Notice pursuant to art. 13 Reg. UE 2016/679 (General Data Protection Regulation or GDPR) and art. 13 D.Lgs. 196/2003 (Privacy Code) and amendments thereto
CheckSig S.r.l., with registered office in Milan MI, piazza Liberty 8 CAP 20121, Tax and VAT Number 11028330964, PEC email address: email@example.com, is the Data Controller of data subject who visit www.checksig.io website and of customers who access the services provided by CheckSig.
CheckSig understands that you are aware of and care about your own personal privacy interests and we take that seriously. This Privacy Notice describes CheckSig’s policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. This Privacy Notice is drafted in a clear and intelligible way and accessible to the general public.
We recognize that information privacy is an ongoing responsibility and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
The notice is not valid for external links. Data Controller is not to be considered responsible for third parties’ web pages.
Any information relating to an identified or identifiable natural person (“data subject); an identifiable natural person is one who can directly or indirectly be identified, in particular by reference to an identifier such as a name, and identification number, a location data, an online identifier or to one or more specific factors to the physical, physiological, genetic, mental, economic, cultural or social identity (C26, C27, C30).
As a rule, the Website can be used without have to provide any personal data. Personal data are collected within specific sections of the website and via electronic forms only to access CheckSig services (i.e. request an appointment with our representatives). In this case, CheckSig, as Data Controller, collects and processes: first name and surname, email address and phone number.
During the onboarding process of the data subject, for personal identification purposes and in order to comply with the obligations concerning anti-money laundering and the fight against terrorist financing, additional personal data are collected through off-line questionnaires, direct requests and video-calls.
This may include:
In any case, CheckSig does not collect data from persons younger than 18 and does not process sensitive data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, or health status.
Personal data of the user are processed:
With regards to the personal data provided with no specific consent, the partial or incorrect and the lack of the provision of any personal data may result in the impossibility to provide the business services required and in any case prevent CheckSig from perform its contractual and legal obligations towards customers, employees, suppliers, business partners and, in general, all those connected with CheckSig itself.
Data processing is carried out through: data collection, recording, management, retention, consultation, processing, modification, selection, extraction, comparison, application, interconnection, blocking, communication, erasure and destruction. Personal data are processed both in paper and electronic and/or automated form with methods and tools in compliance with the security measures set forth in art. 32 of the GDPR and Annex B of the Privacy Code, by parties specifically appointed by CheckSig in compliance with the provisions of art. 30 of the Privacy Code, or parties in charge of personal data processing under the direct control of CheckSig as provided for by Article 4, paragraph 10, of the GDPR. In order to comply with all obligations regarding anti-money laundering, CheckSig, as Data Controller, makes use of third-party services, duly authorized through specific outsourcing contracts.
Data Controller or Data Processor shall process and retain Personal Data for the shortest time necessary to fulfill the purposes set out and only for the time necessary to complete the retention as provided for by the GDPR. Both the processing and retention, however, are set for no more than 10 years from the term of the processing agreement entered into for service purposes, and for no more than 12 months from data collection for marketing purposes. After these retention periods, personal data will be blocked, destroyed or made anonymous in accordance with legal requirements.
Provided data will be shared with recipients who will treat them as data processors (art. 28 Reg. UE 2016/679) and/or as natural person acting under the controller’s or processor’s authority (art. 29 Reg. UE 2016/679) for former purposes. Namely, data will be shared with:
Personal data will be transferred to countries within or outside the UE, notably in Switzerland, only upon specific consent of each data subject, to countries that guarantee an adequate level of protection of the personal data collected and only after entering into agreements containing standard clauses approved by the European Commission, which guarantee that the processing of personal data complies with legal principles and requirements set out in the GDPR.
Under the GDPR, the data subject may freely exercise, at any time, the following rights under the artt. 15-21, to:
The data subject is also entitled to the rights to be forgotten, the right to restrict processing, the right to data portability, and without prejudice to any other administrative or judicial remedy, in case you consider the processing conflicting with Reg. UE 2016/679, pursuant to article 15 lett. f) the right to lodge a complaint with a supervisory authority (www.garanteprivacy.it).
The interested party may, at any time, apply his/her rights by sending a request drawn up on the basis of the form prepared by the Personal Data Protection Authority, available here, to be sent by registered letter with return receipt addressed to CheckSig S.r.l., at its registered office or by email.