hereby to inform you about collection, processing and use of your agents / employees / collaborators personal data in accordance with European Data Policy Regulation 2016/679. If we do store or transfer data outside of the European Union, you will be promptly informed. Once terms of storage required by applicable law are due, (e.g. for tax or other legal purposes), you are entitled to ask to erase your data from our databases. This Policy applies to our use of any and all data collected by us and provided by you or your agents / employees / collaborators.
Data Controller shall collect no sensitive and identification personal data (such as name, surname, social security number, VAT number, mail address, telephone number - hereinafter referred to as “Personal Data” or “Data”) reported in phase of contractual or working time.
2. Scope of Data Collection
Personal data are processed:
A. without your express consent (art. 24 lett. a, b, c Data Policy Law and art. 6 lett. b, GDPR), for the following purposes:
· To meet our commercial, pre-agreement and agreement obligations;
· to enter into and properly perform our contract and related services, following correct business and professional standards;
· to meet law obligations; if it is necessary on reasonable request by a law enforcement or legal authorities, regulatory authority, or European policy;
· to promptly inform your agents if administrative or operative needs are required;
· in defence of Data Controller’s rights, for example in defence of legal claims.
B. only with your express and specific consent (art. 23 and art. 130 Data Policy Law and art. 7 GDPR), for the following purposes:
· disclosures of your data to third parties explicitly stated (e.g. workplaces access data, personal information, picture, etc.)
3. Data Management
Personal Data processing is carried out through the operations mentioned to in art. 4 Data Policy Law and in art. 4 no. 2 GDPR and more specifically: collection, registration, organisation, storage, consulting, processing, rectification, selection, extraction, comparison, use, interconnection, interdiction, communication, erasure and destruction of data. We may handle your Personal Data both in paper and electronic or automated format.
The data controller shall process and store the personal data only for the period necessary to achieve the purpose of storage but within a maximum of 5 years from the end of our partnership and all tax and administrative obligations are met.
4. Disclosures to Third Parties
We may share your personal data for any purpose referring to in art. 2.A) and 2.B) with:
· Data Controller’s employees and partners if access to the data is necessary for performance of their roles.
· Contractors or service providers that process data on its behalf(e.g. organizational management, advertising agencies, IT specialists, database providers etc.).
· Third parties (e.g. Web Site management and maintenanceproviders, suppliers, credit unions, practices etc.) che svolgono attività anche in outsourcing per conto del Titolare, nella loro qualità di responsabili esterni del trattamento.
5. Disclosures to Legal Authorities
Even without any further or express consent from you (Data Policy Law ex art. 24 lett. a), b), d) and GDPR art. 6 lett. b) e c)), we may share your personal data for any purpose referring to in art. 2.A) to Supervisory Authority, Legal Authority and where we are complying with the requirements of legislation, a court order, or a governmental authority for any of the aforementioned purposes.
6.Transfers of Personal Data
We store and process your Personal Data in data centres located in EU, owned by the Data Controller and/or third companies appointed to processing the data. At present, database hosting are located around Italy and EU. We will not transfer your Personal Data outside of the European Union. When required, the Data Controller may move the data centres across Italy and/or EU and/or Extra-EU countries. Such transfers are undertaken in accordance with legal and regulatory obligations and appropriate safeguards under DP Law will be implemented, such as standard data protection clauses are observed.
7.Nature of data collection
The provision of your Personal Data for the purposes referred in to art. 2.A) is mandatory. If this information is not provided we may not be able to provide a service for you.
The provision of your Personal Data for the purposes referred in to art. 2.B) is elective. You are able to decide whether or not third parties are allowed to access and process your Personal Data, even if previously authorized.
8. Rights of the data subject
Under the GDPR (art. 15) and Data Policy Law (art. 7), you have a number of rights as mentioned below.
· You have the right to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed, even if not yet registered. You can obtain their communication in an intelligible form as well.
· You are entitled to ask and obtain the information on a) the source of your personal data, b) the purposes of processing, c) the categories of personal data concerned, d) the logic involved if the data have been carried out through electronic software, e) the Data Controller, the Data Protection Officers and their representative, f) the recipients or categories of recipients to whom the personal data have been or will be disclosed.
· You are entitled to ask and obtain: the update, the rectification or integration of personal data, b) the erasure, the transformation in anonymous form or the suspension of processing your personal data where the processing is unlawful or the personal data are no longer necessary in relation to the purposes for which they were collected; c) a declaration stating the operations referring to in letters a) and b) and their contents have been brought to the attention of whom personal data are transmitted or disclosed, with exception of such compliance if the cost of implementation is undue to the protected right.
· You have the right to object, in whole or in part, to processing your personal data based on a legitimate interests (for purposes mentioned on art. 2B).
Where applicable, according to Articles 16-21 of the GDPR, you also have the Right of Rectification, the Right to be forgotten, the Right of Restriction of Processing, the Right to Data Portability, the Right to Complain to a Supervisory Authority.
9. Exercise of your rights
At any time, you or your referees can exercise any of these rights, by sending:
- a registered letter against acknowledgement of receiptto S.S. Appia km 192,500 81052 - Pignataro Maggiore (CE)
- a certified mailto:firstname.lastname@example.org
10. Data controller and Data protection officers