DATA PRIVACY POLICY

Privacy Policy of NTT Data Italia S.p.A.

Effective Date: 03/20/2020

INTRODUCTION

NTT Data Italia S.p.A. (“Company” or “we”), which can be contacted at the email address [email protected] wants to inform you about how we collect, use and disclose personal data from and about you, through this website  (“Website“) and all its associated mobile sites (collectively, the “Company Services”), in compliance with all applicable data protection laws and regulations. 

You can find a Table of Content and a brief summary of this Privacy Policy in the chart below. For further details with regard to the data processing carried out by the Company click to the links in each section of the summary to access the full content of the Privacy Policy relevant to that topic.

Issue Information
What and who this Privacy Policy covers? The Company is the data controller of the personal data we collect from and about you through the Website and the Services.

This Privacy Policy applies to all users, including both those who use the Website of the Company Services without being registered or having subscribed. 

For further information click here [LINK TO PARAGRAPH 1]

What kind of personal data do we collect about you? The Company might collect data from and about you. 

More in particular, the Company collects (1) data that you have volountarily shared with the Company, (2) activity data and (3) information shared with other sources.

However, we do not collect either financial information or special categories of personal data relating to you (e.g., health or judicial data). 

For further information click here [LINK TO PARAGRAPH 2]

How do we use your personal data? The main reason why we collect data about you is to allow you to use the Website or to provide you with our Company Services and to allow you to interact with such services. 

We currently do not process your data to send offer, marketing communications etc. Should we plan this in future we will do it , only with your prior consent, For further information click here [LINK TO PARAGRAPH 3].

On what ground do we use your personal data? Your personal data are mainly collected in order to allow you to use the Website and the relevant Services. 

Your personal data are also necessarily collected to comply with legal obligation or to protect the legitimate interests of the Company.

Failure to provide such data may entail the impossibility to offer you the Company Services or grant you access to the Website, as the case may be.

For further information click here [LINK TO PARAGRAPH 4].

How do we process your personal data? The security of your data is a priority for us. For this purpose, the Company has implemented adequate administrative, technical and physical measures to safeguard your personal data against loss, theft and unauthorized use, disclosure or modification. 

For further information click here [LINK TO PARAGRAPH 5].

Who can access to your personal data?

 

The Company might share your personal data with (i) service providers, (ii) our affiliated companies and (iii) national authorities, when allowed by applicable laws.

We may also share your personal data with our commercial partners for their marketing purposes but only upon your prior optional consent.

For further information click here [LINK TO PARAGRAPH 6].

Is your personal data transferred abroad? Your personal data might be transferred to other countries within the European Economic Area (EEA). In any case, we always make sure that appropriate and suitable safeguards compliant with applicable laws are in place to protect your personal data. 

For further information click here [LINK TO PARAGRAPH 7].

What are your rights with regard to your personal data? You have among others the right to access, integrate, update, amend and delete your personal data.

For further information click here [LINK TO PARAGRAPH 8].

What is going to happen on May 25, 2018? The EU General Data Protection Regulation 2016/679 is becoming effective on May 25, 2018, introducing among others additional rights for individuals.

For further information click here [LINK TO PARAGRAPH 9].

Updates to this Privacy Policy The Company may modify or update this Privacy Policy also in order to comply with applicable law. 

Please look at the Effective Date at the top of this Privacy Policy to see when this Privacy Policy was last revised. 

How can I contact you with regard to the processing of my personal data? You can contact us at the following email address [email protected].

 

  1. WHAT AND WHO THIS PRIVACY POLICY COVERS?

The Company is the data controller of the personal data (i.e. information that identifies a specific person, such as full name or email address) we collect from and about you through the Website and the Company Services that is processed in compliance with the terms of this Privacy Policy. 

This Privacy Policy and our Cookies Policy apply to all users, including both those who use the Website and the Company Services without being registered or having subscribed to a specific service. 

