DISCLOSURE PURSUANT TO ART. 13 OF LEGISLATIVE DECREE 196/2003
Dear User, This page contains a description of how Gextra Srl's website www.gextra.it (hereinafter "the Website") is managed with reference to the processing of the personal data of the users who consult it. This information on the processing of personal data is also provided, pursuant to art. 13 of Legislative Decree no. 196 of 30 June 2003, known as Code for the Protection of Personal Data (hereinafter the "Privacy Code"), for users of any of the services of the Website provided via internet. The information is not valid for other websites users may consult via the related links, for which Gextra S.r.l. is in no way liable. The following are the procedures for administering the privacy of personal information in the possession of Gextra Srl as the independent controller, or as the manager responsible for processing on behalf of the respective controllers, which are collected from the controllers themselves, or from third parties or from the persons concerned; the information referred to in this document is normally provided upon registration of the data, or when the information is transmitted, and is communicated at the earliest possible occasion.
Only personal data relating to persons identified or identifiable may be processed. According to Article 13 of the Privacy Code, the data subject shall be informed in advance concerning the data that concerns the data subject. Gextra S.r.l. ("Gextra") manages the data provided by customers during their navigation of the Website in accordance with the requirements of the Privacy Code.
For the purposes of navigation, the collection of personal data occurs only within specific sections and by means of electronic forms. The processing of sensitive data does not occur during navigation.
Controller and Manager of the Processed Information
The Data Controller and Manager is Gextra s.r.l., with registered office in Via Galliera 67, 40121 Bologna, in the person of its legal representative pro tempore.
Place of Data Processing
Data is processed at the registered office of Gextra s.r.l., Via Galliera 67, 40121 Bologna.
Type of Data Processed
Access to the website does not require users to enter their name and address. During normal use of the Website, some identifying data is acquired, and its transmission is implicit in the use of Internet communication protocols. This information is not collected to identify specific users, but by its very nature it could, through processing and association with data held by third parties, allow users to be identified. IP addresses or the domain names of computers used by users connecting to the site, the URI – Uniform Resource Identifier – addresses of the resources requested, the time of the request, the method used to send the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (completed successfully, error, etc.) and other data relating to the operating system and the User's IT environment fall within this category. This data is used only in order to gather statistical information on an anonymous basis regarding the use of the site and in order to check that it is working correctly, and it is eliminated after it has been processed. Said data could be used to verify liabilities in the event of potential IT offences against the Website.
Data Provided Voluntarily by the User
The despatch of e-mails on an optional, express and voluntary basis to the addresses indicated on the Website means that the address of the sender is then acquired, this being necessary in order to respond to the request, with any other personal data included in the communication also being acquired. The interested party can exercise the rights, at any time, provided for in article 7 of the Privacy Code.
Methods and purposes of processing the User data of Customers / Creditors
How Data Is Processed
As concerns exclusively the personal data entered in the reserved area dedicated to this purpose, access to which requires a password, Gextra uses automated and computerized methods to submit the data to all processing operations laid out in the Privacy Code, and specifically data collection, recording, organization, storage, processing, modification, selection, extraction, comparison, use, interconnection and any other operation useful for providing the required services, including disclosure to third parties where required and also to persons in charge of occasional maintenance operations. Such data can be organized in databases or archives for the sole purpose of carrying out the mandates received. The data processing is carried out by electronic means or on paper, in a manner consistent with the purposes for which it is collected, and which, in any case, ensures the security of such data. The data provided may be transmitted to third parties appointed by the Company for the purposes indicated in this information sheet, and without prejudice to compliance with the information obligations associated with the transmission thereof. Why Data Is Processed The personal data voluntarily provided by you to Gextra through the Website and/or through other channels may be processed for the following purposes:
- studies and market research
- conducting analyses and evaluations in loan portfolios
- provision of consultancy services related to credit management and recovery
- provision of administrative services, including those useful for credit management and recovery
- commercial and/or promotional communications and/or advertising
Methods and purposes of processing the User data of Customers / Debtors
Methods of Data Processing
In relation to the aforementioned purposes, the processing of personal data is carried out by means of manual processing, IT and telecommunication tools, and, in any case, in such a way as to ensure the security and confidentiality of the same, even in the event that long-distance communication techniques are used. The data can be subjected to all the processing operations identified by Legislative Decree 196/2003, which are the collection, recording, organization, storage, processing, modification, selection, extraction, comparison, use, interconnection and any other operation useful for providing the required services, including disclosure to third parties where required. Such data can be organized in databases or archives for the sole purpose of carrying out the mandates received.
