Real Estate Managers

In implementation of EU Regulation no. 679/16 (GDPR) the following concise general information is provided to interested parties, customers and service users:

• identity and contact details of the data controller: the data controller is the legal representative for “Svicom Sviluppo Commerciale” r.l., 20122 Milan, Galleria del Corso n.1, Tax Code./VAT no: 05815490726; REA: MI- 1963696; p.e.c.: svicomsrl@legalmail.it; e-mail: info@svicom.com.
• Contact details of the data protection officer (D.P.O.): the data controller has appointed Marco Pagliara (lawyer) as data protection officer, who can be contacted with the following e-mail addresses for any request: e-mail: rdp@svicom.com; p.e.c.:pagliara@pec.it; avv.pagliara@tiscali.it , or by telephone (tel. cell. 338 9521190).
• Categories of data and processing methods: the processing may concern personal identification data (e.g. contact details, personal details, location); indirect identification data (e.g. IP addresses); specific categories of data (e.g. biometric data); data relating to electronic communications (e.g. by post or via the Internet). The data is collected and processed from concerned parties using automated and/or analogue methods.
• Purpose of the handling of personal data: the personal data of the parties concerned will be used for the following purposes: a) For consultancy, development, administration and marketing of commercial complexes, as well as the marketing and management of commercial premises, promotion and assistance in the management of associations or Consortia of retailers; for the performance of consultancy activities and the performance of contractual services; b) For marketing purposes (e.g. promotional activities, events), by sending commercial information and/or advertising material, aimed at carrying out campaigns; for participation in games, competitions and prize-winning activities, as well as for the delivering services for biometric data (images, videos) of customers and users participating in promotional activities may be processed for purposes related to the promotion of the activities in the Shopping Centres managed or under contractual management, through publication and circulation in any form on the websites, on paper and other means (social networks), for advertising and promotional purposes, concerning the development, management and marketing of the Shopping Centre’s activities, as well as the marketing and management of commercial premises, promotion and assistance of Associations or Consortia of retailers; c) for purposes relating to the detection of tastes, preferences, habits and the degree of customer satisfaction; for market research and other operations directly or indirectly related to promoting activities, carried out by automated means, by means of computer systems; d) Biometric data acquired by means of video surveillance systems will be processed by employees appointed as directors of the Shopping Centres, for purposes of asset protection, security and management of any events.
• Legal bases of the processing of data: the legal bases of the processing are normally made up of: a) written consent, or expressed with unequivocal positive actions by the parties concerned; b) execution and management of the contracts; c) legitimate interest for reasons of security, protection of assets, management of damaging events; d) the fulfilment of legal obligations.
• Recipients or categories of recipients of personal data: personal data may be transferred to parties who have an agreement with the data controller (e.g. Shopping Centre Consortia); to parties appointed as external data processors (consultants, IT companies, hosting providers, service providers); to affiliated companies. Personal data provided will not be distributed, except with explicit, free and specific consent; they may be communicated to third parties in collaboration with the data controller or for the fulfilment of legal obligations. The third parties will be bound to absolute confidentiality regarding any information. Third parties are, by way of example only: supervisory and control bodies, collaborators of the data controller for the management and/or maintenance of information systems, such as system administrators and/or consultants, communication agencies and/or professional firms.
• Intention of the data controller to transfer personal data to a non-EU country: there are no transfers of data outside the EU. If there is a need to transfer data outside the EU, the processing will be regulated in accordance with the provisions of Chapter V of EU Reg. 679/2016, with checks on the suitability of the recipient countries, or on the presence of adequate guarantees or binding corporate rules, or on the presence of specific exceptions and subject to prior authorisation and communication by the data subjects.
• Retention period of personal data and criteria used to determine it: personal data will be kept until the purposes for which they are acquired and processed are achieved, according to their usefulness and topicality, in any case, no more than 10 years after collection or termination of the relationship; they will also be kept for a period of 10 years, by virtue of the criteria relating to the ordinary statute of limitations of rights, or for longer periods in case of interruption of prescriptive periods or for legitimate interest by the data controller, exercised after communication with the data subjects and by limiting the use of the data.
• Rights of the data subject: the data subject is informed about the right to ask the data controller for access to, correction or elimination of personal data, to limit and object to the processing, as well as the right to data transferring, governed by Articles 15 et seq. of EU Reg. 679/16 (to exercise any of these rights send a request to: info@svicom.com; or to the DPO: pagliara@pec.it; avv.pagliara@tiscali.it).
• Information to data subjects: data subjects are informed of the right to withdraw their consent at any time, by electronic communication or in any written form, where the data processing is based on this legal basis and without affecting the lawfulness of the processing based on the consent given prior to the withdrawal of consent, and of the right to lodge a complaint with a supervisory authority (Privacy Guarantor). The communication of personal data may be necessary for the indicated purposes of the handling, in order to access the services provided.
• In case of automated decision making processes, including profiling, we will use logic inherent to marketing objectives, prepared in the interest of the data controller and the interested parties, according to criteria aimed at managing the relationship with advertisers, improving campaigns, assisting commercial departments in the development of digital strategies; the same decision making processes are necessary for the execution of activities and the performance of the contractual services. The interested party may always communicate in writing to oppose the aforesaid handling, also by means of electronic communication to the addresses indicated above. In this case, the owner will take prompt action, ceasing or restricting the processing of data of the interested parties.

