ICS TECHNICAL AND SERVICES SOLE SHAREHOLDER S.r.l.
INFORMATION PURSUANT TO ART FROM 13 TO 22 OF REG. CE 679/16 ON THE PROVISION OF ELECTRONIC COMMUNICATION SERVICES
General regulation on the protection of personal data and legal basis of the processing.
With this deed, and pursuant to art. from 13 to 22 of Reg CE 679/2016, ICS Technical and Services SRL sole shareholder as the data controller wishes to inform you of the way in which it processes the personal data of its customers in relation to the electronic communication services subject to the contractual relationship.
The Data Protection Officer can be reached at the address [email protected] and [email protected]
The treatments are performed pursuant to art.6 paragraph I letters b), e), f) Reg. CE 679/2016 in order to provide the Customer with the requested services and to comply with legal obligations exclusively on the following legal bases:
- L. 633/41 – Copyright law
- D.lgs. 68/03 – Implementation of DIR 29/01/EU
- D.lgs. 70/03 – Implementation of DIR 31/00/EU
- D.lgs. 196/03 – Personal data code
- D.lgs 259/03 – Electronic Communications Code
- D.lgs. 206/05 – Consume Code
- D.lgs. 30/05 – Industrial property code
- D.lgs. 82/05 – Code of digital administration
- L. 40/2007 – Urgent measures for the protection of consumers (Bersani Law)
- L. 48/08 – Transposition of the European Convention on Cybercrime
- Reg. CE 679/16 – General regulation on the protection of personal data
- Civil Code
- Code of Civil Procedure
- Penal Code
- Code of Criminal Procedure
- Provisions of the ordinary and administrative judicial authorities
- Provisions of the Autonomous State Monopoly Company
- Provisions of the Authority for the guarantees in communications
- Provisions of the Antitrust Authority for the competition and the market
- Provisions of the Authority for the protection of personal data.
1 – Type of data processed and retention period
1.1 The types of data processed are:
- Name, surname
- Place and date of birth
- Tax code / VAT number
- Residence / registered office
- Client code
- Migration codes
- Authentication credentials for access to the control panel
- Authentication credentials for access to equipment on loan
- IP numbers
- Domain names
- Telematic traffic data
- Telephone traffic data.
1.2 – Retention period
ICS Technical and Services SRL Sole Shareeholder keeps the Customer’s personal data for the duration provided for by the civil code, the criminal code and the laws, regarding liability, prescription and cooperation with the Judicial Authority. After this period the data is destroyed.
2 – Purpose of the treatment
2.1 – Purposes required by law, essential for the fulfillment of contractual obligations, protection of company law in relation to Customers and Users
- Management of pre-contractual relationships
- Fulfillment of contractual obligations
- Compliance with regulatory obligations
- Protection of company law
- Fulfillment of orders from the judicial and / or independent authorities.
3 – Types of treatments performed on personal data
- Collection by filling in contractual forms
- Upload to information systems for contractual, administrative and technological management
- Communication to network manager for managing lines and telephone numbers
- Communication to IP database managers – RIPE NCC EU (“Reseaux IP Europèens” Network Coordination Center – European Registry for IP assignment)
- Making available to an investee / subsidiary company for the management of customer assistance
- Communication to logistics, transport and shipping service providers (for example for the delivery of equipment)
- Communication to public bodies and authorities after processing (selection, research, extraction) of traffic data (for example, investigations by the Guarantors and Judicial Authorities)
- Selective blocking of connections to network resources made unreachable by order of the public authorities (unauthorized online gaming sites, e-commerce sites indicated as fraudulent by the authorities, etc.)
- Selective and automated filtering of traffic through antivirus, antispam and intrusion detection systems
- Processing of information relating to the telephone caller number (date, time and duration) to allow the Customer to verify the reporting, or the duration of the data connections (IP and TCP / IP protocols, SMTP etc.) to verify the use of the service
- Automatic storage of contents (insofar as it is provided for by the contract and / or the Customer has not autonomously deleted the contents)
- Sending and receiving e-mails
- Segregated storage of personal data that should be kept compulsorily for regulatory compliance purposes, by moving to separate systems / storage media distinct and separate from those used for ordinary activities and protected by specific security measures
- Cancellation at the request of the interested party (also following the exercise of the right to remove from the DBU (Single Data Base of telephone numbers – source from which the telephone directory managers draw) or following the termination of the legal basis for the processing.
4 – Localization of data
The data centers used by single member ICS Technical and Services SRL are located in the European Union.
5 – Scope of communication and dissemination
The Customer is informed that:
- due to the nature of the TCP / IP protocol (Transmission Control Protocol / Internet Protocol) and the technical and organizational structure of an internet network, the data (and therefore also the general ones) that the Customer sends and receives can also transit outside the UE, for example because the routing of information packets is defined by the managers of the networks they make up, the “great Internet”
- the data it enters when requesting the assignment of IP numbers can be published by European entities (such as RIPE, the European Register of network numbering assignments)
- the data you enter when registering a domain name can be made available through the Whois services of the Registry for the ccTLD.it (country code Top Level Domain) and .EU even outside the EU, or through the Whois services of other suppliers of domain name registration services located outside the EU. ICS Technical and Services SRL a socio unico is unrelated to these treatments and the Customer must directly contact the individual Data Controllers also to activate, where available, the masking functions of the contact information
- the data generated by navigation are managed locally by the client’s computer and software. The Customer must therefore manage these technological components, adopting adequate measures to control and limit the personal data that enters the network through the use of secure protocols, VPNs and other available technologies.
