on the processing of personal data
Articles 12 et seq. of Regulation (EU) 2016/679 (GDPR)
Subject: information on the processing of personal data pursuant to articles 12 et seq. of Regulation (EU) 2016/679
Introduction – Regulation (EU) 2016/679 (“General Data Protection Regulation”), hereinafter GDPR) provides for the protection of individuals with regard to the processing of personal data. According to this legislation, the processing of personal data referring to a subject, specifically to be defined as “interested”, is based on principles of correctness, lawfulness and transparency, as well as protection of the privacy and rights of the interested party.
This is to inform you, in compliance with the aforementioned rule, that in relation to the relationship or relationship you have with our structure, as a Customer, our organization is in possession of some data relating to you, which have been acquired, even verbally, directly or through third parties who carry out operations that concern you or that, to comply with your request, they collect and provide us with information.
According to the GDPR, since such data is information about you must qualify as “personal data”, and must therefore benefit from the protection provided by these provisions. Specifically, according to this legislation, you are the interested party who benefits from the rights placed to protect your personal data.
Pursuant to art. 12 et seq. GDPR, our structure, as Data Controller, will process the personal data provided by you in compliance with the law, with the utmost care, implementing effective management procedures and processes to ensure the protection of the processing of your personal data. To this end, the writer, using material and management procedures to safeguard the data collected, undertakes to protect the information communicated, so as to avoid unauthorized access or disclosure, as well as to maintain the accuracy of the data and also to guarantee the appropriate use of the same.
In accordance with this premise, the following information is provided:
Personal data collected – The writer, as Data Controller, uses your personal data to operate at best in the exercise of its activity.
The following data may be requested, even partially:
- personaldata, taxcode, VATnumber, name, registered office, residence and domicile and contact details;
- data relating to the contractual relationship describing the type of contract, as well as information relating to its execution and necessary for the fulfillment of the contract it self;
- accounting data relating to the economic report, the sums due and payments, their periodic trend, the summary of the accounting statement of the relationship;
- data to make the relationship with our structure more defined and our collaboration and operational efficiency more effective.
Retention times of your data – The data collected will be kept for the entire duration of the relationship or collaboration with our organization and for 10 years from the date of termination of the relationship. If during the contractual relationship data not related to the administrative and accounting obligations connected to it are processed, such data will be kept for the time necessary to achieve the purpose for which they were collected and then deleted. The retention times of such data will be communicated to you when such data will be collected with specific information.
Mandatory or optional nature of the provision of data and consequences of any refusal – The writer must be provided with the essential data for the performance of the contractual relationship, as well as the data necessary to fulfill obligations under laws, regulations, community regulations, or by provisions of Authority legitimated by law and by supervisory and control bodies.
Data that is not essential for the performance of the contractual relationship must be qualified and considered additional information and their provision, if requested, is optional. Your refusal to provide such data, however, will determine less efficiency of our structure in carrying out relations with third parties.
In the event that “sensitive data or whose processing presents specific risks” are essential for the performance of the relationship or for the fulfillment of specific services as well as legal obligations, the provision of such data will be mandatory and since their processing is allowed only with the prior written consent of the interested party (pursuant to articles 9 and 10 GDPR), You must also consent to their processing.
Processing methods – Pursuant to and for the purposes of Articles. 12 et seq. of the GDPR, we wish to inform you that the personal data you communicate to us will be recorded, processed and stored in our paper and electronic archives, in compliance with the appropriate technical and organizational measures pursuant to art. 32 of the GDPR. The processing of your personal data may consist of any operation or set of operations among those indicated in art. 4, paragraph 1, point 2 of the GDPR.
The processing of personal data will take place through the use of tools and procedures suitable to guarantee security and confidentiality and may be carried out, directly and / or through delegated third parties, either manually using paper or using IT or electronic tools. The data, for the purpose of the correct management of the relationship and the fulfillment of legal obligations, may be included in the internal documentation of the Data Controller and if necessary also in the records and registers required by law.