GENERAL INFORMATION UNDER ART. 14 GDPR NO. 679/16

In compliance with EU Regulation no. 679/16, customers and users of the services are provided with the following concise information of a general nature, in the case of data not obtained directly from the data subject:

• identity and contact details of the data controller: the data controller is the legal representative for “Svicom Sviluppo Commerciale” r.l., 20122 Milan, Galleria del Corso n.1, Tax Code./VAT no: 05815490726; REA: MI- 1963696; p.e.c.: svicomsrl@legalmail.it; e-mail: info@svicom.com.
• Contact details of the data protection officer (P.O.): Marco Pagliara (lawyer), e-mail: rdp@svicom.com; p.e.c.: avv.pagliara@pec.it.
• Purposes of the handling of personal data: personal data will be processed for purposes relating to consultancy, development, administration and marketing of commercial complexes, as well as the marketing and management of commercial premises, promotion and assistance in the management of associations or consortia of retailers, for the performance of consultancy activities and the provision of services. For direct marketing purposes (promotional activities, events).
• Legal bases of the handling of data: the legal bases of the processing may be constituted, alternatively, byby the consent, expressed through declarations or unequivocal positive response from the data subjects, pursuant to art. 4 GDPR, or by the execution of specific contracts or services, or by the fulfilment of legal obligations of the data controller, or by legitimate interest for reasons of security and protection of assets.
• Data source: the data is acquired by means of software commonly used by the data processing partners (Svicom srl and the Shopping Centre).
• Categories of personal data: common and specific, i.e. personal and location, contact details, revealing racial or ethnic origin.
• Recipients or categories of recipients of the personal data: partners (e.g. shopping centre consortia), external data processors (tax consultants, IT companies, hosting providers, postal couriers), subsidiaries and joint holders of data processing, real estate, publishing, financial and consumer goods sectors companies.
• Intention of the data controller to transfer personal data to a non-EU country: there are no transfers of data outside the EU. If there is a need to transfer data outside the EU, the processing will be regulated in accordance with the provisions of Chapter V of EU Reg. 679/2016, with checks on the suitability of the recipient countries, or on the presence of adequate guarantees or binding corporate rules, or on the presence of specific exceptions and subject to prior authorisation and communication by the data subjects.
• Period of retention of personal data and criteria used to determine it: until the purpose of the personal data is achieved, in any case no later than 10 years from the termination of the relationship, depending on the criteria relating to the ordinary limitation period of rights, or for longer periods in case of interruption of the required period or for legitimate interest from the owner of the relevant data and after communicating the same to the data subjects.
• The interested parties are informed of the right to ask the data controller for access to personal data, amendment or cancellation, the limitation of processing, to oppose their processing, as well as the right to data portability, governed by Articles 15 et seq. of EU Reg. 679/16, to exercise these rights you can contact the following e-mail address: “rdp@svicom.com“.
• Data subjects are informed of the right to withdraw consent at any time, even if the handling of data is completely legal. This can be done by contacting the following e-mail: info@svicom.com, without compromising the lawfulness of the data processing based on the consent given before the revocation, as well as the right to lodge a complaint with a supervisory authority (Privacy Guarantor).
• Supplying personal data is necessary for the purposes of processing data, for the purposes of any contracts and to access the services offered.
• For the implementation of automated decision-making processes, including profiling, a rationale inherent to the interests of the company and its clients will be used, according to criteria aimed at managing the relationship with advertising investors, improving their campaigns and supporting the commercial departments in the development of digital strategies; these are necessary for carrying out activities and the performance of contractual services according to the preferences of the interested party. The interested party may always contact the following e-mail address to oppose the aforementioned processing: “info@svicom.com“.

ADDITIONAL WEBSITE PRIVACY INFORMATION

This policy provides the interested parties, users of the website, with additional information in addition to the general information, pursuant to art. 13 EU Reg. no. 679/2016 by the Data Controller, published in the privacy section, of which it is an integral and additional element.

The contact details of the Data Controller and/or the DPO, where designated, can be found on the website, in the contacts section, or in the aforementioned general privacy policy. The same can be used for the exercising privacy rights (provided for by Articles 15 et seq. of EU Reg. 679/16) of access, amendment, cancellation, limitation, portability and opposition or for the revocation of consent to the processing of data given for a specific purpose. You may always refer to the information contained in the aforementioned general privacy policy, drawn up in accordance with art. 13 GDPR, by sending a request to the Data Controller or to the DPO, if designated, or by submitting a complaint to the Privacy Authority, if applicable.

