GDPR e politica
sulla protezione dei dati
In questa politica "LP MEDIA srl" indica uno o tutti i LP MEDIA srl; e "lavoratore" indica un dipendente LP MEDIA srl a tempo determinato o indeterminato o una persona che, pur non essendo dipendente di LP MEDIA srl, fornisce servizi a LP MEDIA srl come dipendente di un'agenzia o come consulente, e "cliente" indica un'entità che ha commissionato un programma di servizio con LP MEDIA srlsh & Co Limited.
introduzione
LP MEDIA srl detiene determinate informazioni su individui che sono definiti come Dati personali ai sensi del Regolamento generale sulla protezione dei dati ("GDPR"). LP MEDIA srl riconosce l'importanza del trattamento corretto e lecito dei Dati Personali. Ai fini del GDPR Act, il titolare del trattamento dei Dati Personali trattati da LP MEDIA srl può essere uno, più o tutti LP MEDIA srl.
Principi di protezione dei dati
LP MEDIA srl sostiene e aderisce pienamente ai principi del GDPR. Questi principi specificano le condizioni legali che devono essere soddisfatte in relazione all'ottenimento, trattamento, elaborazione, trasporto e conservazione dei Dati Personali. I lavoratori e tutti gli altri che ottengono, gestiscono, elaborano, trasportano e archiviano Dati personali per LP MEDIA srl devono aderire a questi principi. I principi sono i seguenti;
Legalità, correttezza e trasparenza
LP MEDIA srl informerà il soggetto quale trattamento dei dati verrà effettuato e lo scopo del trattamento. I dati che vengono elaborati devono corrispondere a come sono stati descritti. Il trattamento dei dati deve soddisfare il livello di conformità delineato nel GDPR.
Limiti di scopo
I dati personali saranno ottenuti solo per scopi determinati, espliciti e legittimi. I dati possono essere utilizzati solo per una specifica finalità di trattamento di cui l'interessato è venuto a conoscenza e nessun altro, senza ulteriore consenso.
Integrità e riservatezza
I dati dovrebbero essere trattati in modo da garantire un'adeguata sicurezza e riservatezza dei dati personali, compresa la protezione contro il trattamento illecito o la perdita, la distruzione o il danno accidentali.
Soddisfazione dei Principi
Al fine di soddisfare i requisiti dei principi, LP MEDIA srl:
-
Osservare integralmente e rivedere le condizioni relative al trattamento e al controllo dei dati personali.
-
Raccogliere ed elaborare dati personali appropriati solo nella misura necessaria per soddisfare requisiti operativi o legali.
-
Apply regular reviews to determine the length of time Personal Data is held and for what purpose.
-
Take the appropriate technical and organisational security measures to safeguard personal data.
-
Ensure that Personal Data is not transferred abroad without suitable safeguards.
-
Review and update our data-mapping to highlight data controllers and data processors.
-
Regularly review and update the documented processes to deal with data subject rights, this includes; individuals’ requests to access, amend or delete their personal data or object to data processing within the new timeframes.
-
Regularly review and update our data breach notification procedure to detect report and investigate a personal data breach.
-
Ensure our Data Protection Impact Assessment process is in line with GDPR.
-
Regularly review and update our compliance audits or reviews in order to identify and rectify issues.
Data protocol
LP MEDIA srl. enforces the following protocol which includes the implementation and maintenance of a comprehensive information security program that details administrative, technical, and physical safeguards to ensure the confidentiality, security, integrity, and availability of Confidential Information and Data and to protect against unauthorised access, use, disclosure, alteration or destruction of Confidential Information and Data. The Information Security Program shall include, but not be limited to, the following safeguards where appropriate:
(a) Access Controls – policies, procedures, and physical and technical controls: (i) to limit physical access to its information systems and the facility or facilities in which they are housed to properly authorised persons; (ii) to ensure that all members of its workforce who require access to Confidential Information or Data have appropriately controlled access, and to prevent those workforce members and others who should not have access from obtaining access; (iii) to authenticate and permit access only to authorised individuals and to prevent members of its workforce from providing Confidential Information or Data unauthorised individuals; and (iv) to encrypt and decrypt Confidential Information and Data where appropriate;
(b) Security Awareness and Training – a security awareness and training program for members of LP MEDIA srl workforce providing Services hereunder, which includes training on how to implement and comply with its Information Security Program;
(c) Security Incident Procedures – policies and procedures to detect, respond to, and otherwise address security incidents, including procedures to monitor systems and to detect actual and attempted attacks on or intrusions into Confidential Information or Data or information systems relating thereto, and procedures to identify and respond to suspected or known security incidents, mitigate harmful effects of security incidents, and document security incidents and their outcomes;
(d) Contingency Planning – policies and procedures for responding to an emergency or other occurrences (for example, fire, vandalism, system failure, and natural disaster) that damages
Confidential Information or Data (or systems containing Confidential Information or Data), including a data backup plan and a disaster recovery plan;
(e) Data Integrity – policies and procedures to ensure the confidentiality, integrity, and availability of Confidential Information and Data and protect it from disclosure, improper alteration, or destruction;
(f) Storage and Transmission Security – technical security measures to guard against unauthorised access to Confidential Information and Data that is being transmitted over an electronic communications network, which may include a mechanism to encrypt Confidential Information and Data in electronic form while in transit over public networks or systems to which unauthorised individuals may have access;
(g) Testing – Regular testing of the key controls, systems and procedures of the Information Security Program to ensure that they are properly implemented and effective in addressing the threats and risks identified. Tests should be conducted or reviewed in accordance with its internal policies and procedures by internal auditors, independent third parties or staff independent of those that develop or maintain the security programs.
