Information on the processing of personal data pursuant to art. 13 of Regulation (EU) 2016/679

This page describes the privacy policy of the website www.stel.it and the services provided by STEL srl with regard to the processing of personal data relating to those who provide them.

This information is provided pursuant to Articles 13 and 14 of EU Regulation 2016/679 for the website https://www.stel.it and for the services provided by STEL srl, and not for other websites that may be accessed via links.

Data controller

STEL srl

with headquarters in Via del Verginese 24/b, 44015 Gambulaga (FE)

VAT number 01177820386 and ISP-WISP – ROC 18379

Tel: +39 0532 55586

Fax: +39 0532 904231

email: amministrazione@stel.it

Data Protection Officer

The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted for any information or requests at dpo@stel.it.

Types of data processed and Purpose of the Processing

A) Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters relating to the user's operating system and IT environment.

* Purpose and Legal Basis: This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning (legal basis: legitimate interest of the owner, art. 6, par. 1, letter f) GDPR [General Data Protection Regulation / Article 6]) and to ascertain responsibility in the event of hypothetical computer crimes against the site (legal basis: legal obligation, art. 6, par. 1, letter c) GDPR [General Data Protection Regulation / Article 6]).

* Retention Period: Web contact data does not persist for more than 14 days, except in the event of detection of crimes [STEL Information.docx].

B) Data provided for contractual and pre-contractual management

The personal data (personal, contact, payment information) provided by the interested party when requesting a quote, signing the contract, or during its execution are processed for the following purposes:

Fulfill specific pre-contractual requests, such as preparing quotes and verifying service coverage.

Establish, manage, and execute the connectivity services contract, including billing and payment management.

* Legal Basis: For these purposes, processing is necessary for the implementation of pre-contractual measures taken at your request and for the performance of the contract to which you are party (Article 6, paragraph 1, letter b) GDPR) [Guideline 2/2019 on the processing of personal data pursuant to Article 6, paragraph 1, letter b) of the General Data Protection Regulation in the context of the provision of online services to data subjects] [General Data Protection Regulation / Article 6]. Providing your data is mandatory for the conclusion and performance of the contract.

* Retention Period: The data will be retained for the entire duration of the contractual relationship and, after its termination, for 10 years to fulfill civil and tax obligations.

C) Data Processing for Technical Assistance and Service Improvement

When you contact our technical support service, your personal data is processed for the purposes described below.

Provision of Technical Assistance Service

* Purpose of Processing: To handle, manage, and resolve your support requests; to identify, analyze, and diagnose technical problems related to the line, network, or devices provided; to perform technical interventions, including remotely; to contact you for updates and to verify the resolution of the problem; to ensure network security.

* Legal Basis: The legal basis is the performance of the contract to which you are a party (Article 6, paragraph 1, letter b) GDPR) [General Data Protection Regulation / Article 6], as the processing is necessary to fulfill our technical support obligations [Guideline 2/2019 on the processing of personal data pursuant to Article 6, paragraph 1, letter b) of the General Data Protection Regulation in the context of the provision of online services to data subjects]. Providing your data for this purpose is necessary to be able to provide you with support.

* Types of Data Processed: Identification and contact data (name, customer code, telephone number, email address); contractual data (installation address, type of service); technical and traffic data strictly necessary for the service (IP address, connection logs, line diagnostic data). The processing of such data is limited to the duration and necessity of the service, in accordance with the legislation prohibiting the general and indiscriminate retention of traffic data [Judgment of the Court (Grand Chamber) of 21 December 2016.][Judgment of the Court (Grand Chamber) of 6 October 2020.].

* Retention Period: Data relating to individual support requests (tickets) are retained for 24 months from their closure to handle any subsequent complaints or disputes.

Analysis for Service Improvement and Efficiency

* Purpose of Processing: We use data from technical support activities to analyze, primarily in aggregate and statistical form, the performance of our services and our network. This allows us to pursue improvement objectives, such as identifying recurring technical issues in specific geographic areas or types of equipment, optimizing support procedures to make them faster and more effective, and planning infrastructure enhancements.