  1. WHAT TYPE OF PERSONAL DATA DO WE COLLECT ABOUT YOU? 

The Company collects (1) registration data, (2) data that you have volountarily shared with the Company, (3) activity data collected when you access and interact with the Website or the Company Service and (4)  More in particular, the Company collects the following data from and about you: 

  1. Registration data: none as we currentlyfdo tno have a registration form.
  2. Data that you have volountarily shared with the Company: we might collect your personal data (such as name surname, email, organization and phone number) if you submit a request through the contact form made available to you via Website.
  3. Activity Data. When you access and interact with the Website or the Company Services, we may collect certain information about those visits. For example, in order to permit your connection to the Website or the Company Services, our servers receive and record information about your computer, device, and browser, including potentially your IP address, browser type, and other software or hardware information. If you access the Website or the Company Services from a mobile or other device, we may collect a unique device identifier assigned to that device, geolocation data, or other transactional information for that device. Cookies and other tracking technologies (such as browser cookies, pixels, beacons, and Adobe Flash technology including cookies) may also be collected. These technologies may also be used to collect and store information about your usage of the Website or the Company Services, such as pages you have visited, content you have viewed, search queries you have run and advertisements you have seen. For more information please visit our Cookie Policy [INSERT THE LINK].
  4. Information from Other Sources. We may supplement the information we collect with information from other sources, such as publicly available information from social media services and commercially available sources.

When the information collected from or about you does not identify you as a specific person, directly or indirectly, we may use that information for any purpose or share it with third parties, to the extent permitted by applicable data protection laws and regulations.

We do not collect:

  • Financial information from a payment service provider: in some cases, we may use an unaffiliated payment service to allow you to purchase a product or make payments. In that case, the information that you provide will be subject to the applicable payment service’s privacy policy, rather than this Privacy Policy. 
  • Special categories of personal data: we ask that you do not send us, and you do not disclose, any information included in a special category of personal data (such as social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) on or through the Website, the Company Services or otherwise.

Linked Services. The Company Services may also be linked to sites operated by unaffiliated companies, and may carry advertisements or offer content, functionality, games, newsletters, contests or sweepstakes, or applications developed and maintained by unaffiliated companies. The Company is not responsible for the privacy practices of unaffiliated companies, and once you leave the Company Services or click an advertisement you should check the applicable privacy policy of the other service. 

  1. HOW DO WE COLLECT YOUR PERSONAL DATA?

We process the personal data we collect from and about you to: 

  1. Allow you to use the Website and, as the case may be, provide you with the Company Services that best suit you;
  2. measure and improve those Company Services and features; 
  3. improve your experience on the Website and with both online and off-line Company Services by delivering content you will find relevant and interesting;
  4. provide you with customer support and to respond to inquiries;
  5. protect the rights of the Company and others: more in particular there may be instances when the Company may disclose your personal data, including situation where the Company has a good faith belief that such processing is necessary in order to: (i) protect, enforce, or defend the legal rights, privacy, safety, or property of the Company, our Company Affiliates or their employees, agents and contractors (including enforcement of our agreements and our terms of use); (ii) protect the safety, privacy, and security of users of the Website or of the Company Services or members of the public; (iii) protect against fraud or for risk management purposes; (iv) comply with the law or legal process; or (v) respond to requests from public and government authorities; 
  6. complete a merger or sale of assets. With this regard if the Company sells all or part of its business or makes a sale or transfer of its assets or is otherwise involved in a merger or transfer of all or a material part of its business, the Company may transfer your information to the party or parties involved in the transaction as part of that transaction;

When the data collected from or about you does not identify you personally, we may use that information for additional purposes or share it with third parties. 

  1. ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA? 

The processing of your personal data for the purposes of: 

  • Section 3, letters from a) to e) of this Privacy Policy is necessary for the running of the Website and the provision of the Company Services and therefore it is mandatory since otherwise the services could not be provided; 
  • Section 3, letter f) of this Privacy Policy is mandatory as it is requested under applicable laws.
  1. HOW DO WE PROCESS YOUR PERSONAL DATA?