Data processing and data control
For LP MEDIA srl
LP MEDIA srl may process and control data related to any business or other activity carried out by LP MEDIA srl, or deciding whether to accept any person as a customer or supplier, or for retaining records of purchases, sales or other transactions for the purpose of ensuring that the requisite payments and deliveries are made or services provided by LP MEDIA srl in respect of those transactions, or for the purpose of making financial or management forecasts to assist LP MEDIA srl in the conduct of any such business or activity.
For workers
LP MEDIA srl may act as “data processor” and data controller” disclosing workers’ personal information with organisations which provide administration and management services. In this scenario, LP MEDIA srl will only disclose workers’ information to LP MEDIA srl service providers and agents for these purposes.
LP MEDIA srl may disclose workers’ personal information to third parties in the event that LP MEDIA srl sells or buys any business or assets, in which case LP MEDIA srl may disclose workers’ Personal Data to the prospective seller or buyer of such business or assets. Or, if LP MEDIA srl is under a duty to disclose or share workers’ Personal Data in order to comply with any legal obligation.
For customers
LP MEDIA srl may act as “data processor” only on instructions from the customer as “data controller” in relation to the processing of “personal data” carried out on behalf of the customer and shall take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction.
Depending on the services that have been provided, LP MEDIA srl may process data such as name, email address, postal address, telephone number and financial details, where they received the data from when they received the data, and who they share the data with.
LP MEDIA srl may disclose customer data to third parties if the data is required to provide a service that has been requested and authorised by a customer for the provision of services. Or, if LP MEDIA srl is under a duty to disclose or share customer data in order to comply with any legal obligation.
Using data
The data we collect allows our business, our workers, and customers’ services to operate. Both custom and 3rd party components may be used as part of the services provided. These services may include communication, document sharing, support, payments, marketing, and analytics. In order to operate and provide a service to our customers we may use the following 3rd party software:
To provide a service
-
ActiveCampaign, MailChimp to send emails.
-
Google Analytics and Hotjar, to track user behaviour.
-
Dropbox For Business for file storage.
-
Sage Accounting, for accounting and billing.
-
PipeDrive, for Customer Relationship Management.
-
Google, for email, and contractual or planning information.
-
Skype, for internal communications.
-
Trello and Monday.com for project management.
We do not provide data to advertising agencies, or to other parties for similar, unconnected purposes.
Accessing data
GDPR gives all subjects including workers and customers the right to access information held about each of them. We have created a support line for all customers should they wish to access their personal data, requests can be made by contacting LP MEDIA srl on amministrazione@lpmedia.tv Requests will be subject to our vetting service to ensure that the request is legitimate. Once approved data will be supplied within 28 days of a request and supplied in a common format such as a CSV to allow for transit and accessibility. Any access request may be subject to a fee to meet LP MEDIA srl costs in providing a data subject/worker/customer with details of the information LP MEDIA srl holds about that data subject/worker/customer.
Processing jurisdiction
We use Wix.com and a number of component services and providers in order for some of our customer’s services to operate. The majority of our processing is carried out on servers that are located in the European Economic Area (EEA). At the request of a customer, we may use other carefully chosen suppliers and providers to perform other discrete tasks which may result in data being transferred outside of the EEA.
In handling data, we follow best practices which include:
-
Using encryption to communicate between users and ourselves.
-
Restricting and logging those who have access to the data we hold.
-
Not moving data from production to test environments.
Data security and monitoring
The need to ensure that data is kept securely means that precautions must be taken against physical loss or damage and that both access and disclosure must be restricted. All workers are responsible for ensuring that any Personal Data which they hold is kept securely; Personal data is not disclosed either orally or in writing or otherwise to any unauthorised third party.
Customers shall only access the Data in any way such that they cannot and do not see any other data hosted or managed by LP MEDIA srl to maintain the confidentiality of the data hosted or managed. LP MEDIA srl shall as soon as practicable inform the Customer of any notice or communication concerning data protection legal obligations received from any person (including any data subject or caller) or any regulatory authority concerning the provision of the
Service to the Customer and co-operate fully (at the Customer’s cost) with the Customer in relation to all relevant matters concerning data protection requirements in connection with the Service.
Both workers and customers must regularly check that any Personal Data that they provide to LP MEDIA srl is accurate and up to date, and inform LP MEDIA srl of any changes to information which they have provided, e.g. changes of address; If, as part of their responsibilities, LP MEDIA srl workers collect information about other people, they must comply with this Policy.
Retaining personal data
The data we process and control on behalf of our customers’ are retained for as long as it is required for a service to be provided, as the data allows our customers’ services to operate.
The data we collect on behalf of LP MEDIA srl is held to up to a maximum of six years from the date it was submitted. The data is reviewed on an annual basis and action taken should it be required. In order to operate and provide a service to our customers we may use the following 3rd party software:
For marketing purposes:
-
Pipedrive, for Customer Relationship Management.
-
ActiveCampaign and MailChimp, for newsletter services.
-
Google Analytics, for campaign tracking.
Last updated 1th luglio 2021