Ultima modifica: 21/03/2023
Emm&mmE Informatica, based in Lastra a Signa (FI) in Via Matteotti 26/1 P.I. 04577140488 email firstname.lastname@example.org – certified email email@example.com (hereinafter “Data Controller”) as data controller pursuant to art. 13 D.Lgs. 196/03 (Privacy Code) and subsequent amendments as well as art. 13 EU Regulation no. 679/2016 (GDPR) informs that your data will be processed for the following purposes and in the following ways:
1. Object of the processing: The Data Controller processes personal data, identifying and not particular (sensitive), by way of example, but not limited to, name, surname, company name, address, telephone, e-mail, bank details and all contact details also of the contact person in charge of commercial relations (hereinafter “personal data”) voluntarily communicated in the context of the contractual relationship and / or in pre-contractual negotiations carried out for the purpose of completion Same.
. Legal basis of the processing: The Data Controller processes personal data relating to the user if one of the following conditions exists:
- the user has given consent for one or more specific purposes;
- the processing is necessary for the execution of a contract with the user and / or the execution of pre-contractual measures;
- the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
- the processing is necessary for the pursuit of the legitimate interest of the Data Controller.
- Purpose of the processing: A) Without the user’s consent, the Company may process common personal data voluntarily communicated by the customer for pre-contractual purposes (e.g.: formulating and/or responding to requests relating to the services offered, assessing the opportunity and risk of concluding the deal, etc.), for the stipulation of the contract, for the execution of the same and for any ancillary activity, also accounting and tax, as well as to make communications regarding contractual relationships and, where appropriate, for the protection of their rights in the appropriate and competent forums. The Company may also process your personal data for the purpose of consulting public registers or in any case public databases and free access. The legal basis of the processing for these purposes is art. 6.1.(b) of the Regulation.
B1) With the optional consent of the user, the common data may be used, with subscription to the mailing list, in order to make communications through newsletters or promotional activities, to send promotional material and / or commercial and marketing communications relating to the Company’s services, at the addresses indicated, with traditional methods and / or means of contact (such as, paper mail, phone calls, etc.) or automated (such as internet communications, fax, e-mail, sms, etc.). The legal basis of the processing for this purpose is art. 6.1.(a) of the Regulation.
B2) Always with your consent, the personal data you provide may be processed using dedicated software that allows selective communications by product categories, by sector of activity and by territory with the exclusive purpose of providing you with personalized information on products and services, to send you commercial offers appropriate to your interests and in any case for the processing of statistics and commercial initiatives. The legal basis of the processing for this purpose is art. 6.1.(a) of the Regulation.
- C) The Company may also process the user’s personal data to fulfill obligations deriving from laws, regulations, community legislation and to prevent and detect abuses and fraud in the use of the site, thus allowing the Data Controller to protect itself in court. The legal basis of the processing for this purpose is art. 6.1.(c) Rules.
- Processing methods: The processing of personal data is conducted by means of the following operations: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and destruction of data.
Personal data are subjected to paper, automated and electronic processing.
The processing of data will take place in such a way as to guarantee continuous security and confidentiality.
In accordance with European regulations and national data protection laws, the Data Controller has put in place specific procedures aimed at preventing unauthorized access to data, their improper or illicit use, as well as preventing the destruction or loss, even accidental, of the data.
Personal data will be processed by personnel (employees and collaborators) within the company of the Data Controller authorized for this purpose as data processor, as part of the performance of the assigned work duties, and possibly by external parties as necessary and / or instrumental for the execution of the purposes indicated above (such as third-party technical service providers, tax consultants, accounting, legal, administrative, couriers, hosting providers, IT companies, communication agencies, platform providers for sending e-mails) also appointed, if necessary, Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.
- Duration of processing: The data are processed and stored for the time required by the purposes for which they were collected.
Therefore, the personal data collected for purposes related to the execution of the contract between the Data Controller and the customer will be kept until the execution of this contract is completed or for the different period provided for by law, including tax, as well as for the protection in any location (eg conciliation bodies, judicial authorities, etc.) of the rights of the Data Controller related to the contractual relationship.
When the processing is based on the consent of the customer, the Data Controller may keep the personal data until such consent is revoked and in any case for no more than five years from the acquisition, unless the Data Controller is obliged to keep the personal data for a longer period in compliance with a legal obligation or by order of an authority.
The data processed in fulfillment of a legal obligation will be kept for the time imposed by the law itself, while those processed to prevent abuse and fraud will be kept for the time necessary for the aforementioned purpose and in any case for the time suitable for judicial protection.
- Security: The Data Controller has adopted appropriate security measures to protect your data against the risk of loss, misuse, or alteration. In particular, it has adopted the measures referred to in Articles. 32-34 of the Privacy Code and art. 32 GDPR.
The processing will be conducted with the use of appropriate security measures to minimize the risk of unauthorized access to data by third parties, their destruction and / or deterioration, and to guarantee your confidentiality, pursuant to art. 32 of the GDPR.
- Access to data: Your data may be made accessible:
– to employees and collaborators of the Data Controller, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
– to third-party companies or other subjects (as specified in point 4 of this statement).
- Communication of data: Without your express consent (pursuant to Article 24 letter a), b), c) Privacy Code and art. 6 lett. b) and c) GDPR), the owner may communicate your data for the purposes referred to in art. 3.C) to supervisory bodies, judicial authorities and to all other subjects to whom communication is mandatory by law. Your data will not be disclosed.
- Nature of the provision of data and consequences of refusal to respond: The provision of data for the purposes referred to in art. 3.B1) and 3.B2) is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided. In this case, the data will not be processed for the purposes referred to in the same point 3.B1) and 3.B2) without any consequence for you. For the purposes referred to in point 3.A) the provision of data is optional, but necessary, and failure to provide it may make it impossible to conclude and / or execute the contract.
- Rights of the interested party: At any time the interested party has the right to exercise the rights referred to in articles 15 and following of the European regulation n. 679/2016 and precisely: the right to know if their personal data are being processed and therefore to know its content and origin, to verify its accuracy or request its integration, cancellation, limitation, updating, rectification, transformation into anonymous form or blocking, request a copy of their data or have them transferred to another holder (the user has the right to receive their data in a structured format, commonly used and readable by automatic device and, where technically feasible, to obtain the transfer without hindrance to another holder when the data are processed with automated tools and the processing is based on consent of the user, on a contract of which the user is a party or on contractual measures connected to it) as well as the right to oppose in any case, for legitimate reasons, to their processing and to lodge a complaint with the Guarantor for the Protection of Personal Data.
The consent given to the processing may be revoked at any time, causing the interruption of the processing, without however prejudice to the lawfulness of the processing based on the consent given before the revocation.
- How to exercise your rights: You may exercise the aforementioned rights at any time by sending:
– a registered letter with return receipt to Emm&mmE Informatica SRL, Via Matteotti 26/1 – 50055 – Lastra a Signa (FI)
– an e-mail to firstname.lastname@example.org
– a certified email to the address email@example.com
- Owner, manager, and agents
The data controller is Emm&mmE Informatica SRL with registered office in Lastra a Signa (FI) in Via Matteotti 26/1 (e-mail: firstname.lastname@example.org – certified email: email@example.com)
The updated list of data processors and persons in charge of processing is kept at the headquarters of the data controller.
- Place of processing
The data will be processed by the data controller at its registered office.
- Data transfer
The data controller does not transfer personal data to third countries with respect to the Union or International Organizations.
- Changes to this information
This information may be subject to changes in content. The Data Controller will inform you of such changes that will become effective upon receipt.
Ultima modifica: 21/03/2023