With regard to the above mentioned purposes, the data is processed through both electronic and manual means, and is protected through adequate security measures. With this regards, although the Company uses appropriate administrative, technical, personnel and physical measures to safeguard personal data in its possession against loss, theft and unauthorized use, disclosure or modification, it cannot guarantee that all possible cyber-risks can be excluded.

  1. WHO HAS ACCESS TO YOUR PERSONAL DATA?

For purposes consistent with those at Section 3 of this Privacy Policy, the Company may share your personal data to the following categories of recipients located within the European Union or outside of the European Union in compliance and within the limits of the provisions of Section 7 below:

Third parties service providers entrusted with processing activities and duly appointed as processors when required by applicable laws, e.g. cloud service providers, other entities of the group, providers of services instrumental to or supporting the Company Services – and thus, by way of example and without limitation, companies that provide IT services, experts, consultants and lawyers – companies resulting from possible mergers, demergers, or other transformations, and 

Company Affiliates, in their capacity of data controllers or data processors, a list of which Company Affiliates is available by contacting us ay [email protected].

Competent national authorities in order to comply with applicable laws. 

A complete list of the data processors may be requested to the Company at the addresses as per Section 11 of this Privacy Policy.

  1. IS YOUR PERSONAL DATA TRANSFERRED ABROAD? 

Your personal data may be transferred to countries within the European Economic Area (EEA), in particular in Germany and UK. Some non EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. The full list of these countries is available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place appropriate and suitable safeguards to protect your personal data and that transfer of your personal data is in compliance with the requirements and the obligations provided by applicable data protection laws, such as standard contractual clauses adopted by the European Commission as per Articles 45 and 46 of the EU General Data Protection Regulation 2016/679 (the “GDPR“). 

You have the right to request a copy of the above measure or further information on your personal data  by contacting the Company at the address indicated in Section 11 of this Privacy Policy. 

  1. WHAT ARE YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA?

You have the right, at any given time, to:

  1. obtain confirmation as to whether or not your personal data exist and to be informed of its content and source, verify its accuracy or request integration, update or amendments;
  2. request the deletion, conversion to an anonymous form or restriction of any personal data processed in breach of the applicable law; 
  3. oppose its processing, in all cases, for legitimate reasons. 

With this regard you may send your request at the address outlined in Section 11 of this Privacy Policy. In your request, please include your email address, name, address, and telephone number and specify clearly what information you would like to access, change, update, suppress or delete.

Also, the additional rights outlined in Section 9 below will be effective from May 25, 2018. 

  1. WHAT IS GOING TO HAPPEN FROM MAY 25, 2018? 

From 25 May 2018, the GDPR will become effective and the following provisions will apply: 

  1. Retention period applying to your personal data

We will retain your data only for the period necessary to fulfill the purposes for which the data was collected as outlined in this Privacy Policy. In any case, the following retention periods will apply to the processing of your personal data for the purposes indicated below:

  • data collected for the purposes as per Section 3, letters from a) to f) of this Privacy Policy is retained for the time necessary to provide you access to the Website or to grant you the provision of the Company Services plus the length of any applicable statutory limitatation period following the termination of the Company Services; 

At the end of the retention period your personal data will be either cancelled, anonymized or aggregated. 

  1. Please refer to our Data Retention Policy which can be requested by sending an email at [email protected].
  1. Additional rights 

In addition to the rights as indicated in paragraph 8 of this Privacy Policy and further to the application of the GDPR, you will also have the right, in any given moment, to: 

    1. request to Company to limit the processing of your personal data where: 
  • You contest the accuracy of the personal data until we have taken sufficient steps to correct or verify its accuracy; 
  • The processing is unlawful but you do not want us to erase the data; 
  • We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or 
  • Where you have objected to processing justified on legitimate interests grounds pending verification as to whether the Company has compelling legitimate grounds to continue processing. 
    1. object to the processing of your personal data; 
    2. request the erasure of your personal data without undue delay;
    3. the right to data portability (i.e. to receive an electronic copy of your personal data, if you would like to port your personal data to yourself or a different provider), when we are relying upon your consent or the fact that the processing is necessary for the provision of the Company Services and the personal data is processed by automatic means;
    4. the right to lodge a complain with the relevant supervisory authority. 
  1. UPDATE TO THIS PRIVACY POLICY

The Company may modify or update this Privacy Policy also also following different interpretations, decisions, opinions and orders relating to the the GDPR. Please look at the Effective Date at the top of this Privacy Policy to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will be notified in advance and will in any case be available when we post the revised Privacy Policy on the Website or the Company Services. If we make material chances to this Privacy Policy that expand our rights to use the personal data we have already collected from you, we will notify you and provide you with a choice about our future use of the personal data.

  1. CONTACT US

If you have questions about this Privacy Policy, please contact the Company Data Protection Manager at the following email address  [email protected].

DATA Privacy Notice for the “NTT DATA R&D Forum 2019” (“Data Privacy Notice”)

according with the EU REGULATION 2016/679
of the European Parliament and of the Council of 27 April 2016
on the protection of personal data (“EU Data Protection Regulation”)

1.- BACKGROUND

1. This is the Data Privacy Notice in relation to your registration – via this website (“Website”) to the event NTT DATA R&D Forum 2019 scheduled to be held in Tokyo from 12th to 14th of November 2019 (the “Event”).

2. You are hereby asked to confirm your consent on processing your Personal Data, according with EU Data Protection Regulation.

3. NTT DATA EMEA Ltd. (“EMEA” or simply “We”), whose address is at 3rd Floor, 2 Royal Exchange, London EC3V 3DG, United Kingdom, is one of the Regional Sub-holdings of NTT DATA Corp., stock listed in Japan.

4. EMEA is the Data Controller for the Purposes as set forth in the clause 3 below and with this Data Privacy Notice informs you, as Data Subject, on the following.

2.- NECESSARY INFORMATION WE NEED TO COLLECT FROM YOU

1. We need to collect and process the following information about you:

1. Your name, surname, job title, company, email, telephone number, country, date of arrival and departure and other personal information you may agree to provide including food preferences and allergies, provided that food preferences and allergies will be provided to Third Party Recipients, as defined in clause 4.1 below with no indication of your name and last name (collectively referred to as the “Personal Data“).

2. Please note that We will be unable to register you and to welcome you at the Event, until and unless you fill in the form in this Website and provide your acceptance to the processing of your Personal Data according to this Data Privacy Notice.

3.- PURPOSES

1. We use Your Personal Data in the following ways and for the following reasons (the “Purposes”):

a. to enable You to register to the Event;

b. to confirm You that You have been registered to attend the Event;

c. to organize suitable arrangements for Your on-site travel and accommodation at the Event;

d. to provide additional information on the scheduled elements.

4.- DISCLOSURE OF YOUR PERSONAL DATA

1. Your Personal Data will be collected by NTT Data EMEA, which may share your Personal Data to third parties recipients (“Third Parties Recipients”) exclusively to organize suitable arrangements for Your on-site travel and accommodation at the Event (e.g. selected hotel and restaurant(s), transfer company, printing company to print Your name as attendee at the Event, insurance company to provide adequate insurance coverage to You in relation to the participation at the Event).

2. It is not possible to list every single Third Party Recipient of your Personal Data. The updated list of Third Party Recipients who your Personal Data may have been submitted to, can be requested at any time to the EMEA Lead Data Protection Manager, as identified and at the email address set out in the clause 9 of this Data Privacy Notice.

