GDPR policy

BUNIQ and GDPR

General Data Protection Regulation for services offered by BUNIQ The European Regulation on the protection of personal data No. 679/2016 (GDPR) aims to modernize and harmonize the data protection strategy across all European Union countries. BUNIQ ensures its Clients and Users the correct application of the GDPR provisions for the services offered. It’s not only the need to comply with the standards of the new regulation but also our commitment to always ensure maximum transparency in data processing and protection. Below is an overview of the main measures that BUNIQ has adopted in compliance with the GDPR provisions.

How we protect data: physical protection

Data Security Our Clients’ and services’ data are stored in the ISO27001 certified Data Centers of our providers. The location of the facilities, mainly in Italy, provides Clients with additional protection regarding legislation on security and confidentiality of corporate data. The Data Centers are constantly monitored by highly qualified personnel. All Data Centers house the technological platforms for the provision of BUNIQ services.

Organizational Measures for Data Protection

Information, Appointments, and Data Protection
BUNIQ has implemented organizational measures aimed at better data protection, including appointments of individuals involved in processing and providing them with specific instructions. All information notices and contractual forms have been updated.

 

BUNIQ as Data Controller
BUNIQ acts as the Data Controller when determining the purposes and means of processing personal data. This includes scenarios where BUNIQ collects data for contractual management, service activation, billing, and technical support requests.

 

BUNIQ as Data Processor
BUNIQ acts as the Data Processor when processing personal data on behalf of a Data Controller. This occurs when a Client uses BUNIQ’s services and stores personal data of individuals on BUNIQ’s infrastructure. BUNIQ processes data hosted on behalf of Clients in compliance with current regulations.

 

Data Protection Officer
Due to its activities, BUNIQ is obliged to appoint a Data Protection Officer, and for this purpose, Mr. Daniele Nobile has been appointed. The contact for the Data Protection Officer is dpo@buniq.it. – PEC daniele.nobile@pecbg.it.

 

Employees
BUNIQ has appointed all employees and collaborators involved in data processing, providing them with necessary processing instructions. Additionally, to maintain adequate knowledge, internal training courses on personal data protection regulations are provided, constantly raising awareness among employees and collaborators on security and confidentiality of processed data.

 

Partners and Agents
BUNIQ’s network of Partner companies consists of ethical enterprises, founded on availability and transparency in their relationship with clients. Agents are professionals, trained and directly coordinated by BUNIQ, who assist Partners in promoting the sale of BUNIQ services within their Customer Base. The commercial collaboration between BUNIQ and its Partners and Agents involves the processing of client data by them, hence they are appointed as Data Processors (Article 28 of the GDPR) with all necessary instructions for correct processing.

 

Suppliers
BUNIQ relies on suppliers for the management and provision of certain services (or parts thereof) that require processing of client data. In such circumstances, suppliers are designated as Data Processors (Article 28 of the GDPR) and provided with necessary instructions for correct processing.

 

Business Processes
All business processes and the data and information management system are constantly updated and improved to consistently offer clients the highest levels of security. BUNIQ applies the principle of incorporating “Privacy by Design” starting from the design of a business process with its related supporting computer applications.

 

Data Transfers to Third Countries
BUNIQ does not transfer its clients’ data to third countries.

 

How to Protect Your Personal Data
Data subjects have the right, in certain cases, to obtain from the Data Controller access to personal data, as well as rectification or erasure of such data, restriction of processing, or objection to processing, and the right to data portability (Articles 15 and onwards of the Regulation). An appropriate request can be submitted to the Data Controller or the Data Protection Officer indicated above. For further information and to download the relevant form provided by the Italian Data Protection Authority, visit the website: https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali