Information on the processing of personal data[art. 13 e 14 Reg. (EU) 2016/679 e D.Lgs. 101 date 10/08/2018]Regulation (EU) n. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
In compliance with the principle of transparency provided for by Regulation (EU) no. 2016/679 (hereinafter “Regulations”), we wish to inform you, as an interested party, that the processing of personal data concerning you is carried out in compliance with the conditions set out below.
Data controller and contact data
Purpose of data processing
The data you provide will be processed in accordance with the following purposes:
- executing pre-contractual obligations on the basis of the service requested;
- executing the contractual obligations on the basis of the service requested;
- inclusion in the company databases used for the management and monitoring of the contract;
- management of fiscal and accounting obligations;
- comply with Italian national laws or European Union legal obligations;
- pursue the legitimate interests of the Data Controller or third parties.
Categories of personal data
The personal data processed will be those provided by you, in writing or even verbally, for the purposes of carrying out the tasks described under “Purpose of data processing”.
Address of personal data
The personal data collected may be communicated, within the limits strictly relevant to the obligations, tasks and purposes indicated above, to the following subjects or categories of subjects:
- professionals (both natural persons and legal entities) to whom the Data Controller should entrust tasks for the performance of certain activities (i.e. accountants, consultants, collaborators) or the resolution of disputes (i.e. lawyers);
- parties in relation to which the current regulations provide for the reporting obligation in compliance with the provisions of the tax and accounting regulations;
- credit institutions, insurance companies;
- supervisory bodies, judicial authorities;
- public administrations.
The Data Controller undertakes to entrust the data exclusively to persons who, through technological connotation, experience, ability and reliability, provide a suitable guarantee of full compliance with the Regulations, with particular regard to data security and respect for the fundamental freedoms of the data subject. The list of Data Processors provided by you will be made available to you upon request to the Data Controller. Your personal data will not be disseminated. Furthermore, your data may be made accessible to persons (employees and collaborators) specifically authorized and trained by the Data Controller.
Period of conservation of personal data
All data will be kept for the time necessary for the fulfillment of any obligations, including fiscal or accounting, related or arising from the specific service required, pursuant to art. 5, paragraph 1, letter e) of the Rules.
Right of the interested party
We inform you that you have the right to request the Data Controller:
- access to their data (Article 15 of the Rules);
- data rectification (Article 16);
- cancellation of data (Article 17);
- the limitation of treatment (Article 18).
He also has the right:
- to oppose the processing of data (Article 21);
- data portability (Article 20).
Finally, please note that you have the right to complain to the supervisory authority if you believe there has been a violation of your data and have the right to revoke the consent given at any time, without prejudice to the lawfulness of the processing carried out before the revocation. You may exercise your rights at any time by contacting the Data Controller or writing an email to the addresses indicated in point 1.
Method of data processing
The processing of personal data concerning you will be carried out according to the principles of lawfulness, correctness and transparency, to protect your privacy and your rights. The Data Controller also undertakes to process your data in compliance with the principle of “minimization”, i.e. by acquiring and processing data limited to what is necessary with respect to the stated purposes. These data will be stored on computer media, on paper and on any other type of appropriate support, in compliance with the Regulations, so as to guarantee a level of security appropriate to the risk of processing (Article 32 of the Rules).
In relation to the purposes set out in points 2.1, 2.2 and 2.3, processing may be carried out without your consent as necessary for the execution of a contract of which you are a part or to carry out pre-contractual measures. In relation to the purposes set out in 2.4, 2.5, processing may be carried out without your consent as necessary to fulfill a legal obligation. In relation to the purposes referred to in point 2.6, the processing may be carried out without your consent as necessary for the pursuit of the legitimate interest of the owner or third parties, provided this does not override your rights and fundamental freedoms. The provision of data is mandatory for the achievement of all the purposes referred to in paragraph 2 and any refusal to provide data could make it impossible for the holder to execute the contract.