Welcome to ACS Data Systems Spa.
One of our primary goals is to ensure the protection of your personal data.
Therefore, in accordance with Article 5 of the European General Data Protection Regulation No. 2016/679, we ensure that the data: a) are processed lawfully, fairly and in a manner comprehensible to the data subject by ACS, b) are adequate, relevant and limited to what is necessary for the purposes of the processing, c) are accurate and, where necessary, kept up to date, d) are collected only for specified, explicit and legitimate purposes.
ACS Data Systems Spa uses separate procedures and systems to protect the stored personal data. Access to personal data is only permitted to authorized employees within the scope of their work activities.
Specific security measures have been taken to prevent the loss, unlawful or incorrect use of and unauthorized access to personal data and to ensure its security and confidentiality. In addition, security procedures and physical restrictions have been implemented at the technical level to prevent access to and use of personal data stored on our servers.
The Data Controller is ACS Data Systems Spa with registered office in 39100 - Bolzano (BZ), Via Luigi Negrelli 6 (hereinafter "ACS" or "Controller").
Personal data may be processed by employees and collaborators of the various business functions of the Controller, including Sales and Purchasing, Administration and Accounting, IT, Marketing, and Human Resources. The employees and collaborators in question have been explicitly authorized to process the data, have received appropriate instructions on how to do so, and have been sensitized and trained in this regard.
Personal data may be processed for the following purposes:
Legal basis: performance of a contract ex art. 6 letter b) of the GDPR, and legal obligation ex art. 6 letter c) of the GDPR
Legal basis: legitimate interest ex art. 6 letter f) of the GDPR aimed at carrying out our economic activity
Legal basis: pre-contractual ex Article 6 letter b) of the GDPR
Legal basis: consent of the Data Subject ex art. 6 letter a) of the GDPR, optional and revocable at any time; legitimate interest ex art. 6 letter f) of the GDPR for products or services like the object of the contract by e-mail, with the right to object from the first communication or at the time of subsequent communications (so-called soft spam, art. 130, paragraph 4, Privacy Code and s.m.i.)
Legal basis: consent of the Data Subject pursuant to art. 6 letter a) of the GDPR, optional and revocable at any time; legitimate interest pursuant to art. 6 letter f) of the GDPR for products or services similar to the object of the contract by e-mail, with the right to object from the first communication or on the occasion of subsequent communications (so-called soft spam, art. 130, paragraph 4, Privacy Code and s.m.i.)
Legal basis: consent of the Data Subject ex art. 6 letter a) of the GDPR, optional and revocable at any time
Legal basis: legitimate interest ex art. 6 letter f) of the GDPR aimed at protecting its rights and preventing unlawful
Legal basis: legal obligations ex art. 6 letter c) of the GDPR
The Controller may collect and process the following types of data for the purposes indicated above:
In relation to the purposes previously indicated, personal data may be processed on paper, or by means of computer and telematic tools (e.g. e-mail, newsletters, use of management software, registration on our websites or on our platforms, etc.), ensuring in any case the security and confidentiality of data processed, in full compliance with current regulations.
The personal data processed are usually subject to decision-making based on human intervention, but they could also be subject to partially automated decision-making. In the latter case, human involvement is in any case ensured through effective control by persons who have the authority and competence to intervene in the final decision. Specific security measures are observed to prevent data loss, illegal or incorrect use and unauthorized access.
The personal data collected or voluntarily communicated by the Data Subject are processed by the Controller within the European Economic Area (EEA).
Personal data will be processed by the Controller for a period strictly necessary to achieve the purposes set forth in this Policy. This means that the data collected will be destroyed or deleted from the systems or archives of the Controller, should their retention no longer be necessary, and in any case not beyond the terms provided for by law.
In relation to the above purposes, personal data will be communicated, if necessary, to third parties such as, by way of example:
The personal data processed by our company are not subject to disclosure. ACS does not sell or give away your personal data.
