Emm&mmE Informatica, based in Lastra a Signa (Florence) on Via Matteotti 26/1 Tax ID 04577140488, email email@example.com - PEC firstname.lastname@example.org (later "Owner") as the data controller pursuant to art. 13 Legislative Decree 196/03 (Privacy Code) and subsequent amendments as well as art. 13 EU Regulation N°. 679/2016 (GDPR) informs that your data will be processed for the following purposes and in the following ways:
- Subject of the processing: The Owner processes personal, identifying and non-particular (sensitive) data, including but not limited to: name, surname, company name, address, telephone, e-mail, bank details and all contact details also of the contact person in charge of commercial relations (later "personal data") voluntarily communicated in the context of the contractual relationship and/or in the pre-contractual negotiations carried out for the purpose of perfecting the same.
- Legal basis of the processing: The Owner processes personal data related to the user in case there is one of the following conditions:
- the user have given consent for one or more specific purposes;
- processing is necessary for the performance of a contract with the user and/or for the execution of pre-contractual measures;
- processing is necessary to fulfill a legal obligation to which the Owner is subject;
- Purpose of processing: A) Without your consent, the Company may process the common personal data voluntarily communicated by the customer for the pre-contractual purposes (e.g. to formulate and/or respond to requests relating to the services offered, to evaluate the opportunity and risk of the conclusion of the deal, etc.), for the conclusion of the contract, for the execution of the same and for any ancillary activity, including accounting and tax, as well as to make communications regarding contractual relationships and, where appropriate, for the protection of its rights in the appropriate and competent locations. The Company may also process your personal data for the purpose of consulting public registers or in any case public databases and free access. The legal basis of the processing for these purposes is art. 6.1.(b) of the Regulation.
B) The Company may also process your personal data in order to comply with obligations arising from laws, regulations, Community legislation and to prevent and detect abuses and fraud in the use of the site, thus allowing the Data Controller to protect himself in court. The legal basis of the processing for this purpose is art. 6.1.(c) Rules of Procedure.
- Processing ways: The processing of personal data is carried out by means of the following operations: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Personal data are digitally processed. The processing of data will take place to ensure continuous security and confidentiality. In accordance with European regulations and national data protection laws, the Data Controller has put in place specific procedures aimed at preventing unauthorized access to data, their improper or illegal use, as well as preventing the destruction or even accidental loss of the data. Personal data will be processed by staff (employees and collaborators) within the Owner's company authorized for this purpose as data controller, as part of the performance of the assigned work tasks, and possibly by external subjects as necessary and /or instrumental for the execution of the above-mentioned purposes (such as third-party technical service providers, tax consultants, accountants, lawyers, administrative, couriers, hosting providers, IT companies) also appointed, if necessary, Data Controllers. The updated list of Managers can always be requested from the Data Controller.
- Duration of processing: The data are processed and stored for the time required by the purposes for which they were collected. Therefore, the personal data collected for purposes related to the execution of the contract between the Data Controller and the customer will be kept until the execution of this contract is completed or for the different period provided for by law, including tax law, as well as for the protection in any location (e.g. conciliation bodies, judicial authorities, etc.) of the Rights of the Data Controller related to the contractual relationship. The data processed in compliance with a legal obligation will be kept for the time imposed by the law itself, while those processed to prevent abuse and fraud will be kept for as long as necessary for the aforementioned purpose and in any case for the time suitable for judicial protection.
- Security: The Data Controller has taken appropriate security measures to protect your data against the risk of loss, abuse or alteration. In particular, it adopted the measures referred to in Articles 2 and 3 of the Directive. 32-34 Privacy Code and art. 32 GDPR. The processing will be carried out with the use of the appropriate security measures to minimize the risk of unauthorized access to data by third parties, their destruction and/or deterioration, and to guarantee your confidentiality, pursuant to art. 32 of the GDPR.
- Access to data: Your data may be made accessible to:
- employees and collaborators of the Owner, in their capacity as internal data controllers and/or managers and/or system administrators;
- companies or other parties (as specified in point 4 of this policy).
- Data communication: Without your expressed consent (ex art. 24 lit. a), b), c) Privacy Code and art. 6 lett. b) and c) GDPR), the Owner may communicate your data for the purposes referred in art. 3.C) to supervisory bodies, judicial authorities and all other subjects to whom communication is mandatory by law. Your data will not be disclosed.
- Nature of data provision and consequences of refusal to reply: For the purposes referred to in point 3.A) the provision of data is optional, but necessary, and failure to provide may make it impossible to conclude and/or execute the contract.
- Your rights: Without your expressed consent (ex art. 24 lit. a), b), c) Privacy Code and art. 6 lett. b) and c) GDPR), the Owner may communicate your data for the purposes referred in art. 3.C) to supervisory bodies, judicial authorities and all other subjects to whom communication is mandatory by law. Your data will not be disclosed.
- How to exercise your rights: You may exercise these rights at any time by sending:
- a registered letter to Emm&mmE Informatica SRL, Via Matteotti 26/1 - 50055 – Lastra a Signa (FI)
- an email to the address: email@example.com
- a certified email to: firstname.lastname@example.org
- Owner, manager and those in charge: The Owner is Emm&mmE Informatica SRL with registered office in Lastra a Signa (Florence) on Via Matteotti 26/1 (e-mail: email@example.com - PEC: firstname.lastname@example.org)
The updated list of managers and those in charge is kept on the Owner's premises.
- Place of processing: The data will be processed by the Owner at his registered office.
- Data transfer: The Owner does not transfer personal data to the non-UE countries or International Organizations.
- Changes to this policy: This policy may be subject to changes in content. The Owner will inform you of such changes that will become effective upon receipt.