* Legal Basis: The legal basis is the legitimate interest of the Data Controller (Article 6, paragraph 1, letter f) GDPR) [General Data Protection Regulation / Article 6] to offer an increasingly stable, high-performance and reliable service, for the benefit of both the company and the customers themselves. We believe that this interest is compatible with the rights and freedoms of the data subjects, as the analysis is aimed at improving the service provided and is conducted by applying the principle of data minimization [General Data Protection Regulation / Article 5] [Guidelines 4/2019 on Article 25 Data Protection by Design and by Default] [Guidelines 4/2019 on Article 25 Data Protection by Design and by Default].

* Types of Data Processed: For this purpose, we primarily use aggregated and statistical information (e.g., number and type of faults per area, average resolution times) [Provision of 18 July 2023 [9920942]]. Where it is necessary to analyse personal data, this will be limited to what is strictly necessary (e.g., type of fault, geographical area, equipment involved), excluding analyses of the content of communications or individual behaviour not relevant to the technical purpose.

* Right to Object: As processing is based on legitimate interest, you have the right to object at any time, for reasons relating to your particular situation, to this specific processing activity, by contacting us at the contact details indicated.

D) Processing for marketing purposes and newsletter subscription

Subject to your specific and voluntary consent, STEL will process your personal data (name, surname, email address) to send you informative and promotional communications relating to its products and/or services, for direct sales purposes, to conduct market research, and to monitor customer satisfaction via email.

* Legal Basis: The legal basis for this processing is the consent you have given (art. 6, par. 1, letter a) GDPR) [General Data Protection Regulation / Article 6].

* Optionality and Revocation: Providing data for marketing purposes is optional. You may revoke your consent and/or object to the processing at any time by writing to amministrazione@stel.it.

* Retention Period: The data will be processed until consent is revoked and, in any case, no later than 24 months from collection, reserving the right to ask you to renew your consent before its expiration.

E) Processing of personal data contained in Curriculum Vitae

STEL will process the data contained in CVs sent spontaneously or following a recruiting campaign.

* Legal Basis: The legal basis is the implementation of pre-contractual measures taken at the request of the data subject (Article 6, paragraph 1, letter b) GDPR) [General Data Protection Regulation / Article 6].

* Retention Period: The data will be retained for a maximum period of 2 years from receipt.

F) Data processing for compliance with legal obligations and protection of rights

STEL may process your data for:

To fulfill obligations established by laws, regulations or orders of authorities.

To ascertain, exercise or defend one's rights in court.

* Legal Basis: For purpose 1, the legal basis is compliance with a legal obligation (Article 6(1)(c) GDPR) [General Data Protection Regulation / Article 6]. For purpose 2, it is the legitimate interest of the Data Controller (Article 6(1)(f) GDPR) [General Data Protection Regulation / Article 6].

* Retention Period: The data will be retained for the time necessary to fulfill the obligation or protect the right.

Method and place of processing

The data is processed using automated and manual tools, by authorized and trained personnel, in compliance with the principles of integrity and confidentiality [Provision of April 27, 2023 [9900826]]. Specific technical and organizational security measures are implemented to prevent data loss, illicit or incorrect use, and unauthorized access, in accordance with art. 32 of the GDPR [General Data Protection Regulation / Article 32]. Processing takes place at the Data Controller's offices and on servers located within the European Union.

Categories of subjects to whom the data may be communicated

The data may be disclosed to entities acting as data processors (Article 28 of the GDPR), such as third-party technical service providers (including external technicians for on-site interventions) [Guidelines 07/2020 on the concepts of data controller and data processor under the GDPR], hosting providers, IT companies, or consultants and competent authorities. An updated list of data processors can be requested from the Data Controller.

Rights of interested parties

Pursuant to Articles 15-22 of EU Regulation 2016/679, you have the right to:

* obtain confirmation of whether or not personal data concerning you exists;

* obtain access to your data and information relating to the processing;

* request the rectification of inaccurate data or the integration of incomplete data;

* request the deletion of data (“right to be forgotten”) in the cases provided for by art. 17 of the GDPR;

* request the limitation of processing when the conditions set out in art. 18 of the GDPR apply;

* receive the data concerning you in a structured, commonly used and machine-readable format and transmit them to another owner (right to portability);

* object at any time, for reasons relating to your particular situation, to data processing based on legitimate interest, and at any time to processing for marketing purposes;

* withdraw consent at any time, without affecting the lawfulness of processing based on consent given before its withdrawal.

Requests should be sent by email to amministrazione@stel.it.

You also have the right to lodge a complaint with the competent Supervisory Authority (Italian Data Protection Authority, www.gpdp.it).