- the DNS (Domain Name Server) systems automatically manage the IP / domain name conversion to respond to the connection request originating from the Customer’s systems. The Customer can freely choose which DNS to use, even different from those provided / recommended by ICS Technical and Services SRL a socio unico. Access to the DNS of ICS Technical and Services SRL with a single shareholder can be monitored and blocked by ICS Technical and Services SRL with a single shareholder on behalf of the judiciary and / or independent Authorities by virtue of specific provisions
- the anti-spam systems commonly used in the sector involve the use of blacklists managed by third parties. The Client’s IP and / or domain could be included – for reasons beyond the control of ICS Technical and Services SRL a socio unico – in the blacklists in question, making it impossible to send / receive e-mails. ICS Technical and Services SRL a socio unico has no legal right to intervene on the managers of the blacklists, which can also be located outside the EU
- the Italian National CERT (Computer Emergency Response Team) of the Ministry of Economic Development carries out Info Sharing activities continuously and in total autonomy with the other CERTs of the European Union that involve the public IPs of the Italian network, and therefore also those of the Customer. The results of the IP activities of the Customers could be communicated to ICS Technical and Services SRL a socio unico, but there is no information on who else has access to the data in question. ICS Technical and Services SRL with sole shareholder is completely unrelated to these activities, to the results produced, as well as to the times and methods of the same
- the hosting and e-mail transport services do not prevent the Customer from using cryptographic technologies, and the prior delivery of the decryption keys is not required. This does not mean that in the event of an order from the competent Authorities, the data stored by the Customer can still be delivered even if encrypted.
- third-party services – such as Office365 or cloud services – even if marketed by ICS Technical and Services SRL a socio unico are subject exclusively to the specific regulation defined autonomously by the supplier itself. The Customer is therefore required to verify the communication and dissemination policies – and in general of treatment – of the personal data adopted. In particular, the Customer is informed that Microsoft and / or other third party services imply the possibility, for Microsoft and / or its appointees and / or other third parties and respective appointees, to perform direct checks on the services purchased through ICS Technical and Services SRL with single shareholder
- the provision of access services in other countries can take place through agreements with other local telecommunications operators that are subject to the regulations of their country of establishment. This may imply, in the case of China, that some services such as VPNs may be subject to control by the state or that, in the case of the USA, the data stored with the provider are directly accessible to the Authorities and intelligence services. or that, as in the case of Russia, data must be compulsorily stored within state borders
- the activities for legal purposes – wiretapping, access to traffic data and other technical interventions – are covered by investigative secrecy and, without a specific order from the Judicial Authority, they cannot be the subject of information to the Customer
- the logs generated by the customer’s systems are his property and therefore the customer has the right to obtain a copy
- Cyber security services that use specific dedicated devices (appliances) possibly requested by the Customer are provided through third-party equipment and software. Nature and extent of the communication and / or dissemination of the data generated by the devices in question are decided directly by the manufacturer of the device and ICS Technical and Services SRL a socio unico has no legal title to modify these technological choices. In particular, the Customer is informed that the use of security appliances could imply, on the part of the manufacturer, the activation of monitoring, telemetry or other services aimed at obtaining access to the device itself.
- the devices granted on loan to the Customer are under the control of ICS Technical and Services SRL a socio unico who has the possibility – through specifically appointed system administrators – to access them for technical assistance.
6 – Security measures
6.1 – Technical measures
- A Data Protection Officer (RPD or DPO, Data Protection Officer) is appointed
- System administrators are identified
- The persons authorized to process the processing are identified
- The processing and organizational / technical choices affecting personal data security involve the Data Protection Officer
- Vulnerability tests of information systems and network infrastructure are carried out and planned
- There is an IT emergency management procedure
- There is a Data-Breach management procedure.
7 – Exercise of the rights referred to in articles 13-25 of EC Reg. 679/2016
The EC Reg. 679/16, in articles 13 to 22, guarantees the interested party various rights including those to obtain the rectification of the data processed by ICS Technical and Services SRL a socio unico and the cancellation of the same or the blocking of the treatments.
The rights can be exercised by contacting the Data Protection Officer, reachable at the address: [email protected] and [email protected] indicating exactly the personal data affected by the request and the reason for the request for modification, updating, cancellation, blocking and portability.
The request must be addressed to ICS Technical and Services SRL a socio unico – Data Controller, at the registered office of the company together with an identity document of the applicant.
Within thirty days of receiving the request, ICS Technical and Services SRL a socio unico will communicate the acceptance of the request or its refusal (in the latter case, analytically motivating the reasons for the decision).
In case of exercise of the rights through delegates, the request must also contain a proxy with specific attribution of the power to request and receive the replies and a copy of the identity document of the delegate.
Within thirty days of receiving the request, ICS Technical and Services SRL a socio unico will communicate the acceptance of the request or its refusal (in the latter case, analytically motivating the reasons for the decision).
It is always possible to assert the rights guaranteed by the EC Reg. 679/2016 by contacting the Guarantor Authority for the protection of personal data or the ordinary Judicial Authority.
Attention: This communication is provided in compliance with the correctness of the existing contractual relationships and therefore relates exclusively to them. The dissemination of the communication or its contents and in any case any illegal use of it aimed at damaging the image of ICS Technical and Services or causing damage to it, will be prosecuted according to law.