: [email protected]
PURPOSES OF THE PROCESSING ACTIVITIES
The collection and processing of your personal data collected after filling in the form have the purpose to manage the requests to receive a brochure of services offered by the Data Controller, related to:
- Client-Side Security Assessment;
- Manual Secure Code Review for critical applications;
- Mobile Security Assessment;
- Advanced training on how to fix vulnerabilities in the code;
- Secure Coding Guidelines;
- High level training on Software Security;
- Advanced Penetration Testing with fixing support;
- JavaScript Security Training;
- How to start a Software Security Program in the client’s company.
CATEGORIES OF PERSONAL DATA AND METHODS OF PROCESSING ACTIVITIES
The Data Controller will process personal data provided spontaneously by the data subject, including the name, contact details, some professional information, as well as an e-mail address.
With reference to the methods of the processing activities carried out by the Company, the processing activities will be carried out both manually and with the aid of electronic tools, based on logical criteria that are compatible and functional to the purposes for which the data were collected, in compliance with the rules of confidentiality and security provided for by the law and by internal company regulations.
LEGAL BASIS OF THE PROCESSING ACTIVITIES
The legal basis is the performance of pre-contractual and contractual measures related to request for information of the data subject on the services offered by the Data Controller (Article 6, par. 1, lett. b) GDPR).
DATA RETENTION
Personal data provided will be stored for the period of time necessary to ensure a correct and complete response to the request. Furthermore, personal data may be stored until the contractual claims connected to the pending contract of which the personal data are processed has been performed or expired.
IMPLICATIONS IN CASE OF REFUSAL TO PROVIDE PERSONAL DATA
The data subject has the freedom to provide their personal while those requested by the Data Controller are necessary ones to give a response to the request.
The refusal or incorrect provision of personal data may make it impossible to follow up to the request.
SHARING, COMMUNICATION AND DISCLOSURE OF PERSONAL DATA
Personal data collected through the website will not be disclosed. The data collected may be transferred, for activities strictly connected to the service required, to persons qualified as “Data Processors” pursuant to Article 4, par. 8 GDPR and Article 28 GDPR (e.g., hardware and software assistance companies, companies with technical and organizational tasks on the website) and by persons authorized to the processing pursuant to Article 29 GDPR, operating under the direct authority of the Data Controller (e.g., employees and contractors).
Personal data may also be disclosed to service companies or professionals in the context of assistance and consultancy relationships, for the purposes strictly connected with those indicated above.
TRANSFER OF PERSONAL DATA TO COUNTRIES NOT BELONGING TO THE EU (THIRD COUNTRIES)
Data subject’s personal data will not be transferred outside the European Union.
RIGHTS OF THE DATA SUBJECTS
The GDPR expressly provides for certain rights of the persons to whom the data refer (so-called “data subjects”). Pursuant to Articles 15-22 GDPR, each data subject has:
- right to access their information, asking for full details of the personal information hold by the Data Controller;
- right to data portability, asking for and downloading personal information hold by the Data Controller, so the data subject can move, copy or keep it for themselves;
- right to be informed, asking for their personal information hold by the Data Controller and having the details of their usage (e.g., what they are used for, how long they are kept, with whom they are shared with);
- right to rectification, providing the correct information to the personal data deemed wrong and hold by the Data Controller;
- right to restrict the processing activities, asking to use or store their information only for certain purposes;
- right to object, asking to stop using their personal information;
- right to erasure, also known as the “right to be forgotten”, asking to delete their personal information to be deleted.
The data subject also has the right to lodge a complaint with a Supervisory Authority if they believe their rights described herein have not been recognized.
QUESTIONS, COMPLAINTS AND EXERCISE OF RIGHTS
In order to exercise the aforementioned rights please write an e-mail to the Data Controller: IMQ Minded Security S.r.l., located at Via Marco Fabio Quintiliano 45 – 20138 – Milano (MI) Italy, VAT n. IT05756380480, e-mail: [email protected]. The Data Controller has appointed a Data Protection Officer, who may be contacted at the following email address: [email protected]