At any time, as a Data Subject, you may exercise your rights vis-à-vis the Controller, provided for in Articles 15 to 22 of the GDPR, where applicable, namely:
With regards to the methods of exercising the rights provided for, you may send a request with the subject: "exercise privacy rights" to the Controller or the Data Protection Officer, at the addresses provided in the above Information Notice.
Please note that you have the right to lodge a complaint to the Italian Data Protection Authority through the website www.garanteprivacy.it., or with the supervisory authority in the Member State in which you normally reside or work or in which the alleged violation occurred (art. 77 GDPR).
The complete Policy is accessible at https://infinitys.it/en/privacy-policy/, as well as in paper or digital format at the registered office of the Controller. If expressly requested by the Data Subject, the information may also be provided orally, provided that the identity of the applicant is proven.
This Policy may be subject to amendments and additions, also to incorporate changes in national and/or European Union legislation. To stay up to date, please visit this page regularly. If substantial changes are made to this Policy, for example changing the purposes of processing and / or categories of data processed, the Controller will inform you, requesting, if necessary, consent to treatment.
In addition to the provisions set out in the preceding paragraphs, the following provisions apply to the processing of personal data relating to users and visitors (hereinafter also only "User" or "Users") of the INFINITYS website (hereinafter also only "Website").
When you visit one of our websites, fill in the registration forms to use certain services or receive information, or access restricted areas Personal data is collected and processed in full compliance with the fundamental principles and security policies set out above.
The information systems and software procedures used to operate the Website gather, during their normal operation, some personal data, the transmission of which is involved in the use of Internet communication protocols. This information is not collected in order to be linked to identified data subject, but by its very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes, for example, IP addresses or the domain names of the computers used by Users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, and other parameters relating to the User's operating system and computer environment.
These data are used solely for the purpose of obtaining statistical information on the use of the Website, to check its correct functionality and to allow you to take advantage of certain services on the Website itself. Furthermore, the data is used in an anonymous form, without automatic association with any other information provided by the User. The legal basis of the processing is the legitimate interest of the Controller ex art. 6 letter f) of the GDPR. Their storage will take place for the time strictly necessary to pursue the above-mentioned purposes, and in any case not beyond the terms of the law.
The data in question could be used to verify responsibility in the event of any computer crimes that create damage to our Website and its Users.
The voluntary, explicit, and optional sending of e-mails to the addresses indicated on the Website implies the subsequent acquisition of the e-mail address and of the User's data necessary to reply to the requests, as well as any other personal data included in the communication.
The User's data - by way of example, e-mail address, company name, telephone number, etc.. - will be processed by the Controller:
a) for the handling of requests related to the performance of the contract of which you are a part, including the pre-contractual stages (e.g. response to your request for contact, technical support), as well as
b) for sending, through various communication media (e.g. e-mail, SMS and MMS, fax etc.), information about our products, services, events and other initiatives that we believe to be of interest to you. If you subscribe to our newsletter by filling out the form on the Website, you will consent to the sending of periodic electronic communications of an informative or commercial nature related to our business, including advertising and informative material, commercial and marketing communications, invitations to internal or external events and for participation in market research.
The legal Basis of the treatment is, with reference to point a), pre-contractual ex art. 6 letter b) of GDPR, whereas, with reference to point b) is the consent of the interested party ex art. 6 letter a) of GDPR, optional and revocable at any time, as well as the legitimate interest of the Controller ex art. 6 letter f) of GDPR to promote directly to its customers products or services, similar to those sold or provided, through e-mail communications (so-called “soft spam”). In case of commercial communications or subscription to the newsletter, you can always refuse the sending of communications, or unsubscribe from the newsletter (including through the use of the “opt-out” function present within each e-mail received). In this way, you will declare that you no longer wish to receive messages and to delete your personal data from the contact list held by the Controller. The memorization of the collected data will take place until the express withdrawal of consent by the Data Subject, and in any case not beyond the terms of the law.
Our Website and applications provide content of a commercial nature and are specifically intended and designed for use by adults. We recognize the need to protect data relating to children, particularly in the online environment, and, therefore, we would like to inform you that consent to process is only applicable if you are an adult or a child 16 years of age or older.
Last update: 26/10/2021