Altea Federation is a brand under which some business consulting companies collaborate in a FEDERATIVE MODEL by providing their clients with a wide range of consultancy services, MANAGEMENT AND INNOVATIVE INFORMATION SOLUTIONS.
Altea Federation is committed to protecting and respecting the personal data of Clients and of anyone who relates to it, ensuring the compliance with current legislation such as the Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”).
“Personal data”, are “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”; as per GDPR art. 4.1
The GDPR provides that before proceeding with the processing of Personal data (where “Processing” means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”, as per GDPR art. 4.2) the natural person to whom the Personal data refers, is duly informed about reasons for which such data are requested and how they are used.
With this Privacy Notice we want to tell you the purposes of the processing for which your personal data are intended, how we may use your personal data and how we protect them, according to GDPR.
Where necessary, this notice may be supplemented by a form for the release of your consent pursuant to and for the purposes of art. 7 of GDPR.
The Data controller is Altea S.p.A., Registered Office: Feriolo di Baveno (VB), Strada Cavalli, 42, registered at Italian Business Register of IT-Verbania (VB), tax and VAT number: 01440580031.
The Data controller is “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”, as per GDPR art. 4.7:
Some data processing, as identified in the following Article 4, will be done in collaboration with the following subjects (“Joint controllers” with AlteaS.p.A. according to GDPR, art. 26.1: “Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers”):
ALTERNA S.R.L. con sede legale in VIA ISONZO N° 61 – 40033 CASALECCHIO DI RENO (BO);
ALTEA UP S.R.L. con sede legale in VIA LEPETIT, 8 – 20020 LAINATE (MI);
ALTEA IN S.R.L. con sede legale in VIA LEPETIT, 8 – 20020 LAINATE (MI);
ALTEA 365 S.R.L. con sede legale in VIA LEPETIT, 8 – 20020 LAINATE (MI);
ALTEA PEOPLE S.R.L. con sede legale in VIA LEPETIT, 8 – 20020 LAINATE (MI);
NEXTEA S.R.L. con sede legale in VIA LEPETIT, 8 – 20020 LAINATE (MI);
H-ENERGY1 S.R.L. con sede legale in Via Sile, 41 – 31056 RONCADE (TV);
AI S.R.L. con sede legale in VIA MARTIRI DELL’ITALICUS, N.2, 40033 CASALECCHIO DI RENO (BO);
I-AM S.R.L. con sede legale in VIA LEPETIT, 8 – 20020 LAINATE (MI);
RUN TIME SOLUTIONS S.R.L. con sede legale in VIA ACHILLE GRANDI, 23 – 20092 CINISELLO BALSAMO (MI);
INFORMATION WORKERS GROUP S.R.L. con sede legale in VIALE AVIGNONE, 94 – 00144 ROMA (RM);
In accordance with GDPR art. 26 the Joint controllers have concluded an agreement with which they have committed themselves to:
jointly determine some purposes and some modality of Personal data processing;
jointly determine the procedures to give you a quick feedback in case you exercise your rights, as GDPR art. 15, 16, 17, 18 e 21, and in case of portability request, as per GDPR art. 20;
jointly define the common parts of this Privacy Notice, providing all the information required by the GDPR.
The Controller / Joint controller will process your Personal data that are necessary for the performance of one or more contracts to which you are party, or in order to take steps at your requests even before entering into a contract (e.g. downloading of informative material, participation in events and webinars, etc.) (GDPR, art. 6.1.b) and for compliance with legal obligations to which the Controller and the Jont Controllers are subject (e.g. administrative, accounting and tax obligations) (GDPR, art. 6.1.c).
The following additional Processing will be performed by the Controller / Joint controller without your consent, as it is necessary for the purposes of the legitimate interests pursued by the Controller / Joint controller, as per GDPR, art. 6.1.f:
Direct marketing: promotional and marketing activities performed by the Controller / Joint controllers, through communications relating to services, products, initiatives and offers similar to those you have already received by the Controller / Joint controllers.
Each email sent to you will contain the link to click to refuse further submissions.
The following data processing by the Controller / Joint controllers, will be performed only with your consent, as per GDPR, art. 6.1.a and 7:
Indirect marketing: promotional and marketing activities performed by the Controller / Joint controllers, through communications relating to services and products provided to you by third parties with whom the Controller has legal relations
Profiling: evaluation of your personal preferences, needs and consumer habits, also in relation to market surveys and statistical analysis. This data processing will be done to better understand your needs, to provide you customized offers and services and to offer you ever more relevant and competitive products and services.
Direct and Indirect marketing can be carried out both with traditional methods (e.g. paper mail, call from an operator, etc.) and with automated methods and/or assimilated (es. e-mail).
in full compliance with the principles of confidentiality, correctness, necessity, relevance, lawfulness and transparency so as to guarantee the security and confidentiality of data, through the adoption of the measures envisaged by article 32 of GDPR in order to preserve the integrity of the processed data and prevent access to the same by unauthorized parties
by authorised and specialized persons, by means of paper, IT and electronic tools and with any other type of suitable technology.
The Controller / Joint Controller may communicate your data to the following Recipients.
A “Recipient” is “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not”, as per GDPR, art. 4.9:
Third parties who carry out part of the data processing and / or activities related to them on behalf of the Controller / Joint controllers. Prior to processing, these third parties will be appointed as “Data processors”. A “Data processor” is “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller”, as per GDPR, art. 4.8
Employees, collaborators or individual consultants of the Controller / Joint controllers, to whom specific processing activities have been assigned; these persons are identified as “Authorised persons”.
Legal authorities and other public authorities, where required by law.
Personal data will be processed by the Controller / Joint controllers within the EU.
In the event that any technical and/or operational reasons makes it necessary, it may be necessary to make use of subjects which are outside the EU. In this case, the Controller / Joint controllers will designate these subjects as “Personal data Processor” as per GDPR, art. 28. Any transfer of Personal data outside EU will be done in compliance with the applicable laws. To protect your Personal data, appropriate guarantees will be adopted, including the “Adequacy Decisions” and the “Standard Contract Terms” approved by the European Commission.
Your data will be retained by the Controller to the extent necessary and sufficient for the accomplishment of the purposes described in Art. 3 above, or until the termination of the relationship with the Controller except for a further retention period which may be imposed by law.
With reference to the purposes described in Art. 4 above, the Joint controllers will process your Personal data until you communicate your will to revoke your consent to one or all of the purposes for which it was requested.
Under GDPR, you have rights we need to make you aware of. They are described in GDPR, art. 15-22 (click here to view them). Here is a summary:
Your right of access (art. 15 GDPR). You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access your personal data and ask to us a copy of your personal data.
Your right to rectification (art. 16 GDPR). You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure (art. 17 GDPR). You have the right to ask us to erase your personal information in certain circumstances (“right to be forgotten”).
Your right to restriction of processing (art. 18 GDPR). You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to data portability (art. 20 GDPR). This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Your right to object to processing (art. 21 GDPR). You have the right to object to processing for legitimate reasons, including, direct and indirect marketing, surveys, profiling.
Your right to not be subject to a decision based solely on automated processing, including profiling, in certain circumstances (art. 22 GDPR).
Your right to withdraw your consent at any time (art. 7, para 3 GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before the withdrawal.
Your object to processing your Personal data for marketing purposes by automated means (e.g. email), will also be extended to the traditional means (e.g. paper mail), unless specific requests.
To execute any of these rights, please contact the Controller / Joint controllers
It is always possible to withdraw your consent to receive commercial information from us, using the dedicated link in the e-mails we send you, or by sending a written communication to the Controller / Joint controllers.