PRIVACY NOTICE FOR “NEWSLETTER” under EU Regulation 2016/679 

General Data Protection Regulation

Pursuant to article 13 of the EU Regulation 2016/679 General Data Protection Regulation (“GDPR”), we provide you with the following information on the processing of your personal data for the purpose of subscribing to our newsletter.

 

 

Subscription to the Coin newsletter is not allowed under 18 years of age.

 

 

a)  Identity and contact details of the Data Controller:

 

The Data Controller is the company Coin S.p.A. with registered and administrative office in Italy, Venezia - Mestre (VE), via Maderna no.11, 30174, tax code and VAT number: 04391480276, e-mail ecommerce@coin.it.

 

b) Data Protection Officer (DPO):

 

The Data Protection Officer appointed by Coin pursuant to article 37 of the GDPR can be contacted at the e-mail address dpo@coin.it.

 

c) Purpose and legal basis of personal data processing:

 

Your data will be used to contact you (by e-mail) for advertising or commercial communications relating to advantages, offers and exclusive products that Coin and its business partners reserve for subscribers of Coin newsletter and participation in market research.

The processing of your personal data, for the purposes and in the manner described in this notice, may only be carried out on the basis of your consent (pursuant to article 6, c.1, letter a), of the GDPR). We remind you that your consent is freely withdrawable (i) by using the appropriate link in all our newsletters, (ii) by sending a communication to the e-mail address ecommerce@coin.it.

We ask you to provide us with your e-mail address because it is necessary to register for our newsletter service; without it, the registration cannot be completed, with the consequence that you will not be able to receive our communications. 

 

d) Recipients of your personal data:

 

Within the scope of the above-mentioned purposes, your data may come to the attention of the following recipients: (i) companies that, on our behalf, carry out the service of storage and processing of computer files, maintenance of our website and of our app; (ii) companies that carry out promotional activities (limited to e-mail address); (iii) OVS S.p.A.; (iv) companies entrusted with the management of our customer service. These subjects will act as Data Processors pursuant to art. 28 of the GDPR. The names of the subjects acting as Data Processors may be requested by means of a communication to be sent to the addresses indicated below.

Within the Company, your data will be processed (limited to their respective sphere of competence) by the persons authorised to the processing appointed pursuant to article 29 of the GDPR (in particular at the Marketing & Digital Transformation Department). Your data will not be disseminated.

 

e) Transfers of data outside the European Union:

 

For the above-mentioned purposes, your personal data will not be transferred to countries outside the European Union.

 

f) Method of processing personal data:

 

Personal data will be processed mainly by computer, in compliance with current legislation, so as to guarantee its security and confidentiality and prevent its unauthorised disclosure or use, alteration or destruction.

The data will be processed in compliance with the prescriptions set forth in the provisions in force - and their subsequent amendments and/or additions - issued on the matter by the Italian Data Protection Authority (including the Guidelines on Marketing and against Spam - 4 July 2013).

 

g) Data retention period:

 

Your personal data will be stored for the entire duration of your subscription to the Coin newsletter service, and - in any event - until you withdraw your consent (which can be withdrawn at any time as better specified in this privacy notice). Thereafter, the data will be destroyed or anonymized.

 

h) Data subjects’ rights:

 

By means of a communication to be sent to the registered and administrative offices of Coin or to the e-mail address ecommerce@coin.it, you may at any time exercise your rights pursuant to articles 15 to 22 of the GDPR, including the right (i) to obtain confirmation of whether or not your personal data is being processed; (ii) to obtain access to your personal data and to the information indicated in art. 15 of the GDPR; (iii) to obtain the rectification of inaccurate personal data concerning you without undue delay or the integration of incomplete personal data; (iv) to obtain the erasure of your personal data without undue delay; (v) to obtain the restriction of the processing of your personal data; (vi) to be informed of any rectification or erasure or restriction of the processing of your personal data; (vii) to receive or transmit to another data controller, in a structured, commonly used and machine-readable format, your personal data; (viii) to object at any time, on grounds relating to your particular situation, to the processing of your personal data. 

In particular, your right to withdraw at any time any processing consents you may have given and to object to the processing of your data carried out, in particular, for direct marketing purposes, remains unaffected.

A complete list of your rights can be found at www.garanteprivacy.it.

 

i)           Complaint to the Data Protection Authority:

 

We remind you that, if you consider that the processing concerning you violates the provisions of the GDPR, you may always lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it), or with the Supervisory Authority of the country in which you habitually reside or work, or of the place where the alleged violation occurred.