info@handyrent.it
+39 389 6509 168
Terms of Use
Privacy 01618880916
Copyright 2024 Handy S.r.l
HANDY S.R.L. is a company specializing in the Information Technology sector.
With this document (hereinafter referred to as the 'Privacy Policy'), we aim to renew our commitment to ensuring that the processing of personal data collected through this website (hereinafter referred to as the 'Site'), whether automated or manual, is fully compliant with the guarantees and rights provided by Regulation (EU) 2016/679 (hereinafter referred to as 'GDPR' or 'Regulation') and other applicable data protection laws.
The term 'personal data' refers to the definition in Article 4, point 1) of the Regulation, which states, 'any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person' (hereinafter referred to as 'Personal Data').
The Regulation requires that before processing Personal Data—meaning any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, or deletion—the individual whose Personal Data is concerned must be informed about why such data is being requested and how it will be used.
This Privacy Policy, based on the principle of transparency and containing all elements required by Articles 13 and following of the Regulation, aims to provide you, simply and intuitively, with all the necessary and useful information so that you can supply your Personal Data consciously and informed, and request clarifications and/or corrections at any time.
The company processing your Personal Data for the primary purpose described in the 'Purposes' section of this Privacy Policy and acting as the data controller, as defined in Article 4, point 7) of the Regulation, which specifies that the data controller is 'the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data,' is:
HANDY S.R.L. (hereinafter referred to as the 'Controller'), with its registered office at Via Einaudi 13c, VAT No. 01618880916, 08015 - Macomer (NU).
Your personal data is collected and processed by the Controller for purposes strictly related to the use of the Site and its informational services. Additionally, your personal data may be used in other processing operations (such as storage, archiving, elaboration, etc.) compatible with these purposes. Specifically, your personal data may be processed for the following purposes:
a) To respond to inquiries;
b) To enable the provision of services you have requested;
c) To comply with legal obligations;
d) To send promotional and direct marketing communications, including newsletters and market research.
The legal basis for processing personal data for the purposes outlined in points a), b), and c) is Article 6, paragraph 1, letters b) and c) of the GDPR, as the processing is necessary to respond to the data subject's requests, provide the requested services, and fulfill the Controller's legal obligations. Providing personal data for these purposes is optional, but failure to do so may prevent activation of the services provided by the site or responding to requests.
The legal basis for processing personal data for the purpose described in point d) is Article 6, paragraph 1, letter f) of the GDPR. The Controller may perform this activity based on its legitimate interests, independent of your consent, and until you object or limit (as provided in the 'Rights' section) such processing, as better explained in Recital 47 of the Regulation, which considers it legitimate to process personal data for direct marketing purposes. This is also based on the Controller's assessment of whether your interests, rights, and fundamental freedoms, requiring the protection of personal data, prevail over its legitimate interest in sending direct marketing communications.
Contact methods for direct marketing activities may be automated or traditional. However, as better specified in the 'Rights' section, you can withdraw your consent, even partially, for example, by agreeing only to traditional contact methods.
Regarding contact methods involving your telephone numbers, the Controller's direct marketing activities will be carried out following verification of your possible registration in the Opposition Register, as required by the provisions of Legislative Decree 7 September 2010, no. 178 and subsequent amendments.
The personal data required for the purposes listed above will be those indicated in the contact form, including but not limited to: name, surname, email address, and phone numbers.
Your personal data may be disclosed to specific recipients who are considered recipients of such personal data.
Indeed, Article 4, point 9) of the Regulation defines the recipient of personal data as 'a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not' (hereinafter referred to as the 'Recipients').
To properly carry out all the processing activities necessary to achieve the purposes described in the 'Purposes' section, the following Recipients may be involved in processing your personal data:
Third parties performing part of the processing activities and/or activities related and instrumental to them on behalf of the Controller. These parties have been designated as data processors, as defined in Article 4, point 8) of the Regulation, 'a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller' (hereinafter referred to as the 'Processor').
Natural persons, employees, and/or collaborators of the Controller, entrusted with specific and/or multiple processing activities related to your personal data. These individuals have been instructed on the security and proper use of personal data and are defined, under Article 4, point 10) of the Regulation, as 'persons authorized to process personal data under the direct authority of the Controller or Processor' (hereinafter referred to as 'Authorized Persons').
Should it be required by law or to prevent or suppress a crime, your personal data may be disclosed to public authorities or judicial authorities without being considered Recipients. According to Article 4, point 9) of the Regulation, 'public authorities to which personal data may be disclosed in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.'
One of the principles applicable to processing your personal data concerns the limitation of retention periods, as governed by Article 5, paragraph 1, letter e) of the Regulation, which states, 'Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1), subject to the implementation of the appropriate technical and organizational measures required by this Regulation to safeguard the rights and freedoms of the data subject.'
In light of this principle, your personal data will be processed by the Controller only for the time necessary to achieve the purposes described in the 'Purposes' section.
