INFORMATION FOR THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13-14 GDPR
Data Controller: the Data Controller, pursuant to the Law, is Bogaro & Clemente di Clemente Vittorio & C sas, via Grado 70 34074 Monfalcone (GO) Italy.
The Data Controller for the purposes of the EU Reg. 2016/679 hereinafter referred to as 'GDPR', hereby informs you that the aforementioned legislation provides for the protection of data subjects with respect to the processing of personal data and that this treatment will be based on principles of correctness , lawfulness, transparency and protection of your privacy and your rights. Your personal data will be processed in accordance with the legislative provisions of the aforementioned legislation and the confidentiality obligations therein.
1. Purpose of the Treatment
As part of the business, identification data are processed such as name and surname, tax code, address, telephone, e-mail, bank and payment reference, for the following purposes related to the implementation of obligations related to legislative or contractual obligations:
1. fulfill the contractual obligations related to the assignment;
2. fulfill the obligations established by laws or regulations, by European Union legislation, by requests from the judicial authorities;
3. fulfillment of legal obligations in the tax and accounting field;
The legal basis that legitimizes the processing of the data referred to in point 1 is the execution of the contract of which the interested party is a party; for points 2 and 3 the legal basis is represented by the fulfillment of legal or regulatory obligations.
The Data Controller also informs that any non-communication, or incorrect communication, of one of the mandatory information, may cause the inability of the Data Controller to guarantee the adequacy of the treatment itself.
2. Method of treatment
Personal data may be processed in the following ways:
- treatment by electronic means;
- manual treatment by means of paper archives.
- the treatment is not performed through automated procedures.
Each treatment takes place in compliance with the methods referred to in articles 6, 32 of the GDPR and through the adoption of the appropriate security measures provided. The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the service purpose relationship.
3. Access to data
The data will be communicated exclusively to competent and duly appointed and authorized subjects for the performance of the services necessary for a correct management of the existing relationship with a guarantee of protection of the rights of the interested party.
If data processing is necessary for the purposes indicated above, the personal data of the interested party may be communicated to third parties duly appointed as Data Processors or "autonomous" Data Controllers, in particular:
- professionals, companies, associations or professional offices that provide the Owner with assistance or advice for administrative, accounting and tax or logistical purposes;
- by all public institutions established by law and more generally by all the bodies required by current legislation as recipients of mandatory communications;
- by banks or credit institutions for collections and payments, as well as by any professionals for the management of payments by credit cards or POS;
4. Disclosure of data
Without the need for an express consent pursuant to art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 1.) to Supervisory Bodies, Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law for the fulfillment of said purposes. These subjects will process the data in their capacity as independent data controllers.
5. Transfer of data to a third country or international organizations:
As part of the management of the contractual relationship, there is no transfer of data to non-EU third countries. Electronic data are not transferred to third countries with respect to the EU with the exception of any direct communications between the Data Controller and the interested party and any paper documents that may travel with exported goods.
6. Data retention
Personal data are stored on servers located within the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures as of now that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission.
7. Nature of the provision of data and consequences of refusing to respond
The provision of data for the purposes referred to in art. 2 is mandatory; in the absence, the Service of art. 2.
8. Rights of the interested party
Right of the interested party: The interested party in relation to the treatments described above in this information has the rights referred to in Articles 7, 15, 16, 17, 18, 19, 20, 21, 22 and 77 of the GDPR and, in particular:
- right of access: right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered and, in this case, to obtain access to such personal data, including a copy of the same;
- right of rectification: right to obtain, without undue delay, the rectification of inaccurate personal data concerning the interested party and / or the integration of incomplete personal data;
- right to limit the processing: right to obtain the limitation of the processing when: the interested party disputes the accuracy of personal data, for the period necessary for the Data Controller to verify the accuracy of such data; the processing is illegal and the interested party opposes the deletion of the data and only asks that its use be limited; personal data are necessary for the interested party to ascertain, exercise or defend a right in court; the interested party opposed the treatment pursuant to art. 21 GDPR, in the waiting period of the verification regarding the possible prevalence of legitimate reasons of the Data Controller compared to those of the interested party;
- right to cancellation (so-called right to be forgotten): cancellation, transformation into anonymous form;
- right to data portability: right to obtain, in an intelligible format, the personal data concerning the interested party provided to the Data Controller and the right to transmit such data to another Data Controller, if the treatment is based on consent and is carried out with automated means. It is also the right to obtain that the personal data of the supplier are transmitted directly to another Data Controller if this is technically feasible and does not entail burdens and expenses for the Data Controller;
- right to object: right to object to the processing of personal data concerning the interested party based on the condition of lawfulness of the legitimate interest or of the execution of a task in the public interest or of the exercise of public powers, including profiling unless there are legitimate reasons for the Data Controller to continue the processing that prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court. Right to also object to the processing of personal data concerning him for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication.
- right of revocation: right to revoke the consent given to the processing of your data at any time. This revocation does not affect the validity of the treatment already given on the basis of the consent already expressed and then revoked;
The interested party has the right to obtain the indication: of the origin of the personal data; the purposes and methods of treatment; the logic applied in case of treatment carried out with the aid of electronic instruments; of the identification details of the owner, of those responsible and authorized to process data in compliance with the principles referred to in Article 5, paragraph 2.
The customer can exercise his rights by sending a registered letter with return receipt. or an email to the Data Controller.
The exercise of rights by the customer is free of charge pursuant to art. 12 GDPR. However, if the request is unfounded or excessive, the Data Controller may charge the customer a reasonable contribution to expenses, in light of the administrative costs incurred to manage his request, or deny the satisfaction of his request.