CATEGORIES OF PERSONAL DATA HANDLED BY THE WEBSITE

The Data Controller processes common personal data (personal details, contact details, etc.) of the “interested” user, voluntarily disclosed.

The supply of personal data may take place by filling in specific “forms”, present in sections of the website, or via communication to customer service or by sending requests by e-mail.

In particular, the following types of personal data are processed.

DATA RELATING TO THE RUNNING OF THE WEBSITE

The computer systems responsible for the running of the website acquire the following personal data, the transmission of which takes place using internet communication protocols: IP addresses; type of browser used; addresses of websites or accounts from which access has been made; data relating to the time of access, parameters relating to navigation, etc..

The information acquired is indirect in nature, but may allow users to be identified through analysis and comparison with other data held by third parties.

DATA RELATING TO CARRYING OUT PROMOTIONS AND “PROFILING”.

Subject to the provision of ” unrestricted and explicit” consent by the user, which can be achieved by means of specific advertising campaigns, the contact data provided may be used for forwarding promotional announcements (so-called direct marketing).

The service may be personalised, according to the preferences expressed by filling in the specific sections (so-called “profiling”).

The personal data requested is common data (personal details, contact details, e-mail, etc.) and is provided by the user in question to allow him/her to identify him/herself or to perform the service requested (sending newsletters, advertising promotions). Additional data may be provided and used for carrying out personalised services.

Supplying data for the aforementioned purposes (marketing and profiling) is optional, therefore, the user concerned may always refuse consent, or withdraw it at any time, without affecting the lawfulness of the data handling carried out before the withdrawal. Consequently, failure to grant or revoke consent to the handling of data for the aforesaid purposes (marketing and profiling) may not constitute grounds for denial of access to the system for the user concerned. The Data Controller, in this case, may not send commercial information to obtain promotions, nor may it personalise forwarding the same information according to the preferences expressed by the interested party.

If the user uses social network authentication for site registration, the details of the account will be requested, specified in the “pop-up” window, which is displayed at the time of request. Through the social platform, the user can activate or deactivate the ability to allow him/her to transfer and share personal data provided or his/her social network to other third-party websites or applications. At any time, you can deactivate sharing your account data by accessing your service provider’s settings.

PURPOSES OF THE DATA HANDLING FOR WHICH THE PERSONAL DATA IS INTENDED

Browsing data is processed by subjects authorised by the Data Controller, in order to allow access to sections of the website and to participate in promotions, games, competitions; for the evaluation and digital coupon offers, for awarding prizes related to participation, to respond to requests received by e-mail. In such cases the legal basis is the execution of pre-contractual measures or the contract; or legitimate interest to allow maintenance of the site, to check its functionality and to obtain statistics in relation to its use.

DATA RELATED TO THE IMPLEMENTATION OF PROMOTIONAL, MARKETING AND MARKET RESEARCH ACTIVITIES

Subject to obtaining express and clear consent from the user, and until it is revoked, the Data Controller may: – carry out marketing activities, i.e. activities like subscription to the newsletter; market research; sending information and promotional material; advertising activities relating to products and services; surveying user satisfaction with the quality of the products and services, as well as the activity carried out by the Data Controller; – carry out directly, or through companies specialised in remote communication techniques (via SMS, MMS, fax, automated telephone calls, e-mail, messages on web applications) and traditional (mail and telephone calls), personal or telephone interviews; administration of questionnaires; statistical surveys; – carrying out analysis on consumer habits or choices, to define the user profile, using the information provided by the customer at registration when filling in questionnaires, i.e. on the basis of actions carried out while surfing the web or through interaction with adverts published on social networks. The Data Controller may allow users to publish news or communications (so-called “posts”) directly on the website or on sites managed independently by third parties (facebook, twitter, etc…), with which the Data Controller has reached agreements in this sense.

In all the aforementioned cases, the legal basis for the data processing is the consent, specifically given by the party concerned, which may be revoked at any time, without affecting the processing of data already carried out by the Data Controller prior to revocation. The aforementioned consent to the processing of personal data is optional and voluntary. To revoke the consent given for the aforesaid purposes, a request may be sent to the contact details of the Data Controller or to the DPO, where appointed, indicated in the general information pursuant to art. 13 EU Reg. no. 679/16 or published on the website, or simply by selecting the appropriate section of the Data Controller’s website.  By selecting this option, in the registration section on the home page, or by communicating the request for revoking consent, the personal data provided by the customer will be completely removed from the system (and databases) and promotional messages will no longer be sent to them.

The processing of the above mentioned personal data may be carried out only for legal obligations, or for managing disputes; the legal basis for the processing is in the interest of the Data Controller.

WAYS OF PROCESSING AND RECIPIENT CATEGORIES. OUTSIDE EU TRANSFERS

The data provided, directly or indirectly, will be processed automatically, following procedures related to the purposes indicated and using archives managed by the Data Controller or by third parties appointed as external data processors.

The Owner undertakes to adopt suitable security measures to protect the data of the parties concerned and to use protected data transmission protocols.

The data of the users concerned is stored on servers located in the EU, in the case of electronic platforms (Google or SAP Customer Data Cloud), may be transferred by the Owner to non-EU territory, in compliance with the law and after checking adequate safeguards.

The data received from the web service is not disclosed and may be processed by authorised employees or collaborators of the Data Controller, who operate under its direct authority or by system administrators or communicated to third parties appointed as external data processors.

RETENTION PERIOD

The personal data provided by third parties is kept for the time necessary to achieve specific purposes and according to its relevance.

In particular, the data used to obtain anonymous statistical information on site usage, and to check its functionality, is kept for the time necessary to request cancelling the service.

Personal data provided for marketing and “profiling” purposes may be processed for the time necessary to keep up to date, within a maximum of 10 years from collection (web document Privacy Guarantor no. 2920245; no. 2547834; no. 2499354; no. 8998319) and in any case until the withdrawal of consent.

Data relating to participation in competitions may be stored until the ordinary statute of limitations of rights of obligation (10 years), in which case the processing will be limited. Personal data processed in order to comply with the data subject’s request for information may be kept for as long as necessary to meet legal requirements for the protection of rights.

INFORMATION FOR CANDIDATES PURSUANT TO ART. 13 GDPR NO. 679/16

In implementing EU Regulation no. 679/16, the following concise general information is provided to aspiring workers and collaborators:

• identity and contact details of the data controller: the data controller is the legal representative for “Svicom Sviluppo Commerciale” r.l., 20122 Milan, Galleria del Corso n.1, Tax Code./VAT no: 05815490726; REA: MI- 1963696; p.e.c.: svicomsrl@legalmail.it; e-mail: info@svicom.com.
• Contact details of the Data Protection Officer (D.P.O.): Marco Pagliara (lawyer), e-mail: dpo@svicom.com; p.e.c.: pagliara@pec.it
• Purpose of the handling of the personal data: personal data will be processed in order to fulfil specific legal obligations, for purposes relating to the establishment, management and termination of the working relationship, for tax, social security and insurance purposes, as well as for safety, health and hygiene at work, for the recognition of benefits, for compliance with laws, regulations, company policies, collective bargaining agreements, for social security and safety at work regulations, in tax and trade union matters, for keeping accounts and payment of salaries, allowances, wages and donations, to assert and defend a right, even by a third party, in court, to fulfil insurance obligations to cover risks from employer liability or for damages caused to third parties at work, to ensure equal employment opportunities.
• Legal basis of the processing: the legal basis of the processing is the consent, i.e. the execution and management of the work relationship (in case of setting up), or the fulfilment of legal obligations of the data controller, or legitimate interest for reasons of security and protection of assets.
• Recipients or categories of recipients of personal data: people in charge of managing the working relationship following the objectives above, public bodies and institutions, external data processors (consultants, IT companies, training bodies and companies), companies where the data is held and co-owners (owners’ consortia, shopping centres).
• Intention of the data controller to transfer personal data to a non-EU country: this does not exist, as the data will not be transferred outside the EU. If there is a need to transfer data outside the EU, the processing will be regulated in accordance with Chapter V of EU Reg. 679/2016, checking the suitability of the recipient countries, or the existence of appropriate guarantees or binding corporate rules, or the existence of specific exceptions and subject to authorisation and communication to the data owners.
• Retention period of personal data and criteria used to determine it: 10 years from collection, however, according to their relevance, or for longer periods in case of interruption of the terms relating to data controller’s interest and after communicating the same to the data owners.
• Data subjects are informed of the right to ask the data controller for access to, correction or cancellation of their personal data, where the processing is based solely on consent, limiting the processing, as well as the right to data portability, governed by 15 et seq. of EU Reg. 679/16 (write to: dpo@svicom.com).
• Data subjects are informed of the right to withdraw their consent at any time (wririte to: dpo@svicom.com), if the data processing is on this legal basis and without affecting the lawfulness of the processing based due to the consent given before its withdrawal, and of the right to lodge a complaint with a supervisory authority (Privacy Guarantor).
• The communication of personal data is necessary for processing, for establishing the working relationship and to access the services provided.
• For any automated decision-making processes, including profiling, the interests of the company and potential operators will be used, according to criteria aimed at managing the working relationship. The interested party may in any case communicate in writing to oppose the aforesaid processing, if it does not hinder the work relationship.