The writer Lutech S.p.A. informs you of the following in accordance with the European General Data Protection Regulation (Regulation EU 2016/679, hereafter GDPR) and national legislation in that regard.
Data Controller and Data Protection Officer (DPO)
The data controller is Lutech S.p.A. with operating and administrative headquarters in Via Milano, 150 - 20093 Cologno Monzese (MI) and registered office in Via Dante, 14 - 20121 Milan (MI).
Lutech S.p.A. has appointed a Data Protection Officer, who can be contacted at the following email address: DPO@lutech-group.com.
Legal Basis and Purposes of the Processing
The legal basis that legitimises the processing indicated below is your consent, which you - in the capacity of Data Subject - are free to give or withhold and which you may withdraw at any time.
The processing of your personal data will be based upon principles of fairness, lawfulness, transparency and protection of your confidentiality and your rights.
The personal data will be processed by authorised personnel of Lutech and of the Lutech Group companies, adequately instructed, by way of communications sent by various channels (email, SMS, post…) or managed with telephone calls.
As established by Art. 12 of the GDPR, Lutech S.p.A. informs you that your personal data, indicated in the table, will be processed using paper, IT or electronic tools for the following purposes:
|Purposes||Personal Data||Categories of Recipients|
|To advertise, promote and market, even by sending advertising/informative/promotional material, products and services of Lutech S.p.A., the Lutech Group and its Partners||Common data including personal details, residential address, telephone numbers and email||
|Economic and statistical analysis (for example telephone interviews on services provided or solutions supplied), including performing market research and administering surveys||Common data including personal details, residential address, telephone numbers and email||
|Sending of updates on new initiatives such as events/workshops/webinars as well as on technical and/or sales training activities||Common data including personal details, residential address, telephone numbers and email||
Transfer of Personal Data
The Controller requires its suppliers (Third Parties) and Processors to respect security measures equal to those adopted in relation to the Data Subject, restricting the perimeter of action of the Processor to processing connected with the requested performance.
The personal data provided will not be disseminated to other recipients beyond those specified in the above table.
The Controller, in line with the provisions of recital no. 49 of the GDPR, processes, even by way of its suppliers (third parties and/or recipients), the personal data of the Data Subject to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of security, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data.
The Controller will promptly inform the Data Subject if there is a risk of violation of his or her personal data, subject to the obligations deriving from the provisions of Art. 33 of the GDPR in relation to notifications of personal data breaches.
Rights of the Data Subject
The GDPR, as well as guaranteeing the right to lodge a complaint with the Supervisory Authority, which, for Italy, is the Autorità Garante per la protezione dei dati personali, grants to you the following rights:
- Right of access (art. 15): The Data Subject may obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed and may obtain further information, including the purposes of the processing, the categories of personal data and the recipients.
- Right to rectification (art. 16): The Data Subject may obtain from the Controller the rectification of inaccurate personal data.
- Right to erasure (art. 17): The Data Subject may request the erasure of personal data concerning him or her where one of the grounds provided by that article applies, including: withdrawal of consent, unlawful processing and exercise of the right of defence.
- Right to restriction (art. 18): The Data Subject may obtain the restriction, configurable as a total or partial suspension of the data processing or even in some cases an immobilisation of the same. This may be requested only in exceptional cases expressly determined by the rule, including the period enabling the controller to verify the accuracy of the personal data, unlawful processing, exercise of a right during judicial proceedings.
- Right to data portability (art. 20): The Data Subject has the right to ask that the data concerning him or her are transmitted, in the exercise of his or her rights, in an easily comprehensible format.
- Right to object (art. 21): The Data Subject may, on grounds related to his or her particular situation, object to the processing concerning him or her pursuant to Art. 6 paragraph 1, points e) and f).
- Right not to be subjected to automated processes (art. 22): The Data Subject may object to being subject to a decision based solely on automated processing which produces legal effects concerning him or her or similarly significantly affects him or her.
If you have any doubts or require clarifications and also to exercise your rights, please contact the Controller by writing to the following address: https://lutech.group/en/privacy-rights
We inform you that if you decide to exercise one or more of the above rights, your personal data will be communicated by the Controller to the processing recipients for the connected fulfilments (art. 19 of the GDPR).
Personal data storage time
Your personal data will be stored for three (3) years, the minimum time that allows for the secure and correct management of the same (in terms of confidentiality and integrity); once that period has elapsed, they will be erased or made anonymous.
If the erasure of the personal data is requested, they will be removed from our databases, within the 30 days envisaged by Regulation EU 679/2016.
Granting and withdrawal of consent
The provision of consent for processing your personal data is not mandatory and any refusal to provide it will not determine any consequence, other than the impossibility of receiving commercial and promotional communications (such as participation in exhibitions and events, webinars, promotional campaigns…) by Lutech S.p.A. and the companies of the Lutech Group related to the products and/or services supplied by them.
At any time, you may give your consent to one or more of the indicated purposes by connecting to the address: https://lutech.group/en/marketing-consent-signup
Similarly, you may withdraw the consent provided by connecting to the address https://lutech.group/en/marketing-consent-removal or by sending at any time a response email to the marketing communications received.