PRIVACY NOTICE IN COMPLIANCE WITH ARTICLES 13-14 OF GDPR (GENERAL DATA PROTECTION REGULATION 2016/679)
As Data Controller (hereinafter Data Controller), we want to submit to you this Privacy notice in compliance with Articles 13 and 14 of GDPR 2016/679 to offer you detailed information on the collection and processing of Personal Data. Your Data will be processed with following modalities and for following purposes.
This privacy notice applies only to data related to natural persons and which form part of a filing system or are intended to form part of a filing system.
Don’t hesitate to contact us if you need further information or plain text explanation.
1. Data processing scope
The Data Controller will process Personal Data voluntary provided by you prior to entering into a contract and for the contract itself.
We will acquire further data from public archives only
2. Purpose of the Processing
2.1 Contractual purposes
The provided Data will be processed to meet contractual obligations deriving from commercial relationships.
The collected Data will be processed to request offers, to send orders, to provide requested services, to provide goods and to handle all related matters including payment of invoices.
Lawfulness of processing: performance of a contract [art. 6 c.1 lett.(b)].
2.2 Purpose of the Processing to meet legal obligations or EU regulations
The Data will also be handled to complete obligations provided by the law or by EU Regulations for civil, accounting and tax purposes.
For a.m. purposes, the provision of Data is necessary and a failure or a partial or incorrect provision will result in the impossibility for the Data Controller to process your requests and start or continue the business relationship with you.
Lawfulness of processing: compliance with a legal obligation [art. 6 c.1 lett.(c)].
2.3 Business Development
Data will be used to inform you about our new similar services that can be provided to our customers.
Lawfulness of processing: legitimate interests business developing [art. 6 c.1 lett.(f)]. For this purpose, the data subject has the right to object and stop the processing.
3. How we process data
Personal Data are processed whether or not by automated means, in any case in such a way as to ensure the security, integrity and confidentiality of the Data in compliance with organizational, physical and logical measures set forth by the applicable regulations.
All the personnel acting under the authority of the Data Controller will be appointed as authorised to process personal data.
4. Data Retention
The Data provided will be stored as long as it is required by the purpose they have been collected for (performance of the contract). Data will be stored for at least 10 years from the end of the commercial relationship.
5. Data Controller
The Data Controller is described in the header
6. Data Sharing
Communication and dissemination of Personal Data to fulfil the purposes of the processing
The Data Controller may disclose Personal Data to data processors or third parties, to whom the communication is necessary to meet legal requirements (By way of example and not of limitation: persons, companies or professional entities that provide assistance, advice or collaboration in accounting, administrative, legal, taxation, financial matters, and in management systems).
Moreover, Personal Data may be communicated to any other data controller or third party, when the communication is mandatory by law or to carry out activities set out in the Regulation.
Data will be shared with and will be processed by data processors:
a. accountant, Legal and Labour Consultants;
b. ICT consultants and providers;
c. management system consultants;
None of your Personal Data will be subject to diffusion.
7. Data transfer outside the EU
There is no Data transfer outside the EU.
In compliance with Articles 13, paragraph 2, subparagraphs (b) and (d), 15, 18, 19 and 21 of the Regulation, you shall be informed that you have the rights to:
a. access to your Data;
b. seek rectification or cancellation of your Data, or obtain restriction of the processing;
c. object to processing of your Data;
d. request the portability of your Data;
e. withdraw your consent, if applicable, without prejudicing the lawfulness of the processing, based on the consent given before the revocation;
f. lodge a complaint with the supervisory authority (DPA - Garante Privacy).
You can contact the Data Controller for the exercise of your rights
8. Data Protection Officer
The Data protection Officer (DPO) is Christian Bernieri and can be contacted via email at: DPO@PRIVACYBYDESIGN.IT
9. WHAT TO DO
It is not necessary to give acknowledgement
It is not necessary any consent.
Last update: May 25th, 2018