Activities that may be outsourced – The Data Controller, in carrying out its activity, may occasionally request other operators to perform certain services on its behalf, such as processing services or other services; services necessary for the execution of the operations or services requested; shipments and deliveries; accounting records; administrative activities. If the operator delegated by the Data Controller to carry out certain activities is a company that performs payment, tax collection and treasury services, banking and financial intermediation, the following services could be carried out: massive processing related to payments, bills, checks and other securities; transmission, enveloping, transport and sorting of communications; archiving of documentation, detection of financial risks; fraud control; Debt. The above operators will only be provided with information necessary for the provision of the commissioned services and will be required to respect confidentiality, prohibiting the use of the data provided for a purpose other than that agreed. Operators who are not our persons in charge of processing personal data will be appointed as Data Processors of personal data (pursuant to Article 28 GDPR) and will process the data within the limits strictly necessary to provide the commissioned service and exclusively for this purpose and will guarantee themselves that their representatives have signed a confidentiality agreement. For anything not indicated herein, these subjects must provide specific information on the processing of personal data carried out by them.
Transfer of personal data abroad – The data you provide will be processed only in Italy. If during the contractual relationship your data are processed in a non-EU state, the rights attributed to you by EU legislation will be guaranteed and you will be promptly notified.
Purpose of the processing for which the personal data are intended – The main purpose of the processing of your personal data that the writer intends to carry out is to allow a regular establishment and / or evolution, as well as a correct administration of the relationship specified in the introduction.
In particular, the purposes of the processing are as follows:
- Administrative-accounting and in particular:
- Fulfillment of tax or accounting obligations;
- Customer management (customer administration; administration of contracts, orders, shipments and invoices; reliability and solvency control);
- Litigation management (breach of contract; warnings; transactions; debt collection; arbitration; litigation);
- Internal control services (safety, productivity, quality of services, integrity of assets).
Personal data will be processed for the fulfillment of legal obligations, as well as to fulfill administrative, insurance and tax obligations provided for by current legislation and also to satisfy accounting and commercial purposes, or to be able to regularly fulfill contractual and legal obligations deriving from the legal relationship with the interested party.
Scope of knowledge of your data – The following categories of persons appointed as managers or persons in charge of processing by the writer may become aware of your data:
– Employees or collaborators in general employed by protocol offices and internal secretariat;
– Persons in charge of surveying and providing services and maintenance and assistance to the services provided to you;
– Incaricati di rilevazioni e prestazioni di servizi e alla manutenzione e assistenza ai servizi a Lei forniti;
– Accounting and invoicing staff;
– Service marketers;
– Offices, services and peripheral offices;
– External staff for the enveloping of correspondence;
– Consultants appointed for advice, assistance or services to our structure;
– Managers and directors;
– Members of Control Bodies;
– Our agents, representatives and distributors.
Personal data can also be known by subjects affiliated with the writer, indicated in the paragraph entitled “Processing methods”. The writer may delegate to these subjects the execution of certain obligations or the performance of acts due for the execution of the relationship with the interested party.
Communication and dissemination – Your data may be communicated, meaning by this term to give knowledge to one or more specific subjects, by the writer outside the company to implement all the necessary legal and / or contractual obligations. In particular, your data may be communicated to:
a) any parent companies, subsidiaries and associates.
b) Public Bodies or Offices or supervisory authorities according to legal and / or contractual obligations; obligations;
c) Banking institutions and / or credit institutions for the management of payments deriving from the contractual relationship.
Your data may becommunicated by the writer:
– to subjects who can access the data by virtue of the provision of law, regulation or community legislation, within the limits established by these rules;
– to subjects who need to access your data for purposes ancillary to the relationship between you and us, within the limits strictly necessary to carry out auxiliary tasks ( credit institutions and shippers are mentioned as an indication);
– to our consultants and / or professionals, within the limits necessary to carry out their duties at our or their organization, subject to our appointment as a manager who imposes the duty of confidentiality and security.
In any case, your data will not be communicated except to operators for the execution of acts concerning the fulfillment of relations that may occur with the interested parties to whom the data refer.
Dissemination – The writer will not indiscriminately disseminate your data, or in other words, will not give knowledge to indeterminate subjects, even by making available or consulting.
Trust and confidentiality – The writer considers valuable the trust shown by the interested parties who have consented to the processing of their personal data and for this reason undertakes not to sell, rent or rent personal information to others.
Rights referred to in articles 15 et seq. GDPR – Pursuant to art. 15 GDPR you have the right to obtain confirmation of the existence or not of a processing of personal data concerning you, even if not yet registered. The exercise of rights is subject to the verification of the identity of the interested party, by delivery of the identity document, which will not be kept by the writer, but only consulted for the purpose of verifying the legitimacy of the request.