In particular, regarding the purposes described in the 'Purposes' section, your personal data subject to legal obligations will be processed for the minimum time necessary, as indicated in Recital 39 of the Regulation, i.e., three months from the contact request.
Concerning the processing carried out for the purpose described in the 'Purposes' section of this Privacy Policy, the Controller may lawfully process your personal data for one year.
As required by the Regulation, if you have given consent for the processing of your personal data for one or more purposes for which it was requested, you may withdraw it in whole or in part at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
The methods for withdrawing consent are very simple and intuitive. You just need to contact the Data Controller using the contact channels provided in this Privacy Policy.
As provided by Article 15 of the Regulation, you have the right to access your personal data, request their rectification or update if incomplete or inaccurate, request their deletion if the collection was carried out in violation of any law or regulation, and object to the processing for legitimate and specific reasons.
In particular, we inform you of all your rights that you can exercise at any time with respect to the Data Controller.
You have the right, under Article 15, paragraph 1, of the Regulation, to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed, and, if so, to access such personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom your personal data have been or will be disclosed, particularly recipients in third countries or international organizations; d) where possible, the period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request the rectification or deletion of personal data or the restriction of processing, or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data have not been collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling, as referred to in Article 22, paragraphs 1 and 4, of the Regulation, and, at least in such cases, meaningful information about the logic involved, as well as the significance and consequences of such processing for the data subject.
You can find all this information within this Privacy Policy, which will always be available in the Privacy section of the Site.
You may request, under Article 16 of the Regulation, the rectification of your personal data if they are inaccurate. Considering the purposes of the processing, you also have the right to have incomplete personal data completed, including by providing a supplementary statement.
You have the right, under Article 17, paragraph 1, of the Regulation, to obtain the deletion of your personal data without undue delay, and the Data Controller is required to delete your personal data if one of the following grounds applies: a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; b) you have withdrawn consent on which the processing is based, and there is no other legal basis for the processing; c) you have objected to the processing under Article 21, paragraphs 1 or 2, of the Regulation, and there are no overriding legitimate grounds for processing; d) the personal data have been processed unlawfully; e) the deletion of personal data is necessary for compliance with a legal obligation under Union or Member State law.
In some cases, as provided under Article 17, paragraph 3, of the Regulation, the Data Controller may refuse to delete your personal data if their processing is necessary, for example, for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research, or for statistical purposes, or for the establishment, exercise, or defense of legal claims.
You have the right to obtain restriction of processing, under Article 18 of the Regulation, in the following cases: a) if you contest the accuracy of your personal data (restriction will apply for the period necessary for the Data Controller to verify the accuracy of the personal data); b) if the processing is unlawful, but you oppose the deletion of your personal data and instead request restriction of its use; c) even if the Data Controller no longer needs the personal data for processing purposes, they are necessary for the establishment, exercise, or defense of a legal claim; d) if you have objected to the processing under Article 21, paragraph 1, of the Regulation, pending verification of whether the legitimate grounds of the Data Controller override your rights.
In the case of restriction of processing, your personal data will only be processed, except for storage, with your consent or for the establishment, exercise, or defense of a legal claim, or for the protection of another person’s rights, or for substantial public interest reasons. You will be informed before the restriction is lifted.
You may, at any time, request and receive, under Article 20, paragraph 1, of the Regulation, all your personal data processed by the Data Controller in a structured, commonly used, and machine-readable format, or request that they be transmitted to another Data Controller without hindrance. In this case, it will be your responsibility to provide the exact details of the new Data Controller to whom you intend to transfer your personal data, granting us written authorization.
Under Article 21, paragraph 2, of the Regulation and as reiterated in Recital 70, you may object, at any time, to the processing of your personal data when it is carried out for direct marketing purposes, including profiling insofar as it is related to such direct marketing.
Without prejudice to your right to seek administrative or judicial remedies, if you believe that the processing of your personal data by the Data Controller is in violation of the Regulation and/or applicable law, you may lodge a complaint with the competent Supervisory Authority, the Data Protection Authority.
To exercise all the rights listed above, you simply need to contact the Data Controller using the following methods:
- Send an email to info@handyrent.it;
- Send a registered letter to the legal headquarters of HANDY S.R.L.
Your personal data will be processed by the Data Controller within the territory of the European Union.
If, for technical and/or operational reasons, it becomes necessary to involve entities located outside the European Union, we inform you in advance that such entities will be appointed Data Processors pursuant to Article 28 of the Regulation, and the transfer of your personal data to these entities, limited to the specific processing activities, will be governed in accordance with the provisions of Chapter V of the Regulation.
All necessary precautions will be taken to ensure the full protection of your personal data, basing such transfers on: (a) adequacy decisions of the third countries concerned issued by the European Commission; (b) appropriate safeguards provided by the third-party recipient under Article 46 of the Regulation; (c) the adoption of binding corporate rules; (d) the use of standard contractual clauses approved by the European Commission.
In any case, you may request further details from the Data Controller if your personal data have been processed outside the European Union, requesting evidence of the specific safeguards implemented.