5.- TRANSFER OF YOUR PERSONAL DATA

1. Please note that NTT DATA Group is a leading global IT services provider and that the guests invited to the Event might be coming from various regions and countries, so that your Personal Data will be shared on a need-to-know basis and consistently with the Purposes with other companies of owned or controlled by EMEA (“EMEA Group”), which means our subsidiaries, as defined in section 1159 of the UK Companies Act 2006, within or outside the EEA, provided that in any case, such transfers will comply with the appropriate guarantees as set forth in the applicable law, and in particular with the articles 45 and 46 of the EU Data Protection Regulation.

2. You have the right to obtain copy of your Personal Data stored and/or transferred outside the EEA and to obtain information on the place where such Personal Data are stored, as provided and at the email address set out in the below clause 8 of this Data Privacy Notice.

6.- PICTURES TAKEN DURING THE EVENT

1. Please note that during the Event some pictures may be taken and/or some video recording during Your participation at the Event. These pictures and/or videos may be shared on intranet and/or websites of the EMEA Group or on social media, subject to Your explicit consent. If You intend to provide Your consent, you are kindly requested to confirm Your consent on the specific section of the Website as available. Your pictures and/or videos will be taken for the duration of the Event and in any case for a period not longer than 24 months following the end of the Event, unless you renew Your Consent for any subsequent period.

7.- RETENTION PERIOD AND SAFETY MEASURES

1. All the Personal Data you provide will be stored and retained for the period which is strictly necessary to organize and to attend the Event (“Retention Period”).

2. EMEA will take the necessary steps to ensure that your Personal Data be treated securely, with an adequate level of protection and only in accordance with the Purposes set forth in this Data Privacy Notice.

3. After the Retention Period, and in any case not later than 30 business days following the conclusion of the Event, your Personal Data will be deleted if still stored in EMEA servers and/or Third Parties Recipients servers.

8.- YOUR RIGHTS

1. EMEA informs you that, according to the EU Data Protection Regulation, at any time you have the following rights related to your Personal Data:

a. to obtain confirmation as to whether or not your Personal Data exist and to be informed of its content and source, the purposes and modalities of the processing, as well as the logic involved in case of automated processing;

b. to request update, correction or rectification of your Personal Data;

c. to withdraw your consent, without prejudice to the lawfulness of the processing based on consent previously expressed before its withdrawal;

d. to request deletion without unjustified delay, anonymization or the block of data processed unlawfully, to object for legitimate reasons to data processing, as well as right to data portability;

e. to request to limit the processing of your Personal Data where (a) you object the accuracy of your Personal Data until EMEA have taken sufficient steps to verify its accuracy, (b) processing is unlawful and you opposes the erasure of the Personal Data and requests the restriction of their use instead, (c) EMEA no longer needs the Personal Data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims;

f. to object the processing according with Article 21, paragraph 1 of the EU Data Protection Regulation, pending the verification whether the legitimate grounds of EMEA override your legitimate grounds as data subject;

g. to object processing of your Personal Data and the processing activities performed on the basis of automated decisions, including profiling.

2. You can exercise the above rights by contacting the EMEA Lead Data Protection Manager, as provided and at the email address set out in the below clause 9 of this Data Privacy Notice.

3. EMEA informs you that you have also the right to lodge a complaint with a supervisory authority, if the legal conditions are met.

9.- CONTACTS

1. You are encouraged to contact the EMEA Lead Data Protection Manager, duly appointed by EMEA, at the following email address [email protected], in case:

1. You wish to exercise any rights as specified in the above clauses and/or set forth in any applicable laws, or

2. You have questions, comments and requests regarding this Data Privacy Notice, or

3. You would simply like to get guidance or assistance on compliance-related matters.

10.- INTERPRETATION

1. Unless otherwise provided herein, and where applicable, any term used under this Data Privacy Notice shall have the same meaning given to them in the EU Data Protection Regulation.

London, September 25th 2019