PRIVACY STATEMENT PURSUANT TO ARTICLE 13 UE Reg. no. 679/106
Pursuant to article 13 UE Reg. no. 679/2016 and Italian Legislative Decree no. 196/2003 (as subsequently amended and supplemented), CLAL S.r.l. provides the following information:
General purposes for which data are processed.
All personal data acquired and/or requested, either before a business relationship has been set up, or in the course of such a relationship, will be processed with a view to satisfying your requests (e.g. newsletter, requests to Clal, registration on CLAL and TESEO websites and apps and consequent navigation, etc.), ensuring that administrative and legal obligations are performed correctly, that contractual obligations are satisfied and, as a result, that those obligations are performed correctly by the company CLAL S.r.l., thereby allowing the business activities most closely linked to its objects to be conducted as efficiently as possible by the said company.
Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing, the Data Controller has, both at the time of establishing the means for processing and at the time of the processing itself (referred to as risk analysis - accountability), implemented appropriate technical and organizational measures, which are designed to implement data protection principles in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of UE Reg. no. 679/2016 and to safeguard the rights of the data subject.
The conferment of data is optional, but necessary for the purpose of setting up and concluding an agreement; a refusal may therefore make it impossible for a working relationship to be set up with the data subject.
It is pointed out that, nowhere on the site, nor for the purpose of accessing any site function, is the conferment of “special categories of personal data” and/or “personal data relating to criminal convictions and offences” requested, as defined in art. 9 and 10 of UE Reg. 679/2016: whenever the User sends the Data Controller information of this type of his own free will, the Data Controller will process the data in a manner in keeping with current data protection legislation (UE Reg. 679/2016) and to the extent strictly necessary with regard to the requests made by the User concerned.
We remind you that this privacy statement relates solely to the websites www.clal.it, news.clal.it, teseo.clal.it and CLAL and TESEO apps and not to other sites that may be consulted by the user via links. We also remind you that by sending electronic mails spontaneously, expressly and voluntarily to the address indicated on this site, the sender’s address, required in order to satisfy requests for information, is thereby obtained, as well as any other personal data included in the message.
The conferment of data is optional for the purposes described under letter a), but failure to provide such data (see mandatory data, marked with <<*>>) may make it impossible for our Company to satisfy your request to subscribe to our newsletter; the processing is not based on the suppositions described in art. 6, paragraph 1, lett. f) of EU Reg. no. 679/2016.
Your personal data will be processed by subjects specifically instructed by the Data Controller to act as data processors and/or by any subject acting with its authorisation, who has access to personal data; these subjects will process your data only when necessary for the purposes for which they were conferred and solely in the performance of the tasks assigned to them by the Data Controller, undertaking to process exclusively those data necessary for the performance of such tasks and solely for the purpose of carrying out operations necessary for the performance thereof.
c1) The Data Controller may transfer personal data to another country or to an international organisation; this could happen in case of use of specific IT services that involve a transfer of data to the U.S.A. (the transfer abroad takes place pursuant to art. 46, par. 2, letter c) of EU Reg. 679/2016, by virtue of the provision of Type Data Protection Clauses).
In the case of transfers referred to in article 46 or 47, or article 49, paragraph 1, second clause, we inform you that a copy of these guarantees may be requested from the Data Controller by sending a specific request to the addresses indicated in point a) of this information and a copy of these guarantees will be made available at the registered office of the Data Controller.
c2) Data will not be transferred to other third parties, unless your express consent is first obtained.
Your personal data will not be disseminated.
Data will be kept for the period strictly necessary to achieve the aforementioned purposes, in a form that allows the data subject to be identified for a period not exceeding that strictly necessary for the purposes for which they were collected or later processed, following which, unless expressly reconfirmed by the data subject, they will be destroyed, or may always be rendered anonymous.
Should it prove necessary for personal data conferred to be processed for purposes differing from or additional to those described above, the Data Controller will provide you with information regarding the purposes in question and any other relevant details.
Data will be processed with the implementation of methods and tools that are capable of guaranteeing security (art. 24, 25 and 32 UE Reg. no. 679/2016) and by means of automated processes and non-automated means (paper-based filing), applying all the technical and organizational measures to ensure a level of security appropriate to the risk, and thereby guaranteeing the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
Rights of data subject
The Data Controller is CLAL S.r.l., Viale Caduti in Guerra, 1, (41121) Modena, tel. 059.214171, -
In accordance with art. 28 of EU Reg. no. 679/2016, the Data Controller may use third parties to process data on its behalf, formally appointed as data processors. A full, up-to-date list of the data processors appointed will be sent to you by the Data Controller upon request, at the addresses indicated above.
In accordance with art. 29 of EU Reg. no. 679/2016, the Data Controller may benefit from the services of anyone who has been authorised by it and/or by the appointed data processor; these subjects will be instructed accordingly.
The Data Controller also informs you that:
the data subject is entitled to obtain from the Data Controller access to his personal data, their rectification or erasure or the restriction of processing operations regarding him or to object to such processing and he also has the right to portability of the data (art. 15, art. 16, art. 17, art. 18, art. 20 EU Reg. no. 679/2016); by exercising the right of access, the data subject is entitled to obtain confirmation from the data controller as to whether or not his or her personal data are being processed, whilst the right to data portability entitles the data subject to request personal data in a structured, commonly used and machine-readable format, or to transmit those data from the original data controller to another (see WP 242 dated 13.12.2016);
the data subject is entitled, when data are processed in the manner envisaged in article 6, paragraph 1, letter a) or article 9, paragraph 2, letter a), to withdraw his consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
the data subject is entitled to make a claim to a supervisory authority;
the data subject is entitled to be informed, by the Data Controller, who is obliged to take the necessary measures without undue delay, of any personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons (art. 34 UE Reg. no. 679/2016).
You can contact the Data Controller in order to enforce your rights; the full text of the articles from EU Reg. no. 679/2016 relating to your rights (articles 15 to 23 inclusive) can be consulted at any time at the following link found on the website of the Italian Data Protection Supervisor:
or, alternatively, you can ask for a copy from the Data Controller, sending a message to the addresses indicated above.
Revised in May 2018