You have the right to access personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
d) where possible, the envisaged retention period of personal data or, if not possible, the criteria used to determine this period;
e) where the data are not collected from the data subject, all available information on their origin;
f) the existence of automated decision-making, including profiling referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic used, as well as the importance and envisaged consequences of such processing for the data subject.
If the data are transferred to a third country or to an international organization, you have the right to be informed about the existence of adequate guarantees pursuant to art. 46 of the GDPR.
You have the right to ask the data controller to rectify or delete, even partially, personal data or limit the processing of personal data concerning you or to object, in whole or in part, to their processing.
Pursuant to art. 2-undicies of Legislative Decree no. 196/2003 the exercise of your rights may be delayed, limited or excluded, with reasoned communication and made without delay, unless the communication may compromise the purpose of the limitation, for the time and to the extent that this constitutes a necessary and proportionate measure, taking into account the fundamental rights and legitimate interests of the interested party, in order to safeguard the interests referred to in paragraph 1, letters a) (interests protected in the field of money laundering), , e) (to carry out defensive investigations or to exercise a right in court) and f) (to the confidentiality of the identity of the employee who reports wrongdoing of which he has become aware by reason of his office). In such cases, your rights can also be exercised through the Guarantor in the manner referred to in Article 160 of the same Decree. In this case, the Guarantor will inform you that it has carried out all the necessary checks or that it has carried out a review as well as your right to lodge a judicial appeal.
To exercise these rights, you can contact our “Data Controller of personal data” at email@example.com or by calling the number 3394664884 or by sending a PEC to the firstname.lastname@example.org address. The Data Controller will reply within 30 days of receipt of your formal request.
We remind you that in case of violation of your personal data you can lodge a complaint with the competent authority: “Guarantor for the protection of personal data”.
Identifiers of the Data Controller and, if appointed, of the Representative in the territory of the State and of the Data Protection Officer.
Data Controller – The Data Controller is MAC&NIL srl, with registered office in via L. Pasteur, 26 – 70024 Gravina in Puglia (BA) – VAT 05607900726 – Tel. 0802464245 – Fax 0802145683 – Email email@example.com – PEC firstname.lastname@example.org
Data Processors – The role of Data Processors are external companies with which a contractual relationship has been established and which need to receive your personal data to fulfill these agreements. To know the Data Processors if they were appointed and to know the persons who will be appointed in the future for this function, each interested party may send a letter of request to the Data Controller of personal data, to the address above. It is intended to specify that the already mentioned Managers do not deal with processing requests to exercise the rights of the interested parties referred to in Articles. 15 et seq. of the GDPR. This activity is carried out exclusively by the writer as Data Controller.
Representative established in the territory of the State – We inform you that, our organization pursuant to art. 4 paragraph 1 point 17 GDPR since no circumstances provided for by the already mentioned Regulation occur, which requires such appointment, has not appointed any Representative established in the territory of the State for the purpose of applying the discipline on the processing of personal data.
Processing without the need for the consent of the interested party – It should be noted that the writer, even in the absence of your consent, will be entitled to process your personal data if this is necessary for:
– fulfill an obligation established by law, by a regulation or by community legislation.
– perform obligations deriving from a contract of which you are a party or to fulfill, before the conclusion of the contract, your specific requests.
Furthermore, your express consent is not required when the processing:
1) concerns data from public registers, lists, deeds or documents that can be known by anyone, without prejudice to the limits and methods that laws, regulations or Community legislation establish for the knowledge and publicity of data or data relating to the performance of economic activities, processed in compliance with current legislation on business and industrial secrecy;
2) it is necessary for the protection of the life or physical integrity of a third party (in this case, the owner is required to bring the data subject to the attention of the processing of personal data through the information even after the processing itself, but without delay. In this case, therefore, consent is expressed following the presentation of the information);
3) with the exception of dissemination, it is necessary for the purposes of carrying out the defensive investigations referred to in Law no. 397 of 7 December 2000, or, in any case, to assert or defend a right in court, provided that the data are processed exclusively for these purposes and for the period strictly necessary for their pursuit, in compliance with current legislation on business and industrial secrecy;
4) with the exclusion of dissemination, it is necessary, in cases identified by the Guarantor on the basis of the principles established by law, to pursue a legitimate interest of the owner or a third recipient of the data, also with reference to the activity of banking groups and subsidiaries or associated companies, if the fundamental rights and freedoms, dignity or legitimate interest of the interested party do not prevail.