1. Data Controller

    Clever S.r.l., headquartered at Via Minghetti 29, 40057 Granarolo dell’Emilia (BO), Tax Code and VAT No. 02977091202 (hereinafter, the “Controller” or “Clever”), in its capacity as Data Controller, hereby informs you, pursuant to Articles 13 and 14 of EU Regulation 2016/679 (hereinafter, the “GDPR”), that the personal data of natural persons residing in the European Union (hereinafter, the “Customer” or the “Data Subject”) collected during the performance of its business activities will be processed in the manner and for the purposes described below.

    Purpose of Processing

    The Controller processes personal data (such as name, surname, tax code, email address, telephone number, etc., hereinafter “personal data” or “data”) that have been provided verbally or communicated by the Data Subject when registering on the website and/or subscribing to the Controller’s newsletter service or when entering into a contract in which the Data Subject is a party.

    Legal Basis and Purposes of Processing

    Personal data are processed:

    • Without the express consent of the Data Subject (Art. 6 letter f of the GDPR) in order to fulfil the Controller’s legitimate interests and corporate purpose, in particular to:

      • comply with pre-contractual, contractual and tax obligations deriving from relationships with the Customer;

      • comply with obligations required by law, regulation, EU legislation or orders issued by Authorities;

      • enable subscription to the newsletter service and any other services requested;

      • exercise the Controller’s rights.

    • With the specific consent of the Data Subject (Art. 6 letter a of the GDPR), through a separate and dedicated information notice, for the purposes indicated therein.

    Please note that Clever may send commercial communications to its Customers concerning services or products similar to those already used, unless the Data Subject expressly objects.

    Processing Methods

    The processing of personal data is carried out using the operations indicated in Article 4(2) of the GDPR, namely: collection, recording, organisation, storage, consultation, processing, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, erasure and destruction of data.
    Data are processed both on paper and by electronic means.

    The Controller will retain personal data for the time necessary to fulfil the purposes described in this notice and, in any case, for no longer than 10 years after the end of the relationship with the Customer. Data not subject to mandatory retention will be stored for no longer than 2 years after the end of the relationship.

    All data are processed in accordance with the principles of confidentiality and security, and appropriate technical, IT, organisational and procedural measures are adopted to guarantee the level of protection required by Article 32 of the GDPR.

    Access to Data

    Customer data may be made accessible, for the purposes referred to in sections 2.A and 2.B above:

    • to employees and collaborators of the Controller, in their capacity as authorised persons and/or internal processors and/or system administrators;

    • to third parties (for example, service providers for the management and maintenance of the website, suppliers, banks, professional firms, etc.) performing outsourcing activities on behalf of the Controller, in their capacity as external data processors.

    Disclosure of Data

    Without the express consent of the Customer (Art. 6 letters b and c GDPR), the Controller may communicate data for the purposes set out in section 2.A to supervisory bodies, judicial authorities and all other entities to whom communication is mandatory by law or necessary to achieve those purposes.

    Data Transfer

    Data management and storage take place on servers owned by the Controller located within the European Union and/or by third-party companies duly appointed as Data Processors. Currently, the servers are located in Italy.
    Data will not be transferred outside the European Union.
    Should it become necessary, the Controller reserves the right to relocate servers within Italy, the EU or non-EU countries. In such cases, any transfer of data outside the EU will occur in compliance with applicable law, ensuring an adequate level of protection through specific agreements and/or the adoption of Standard Contractual Clauses approved by the European Commission.

    Nature of Data Provision and Consequences of Refusal

    Providing data for the purposes referred to in section 2.A is mandatory. Failure to provide such data will make it impossible for Clever to continue the relationship with the Data Subject.

    Rights of the Data Subject

    As the Data Subject, the Customer has the rights set forth in Articles 15 to 21 of the GDPR, namely the right to:

    • obtain confirmation of whether personal data concerning them exist, even if not yet recorded, and to receive such data in an intelligible form;

    • be informed of:

      • the origin of the personal data;

      • the purposes and methods of processing;

      • the logic applied in case of processing carried out with electronic means;

      • the identification details of the Controller, processors and designated representatives;

      • the entities or categories of entities to whom the data may be communicated or who may become aware of it as designated representatives, processors or authorised persons;

    • obtain:

      • the updating, rectification or, where interested, integration of the data;

      • the erasure, anonymisation or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;

      • confirmation that the above operations have been notified to those to whom the data were communicated or disclosed, unless this proves impossible or involves a disproportionate effort;

    • object, in whole or in part:

      • for legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of collection;

      • to the processing of personal data for the purpose of sending advertising material, direct sales, market research or commercial communication, using automated systems (email, automated calls) or traditional methods (telephone, post).

    Where applicable, the Customer also has the rights of access, rectification, erasure, restriction of processing, portability, and objection, as well as the right to lodge a complaint with a Supervisory Authority.

    How to Exercise Your Rights

    The Customer may exercise their rights at any time by sending:

    • a registered letter with return receipt to Clever S.r.l., Via Minghetti 29, 40057 Granarolo dell’Emilia (BO), Italy;

    • an email to info@cl-ever.com;

    • a certified email (PEC) to clever@pec.it.

    Minors

    The Controller’s services are not intended for individuals under 18 years of age, and the Controller does not knowingly collect personal information from minors. Should any such information be inadvertently collected, the Controller will promptly delete it upon request.

    Controller, Processors and Authorised Persons

    The Data Controller is Clever S.r.l., represented by its legal representative.
    An updated list of data processors and authorised persons is available at the Controller’s registered office.

    Amendments to This Privacy Notice

    This Privacy Notice may be subject to change. Users are therefore encouraged to consult it regularly and to refer to the most recent version.