Information Notice on the Processing of Personal Data pursuant to Article 13 of EU Regulation 2016/679
Homnya S.r.l., with registered office in Via della Stelletta, 23, 00186 Rome (hereinafter also referred to as the “Data Controller” or “Homnya”), is constantly committed to protecting the privacy of all users who access the services provided by the Data Controller (the “Services”). This document (the “Information Notice”) has been drafted to help you understand how your personal data, as defined below, will be processed in connection with the services, so that you may give informed and explicit consent to the processing operations described herein, where appropriate. In general, any personal data or information you provide to Homnya will be processed in accordance with internationally recognized principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.
Data Controller
Pursuant to EU Regulation 679/2016 (the “Regulation”), we inform you that your personal data will be processed by Homnya S.r.l. as the Data Controller. The Data Controller contact details: Homnya S.r.l. – Via della Stelletta 23, 00186 Rome E-mail: privacy@homnya.com. The Data Protection Officer (“DPO”) contact details: Largo Boccioni 1, 21040 Origgio (VA), Italy; Phone: +39.02.96515401; E-mail: homnya.dpo@avvera.it
Types of Personal Data Processed
The Controller will process your personal data collected in connection with the requested services, which may include but are not limited to: name, surname, and e-mail address.
Purposes, Legal Basis, and Optional Nature of Processing
Your personal data will be processed for the following purposes:
- To perform the requested services, including providing information or advice regarding the activities carried out by Homnya, and responding to information requests submitted via the online form and/or chat;
- To fulfill legal obligations to which the Controller is subject;
- To protect the Controller’s rights and interests in legal or out-of-court proceedings.
The legal bases for processing for the above purposes a) b) c) are respectively the Articles 6.b), 6.1.c), and 6.1.f) (i.e., legitimate interest for defensive purposes) of the Regulation.
Providing your personal data for the purposes referred to the points a) and b) is optional, but failure to provide such data may make it impossible to perform the requested services.
Your personal data will also be processed, with your specific consent, for the following purposes:
- Sending promotional and marketing communications regarding the Data Controller’s products and services and those of its commercial partners, including newsletters and market research, using automated tools (e.g., SMS, e-mails, push notifications, automated calls without human operator, social media) and traditional tools (e.g., postal mail, telephone with operator);
- Communication of your personal data to companies with which the Controller has entered into commercial agreements and/or partnerships in the following categories: communication and marketing; legal, tax, financial, administrative, insurance, educational, IT/technology; social-humanitarian; real estate; film and television production; healthcare, medical/pharmaceutical, and personal and leisure services, for their own direct marketing purposes through automated tools;
- Profiling activities aimed at improving the quality of the services provided and the relevance of commercial communications to your preferences, habits, and/or choices, including cross-referencing your personal data with other databases held by the Controller.
The legal basis for processing under points d), e), and f) is Article 6.1.a) of the Regulation (consent).
The provision of your personal data for the above purposes is optional and refusal will have no consequences.
You may object at any time to the processing of your personal data for marketing purposes or withdraw your consent by contacting the Data Controller using the contact details provided in this Information Notice. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
You may also send personal data of third parties to the Data Controller. In such cases, you act as an independent data controller, assuming all the obligations and responsibilities under applicable law. In this regard, you shall indemnify the Data Controller in full for any claims, demands, or compensation for damages arising from the unlawful processing of such data. In any case, if you provide or otherwise process personal data of third parties, you hereby confirm that you have a valid legal basis to do so.
Recipients and Transfer of Personal Data
Your personal data may be shared with:
- natural persons authorized by the Data Controller to process personal data pursuant to Article 29 of the Regulation as part of their work duties (e.g., employees and system administrators);
- service providers (e.g., lawyers, accountants, consultants, banks, etc.) who typically act as data processors pursuant to Article 28 of the Regulation or as independent data controllers;
- entities, bodies, or authorities to whom the personal data must be disclosed by law or by order of the authorities;
- with your consent, commercial partners with whom the Controller has signed agreements and/or partnerships as listed in section e) of the previous “Purposes, Legal Basis, and Optional Nature of Processing” paragraph.
The complete and updated list of data recipients can be requested from the Data Controller using the contact details above.
Transfer of Data Outside the EU
If your personal data is transferred to countries outside the European Economic Area (“EEA”), such transfers will take place in compliance with applicable laws, including the adoption of Standard Contractual Clauses approved by the European Commission, the selection of subjects adhering to international data transfer frameworks, or transfers to countries deemed adequate by the European Commission.
Further information is available upon request from the Data Controller.
Data Retention
Your personal data will be retained only for the time necessary to fulfill the purposes for which it was collected, in accordance with the principle of data minimization and storage limitation set out in Article 5.1.c) and e) of the Regulation.
Any further retention required by applicable laws is reserved. At the end of the retention period, personal data will be deleted in a manner that ensures it cannot be reconstructed or read. More information is available from the Data Controller.
Data Processing Methods
The processing of personal data takes place using manual, computerized and telematic tools with logic strictly related to the above purposes and in a manner that ensures the security and confidentiality of the data, in accordance with legal requirements.
Your Privacy Rights
You have the right to ask the Data Controller, at any time, for access to your personal data, the correction or cancellation of the same or to oppose their processing, you have the right to request the limitation of processing in the cases provided for by art. 18 of the Regulation, to revoke the consent given pursuant to art. 7 of the GDPR at any time; to obtain in a structured format, commonly used and readable by automatic device, the data concerning you, in the cases provided for by art. 20 of the Regulation; as well as to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data) pursuant to art. 77 of the Regulation, if you believe that the processing of your data is contrary to the legislation in force. You may submit a request to oppose the processing of your data pursuant to Article 21 of the GDPR in which you give evidence of the reasons that justify the opposition: the Data Controller reserves the right to evaluate your request, which would not be accepted in case of existence of binding legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms. All requests must be submitted in writing to the Data Controller at the contact details above.