Why Data Is Processed
Personal data is processed lawfully and fairly and in respect of the aforementioned legislative decree and the obligations of confidentiality pursuant to the related implementing provisions, without prejudice to the right to process data without the consent of the person concerned, within the limits set by current regulations, for purposes such as credit recovery, legal defence and compliance with legal and regulatory obligations. Personal data shall be used solely and exclusively for the purposes described below: 1. purposes related to the management of the relationship with the person concerned, such as credit recovery, credit management and attempts at out-of-court settlements of outstanding debt, the restructuring of the same, as well as other activities functional, instrumental and/or related to credit management and recovery; 2. purposes related to obligations arising from laws, regulations and European legislation, as well as provisions issued by competent authorities and by agencies of vigilance and control; 3. institutional purposes, such as purposes related and functional to accounting, tax management, internal control, as well as other matters relating to the management of credit; 4. purposes related to the contractual obligations and reporting requirements of Gextra in relation to their principals, or parent company, as well as to legal defence, handling complaints and claims, and other instances in which Gextra or its principals have reasonable need to use this data to protect their legitimate interests and the safety of persons and property. Please note that the data of all parties involved will be held for the period of time that may reasonably be considered necessary or contemplated by the law, with the maximum degree of confidentiality that can be applied in the circumstances and in compliance with the security measures indicated in Legislative Decree no. 196/2003. Processing is carried out only in reference to categories of data related to stakeholders and to recipients of the communication strictly related to this obligation, and the data will not be stored, unless other required by law, beyond the period of time necessary to comply with legal obligations and the legal protection of Gextra and its principals.
Categories of third parties to whom the data may be disclosed
The data received and/or provided by you will be disclosed from time to time pursuant to the purposes described above to parties involved in the implementation of services required for the proper management of the relationship, with the guaranteed protection of the rights of the person concerned. The data will be used only by staff authorized by Gextra and, in particular, by the following categories of persons: 1) companies belonging to the Data Controllers' and/or external Managers' corporate group; 2) companies that provide banking, insurance and financial services; 3) companies that verify identity, carry out technical-legal-administrative and accounting investigations related to records and/or management of relations; 4) companies that provide transmission, envelope filling, transport and delivery of related communications to the person concerned, or telecommunications activities, management of call centers and other forms of business communication; 5) persons and/or companies providing services or analyses related to credit recovery and services related to the management of the relationship with the person concerned; 6) management companies of national and international systems for the control of risks and fraud against financial intermediaries, banks and other stakeholders and credit recovery; 7) individuals, companies, associations or professional offices that provide services or assistance and advice to Controllers, with special but not exclusive reference to issues related to accounting, administration, law, taxation and financial management; 8) independent auditors for the certification of financial statements; 9) individuals whose authorization to access the data is recognized by law and secondary legislation or provisions issued by authorities empowered by law; 10) companies that provide computer services, data processing and/or transmission and/or computerized reports, storage of backup copies of data, storage of physical documents, microfilming or digitization of the same, and other related activities; 11) employees and associates through which Gextra carries out its activities.
Data shall not be disclosed.
Provision of data
The provision of data is optional. The User is free, when a request for information is made, to choose whether to provide his personal data or not. If the data is not supplied, its absence can make it impossible to obtain the requested answers and/or information. Please be informed that the computer systems used to manage the Website acquire all the data specified above (navigation data) whose transmission is implicit in the protocols of internet browsing.
Transfer of data abroad
The data collected may be transferred, in accordance with the purposes and in the manner indicated, outside the national territory, including to countries outside the European Union.
Rights as per article 7 of Legislative Decree 196/2003
In compliance with the provisions of articles 7-10 of the Privacy Code, all interested parties (Users) may request verification of the existence of personal data, know its content and origin, verify its accuracy and request the rectification, cancellation or blocking of said data. In particular, pursuant to art. 7 of the Privacy Code, the person concerned (User) has the right: 1. to obtain the confirmation of the existence or otherwise of personal data that regards him, even if he has not yet registered, and – when it is encrypted – to its communication in an intelligible form. 2. to obtain indications regarding: a) origin of the personal data; b) the purposes for which such data is processed and the methods used; c) the logic applied in the event that the details are processed by electronic means; d) the identification details of the data controller, data supervisors and appointed representative, pursuant to art. 5, paragraph 2; e) the subjects or categories of subjects to which the personal data may be transmitted or who may learn of the data in their role as an appointed representative in the country or as supervisors or persons appointed; 3. to obtain: a) the updating or correction of the data or, where it is in his interests, the addition of further data; b) the cancellation, anonymisation or blocking of data processed in breach of the law, including data which is not required to be kept for the purposes for which it was collected or subsequently processed; c) a declaration stating that the operations referred to at letters a) and b) above, and their content, have been notified to those to whom the data has been transmitted or disclosed, except where such proves impossible or requires the use of means that are clearly disproportionate to the right thereby protected. 4. to refuse consent, in whole or in part: a) for legitimate reasons and, without prejudice to the cases where processing of his personal data is permitted even without his consent, even if they are pertinent to the purposes of the data collection; b) the processing of personal data relating to him or her for the purposes of sending advertising or direct sales material or for the purposes of market research or commercial communications. To exercise his rights, the person concerned (User) must apply to the Gextra Srl Data Manager via registered letter sent to the following address: Via Galliera 67 – 40121 Bologna
Declaration of Consent Pursuant to Article 23 of Legislative Decree No. 196/2003
The processing of data for the purposes specified in this Disclosure requires, with certain exceptions related to the exercise of the legitimate rights of third parties, the consent of the person concerned. This consent is considered to be provided by the user through his/her entering of the data via the Website. In the event where the data of other persons is entered, the user of the Website acknowledges that he has previously obtained the necessary agreement of the owners of that data and/or is authorized to give consent on their behalf.