POLICY ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF THE REGULATION (UE) 2016/679 (“GDPR”)

With this document, VIASAT GROUP SPA provides data subjects attributable to its own customers with information on the processing of personal data related to them.

Who processes personal data

The Data Controller, who determines the purposes and means of personal data processing, is VIASAT GROUP SPA, with headquarters in Via Aosta, 23 - 10078 Venaria Reale (TO), and can be contacted at the following numbers: +39 011 4514701, comunicazione@viasatgroup.it.

Data Protection Officer (DPO).

The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted at the following address: privacy@viasatgroup.it.

Purpose, legal basis and principles of processing

The collection and processing of personal data is carried out for the following purposes and the relevant legal bases:

Purpose

Legal basis (art. 6 GDPR)

Establishment and execution of current contractual relationships, as well as any pre- and post-sales assistance activities

Execution of a contract or pre-contractual measures.

Legal obligation.

Operations connected to the initiation of the aforementioned relationships, including the acquisition of preliminary information for the conclusion of the Contract;

Customer relationship management for administration, accounting, orders, shipments, invoicing, services, and any extra-judicial settlement of disputes where applicable

Execution of a contract or pre-contractual measures.

Fulfillment of all operations imposed by regulatory obligations, fiscal and tax provisions and anti-money laundering provisions;

Legal obligation.

Management of possible legal litigations.

Legitimate interest of the Data Controller, strictly limited to the assessment, exercise and defense of a right

The collection and recording of data will take place in compliance with the principles of art. 5 GDPR, for specific, explicit and legitimate purposes and using methods compatible with these purposes, within the processing necessary boundaries of the business activity; in an exact way and, if necessary, updated appropriately. In a way that they result relevant, complete and not exceeding the collection purposes; in a way that their storage is limited to the period of time necessary for the purpose for which they were collected and subsequently processed according to the GDPR and the current national legislation.

Personal data may be processed by means of paper or telematic tools for recording and storing the data, and, in any case, in a way able to guarantee the security and protection of the data subject. Specific security measures will be observed to prevent data loss, illicit or incorrect use and unauthorized access in full compliance with art. 32 of the GDPR and the current national legislation.

Processing in anonymous and aggregated format

In compliance with the provisions of the contract between the Parties and current legislation, and for the purpose of improving the quality and range of services offered, the Data Controller, directly or through Group companies, will carry out analyzes and statistical processing using exclusively anonymous and/or technical data. Specifically, these activities will not involve personal data in any way, as they will be previously anonymized in a non-reversible manner.

Nature of data provision

The provision of personal data necessary for the fulfillment of legal obligations, for the establishment of the contractual relationship or for its execution, is mandatory. Failure in providing data will make impossible to follow up on the requests of the data subject or the contract execution.

The consent for the personal data processing for marketing purposes, as well as for the transfer to third parties, is optional and, once given, it can be revoked for each purpose in any moment, without any limitation to the lawfulness of the processing based on the consent obtained before the revoking. In the absence or in the event of revocation, the Writer won’t be able to send commercial communications to the data subject or transfer his data to third parties.

Anti-money laundering and anti-terrorism.

The provision of data required by anti-money laundering and anti-terrorism legislation is mandatory and any rejection precludes the required professional service and may involve the alerting of the competent supervisory body. In this regard, it should be noted that the processing of personal data connected to the anti-money laundering obligations will take place having regard to the specific execution methods imposed on non-financial operators by the Regulation on identification and retention of information foreseen by art. 3 paragraph 2 of Legislative Decree no. 56/2004 and adopted with D.M. no. 143/2006. Other information could also be taken from public sources to comply with the obligations pursuant to Legislative Decree 231/2007.

Data communication

In compliance with current regulations, personal data may be communicated, exclusively for the pursuit of the purposes mentioned in this statement, to:

  • Companies belonging to the same group;
  • Subjects to whom it is necessary to communicate the data for the execution of a contract of which the data subject is a part or for the execution of pre-contractual measures upon request of the same, as well as, in general, for the pursuit of the aforementioned purposes;
  • Subjects in charge of credit management such as, for example, factoring companies, credit institutions, debt collection companies, credit insurance companies, commercial information companies;
  • In particular, subjects who process data on behalf of the Data Controller as Processor as per art. 28 GDPR, such as, by example, but not limited to: professionals and/or companies responsible for carrying out activities in the administrative-accounting, legal, commercial, management, technical, technical-IT fields. The complete and updated list of Processors can be obtained, by the entitled, upon request to the Data Controller;
  • Subjects authorized to access the data by current legislation and/or to whom data must be communicated in execution of legal obligations.

Personal data may be processed by employees and consultants assigned to the competent offices of the Data Controller, explicitly authorized for processing on the basis of art. 29 of the GDPR and the current national legislation.

Data transfers abroad

Personal data are not transferred outside the European Community.

In the event that should arise the need of some transfer abroad, this it will be carried out only for the pursuit of the purposes related to this policy, or technicality related to the company Information System structure and/or to the application of technical and organizational measures deemed suitable by the Data Controller (art. 32 GDPR), exclusively in compliance with the articles 44 ff. GDPR. Such as: in the presence of adequacy decisions (art. 45 GDPR) and/or adequate guarantees provided that the data subjects have the rights and can bring effective actions (articles 46 and 47 GDPR), or provided that, each time, it falls into one of the specific exceptions of art. 49 GDPR.

Data storage period.

The data is kept for a period of time not exceeding the achievement of the purposes indicated in this policy. In particular, the data will be stored in our archives according to the following parameters:

  • Data processed for the fulfillment of the obligations pursuant to art. 2220 of the Civil Code: 10 years, without prejudice to any delayed payments of the fees which justify the extension;
  • Data processed for the fulfillment of anti-money laundering obligations: 10 years;
  • Data processed for purposes other than the previous ones, within the contractual relationship to which this policy refers: until the end of the contract and/or of the supply relationship or 24 months, which date of the two happens before.

In relation to the specific terms foreseen by the law, the retention time of the data necessary for the assessment, exercise or defense of a right in court could be longer.

The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically.

Rights of the data subject

The data subject has the right to obtain, in the cases envisaged, access to their personal data, rectification, cancellation, limitation of the processing that concerns him. Has the right to request its portability in a structured format (articles 15 et seq. of the GDPR), by contacting the Data Controller at the following e-mail address: info@viasatonline.it. The data subject can also ask the Data Protection Officer who can be contacted at the following address: privacy@viasatgroup.it.

Right to object

The data subject has the right to object to processing of personal data based on legitimate interest (Article 21 of the GDPR).

The data subject also has the right to withdraw consent according to the terms established in the service contract and in any case pursuant to art. 7 of the GDPR (see also the paragraph "Nature of data provision").

Right of complaint

The data subject who believes that the processing of personal data referring to him violate the provisions of the GDPR has the right to complain with the Authority, as provided for by art. 77 of the GDPR, or to activate the appropriate judicial offices (art. 79 of the GDPR).

Venaria Reale, 25/10/2023 VIASAT GROUP SPA

Utilizziamo i cookie sul nostro sito Web per offrirti la migliore esperienza utente. Facendo clic su "Accetta", acconsenti all'uso di TUTTI i cookie. Se desideri sapere di più sui cookie che utilizziamo e su come gestirli, puoi accedere alla Cookie Policy o cliccare su "Gestisci".