Information on the processing of personal data pursuant to art. 13 of EU Regulation 2016/679 and national legislation on the protection of personal data
The current legislation on the processing of personal data defined in accordance with the provisions contained in D.Lgs. n. 196/2003 (hereinafter, the “Privacy Code”) and in EU Regulation 679/2016 on the protection of individuals with regard to the processing of personal data, as well as the free movement of such data (hereinafter, the “EU Regulation”) contains provisions to ensure that the processing of personal data is carried out in compliance with the fundamental rights and freedoms of natural persons, in particular with regard to the right to the protection of personal data.
Personal data concept
The term personal data, in accordance with EU regulation 679/2016 art. 4, means: “information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
Some personal data are part of the sub-category of Cds. Sensitive data, pursuant to the Privacy Code, or special categories of personal data, pursuant to art. 9, paragraph 1 of the EU regulation, as suitable to reveal: “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.”
The same art. 9 EU Regulation to paragraph 2, lett. b), authorizes the processing of data of a particular nature if it is necessary to fulfil the obligations imposed on the employer and to exercise the specific rights of the Data Controller or the data subject in the field of labour law, in so far as it is authorised by Union or Member State law or by a collective agreement, where there are appropriate safeguards for the fundamental rights and interests of the data subject.
The processing of personal data is understood pursuant to art. 4, n. 2 EU Regulation any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or set of personal data, such as collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
Personal data processing primary purpose
The data will be processed, manually and/ or with the support of computer or telematic means, for the following purposes.
The personal data requested at the time of filling in the “contact form” present on the website of the Company will be processed exclusively with the purpose of for the purpose of allowing visitors to the site to contact the Company in order to obtain information on the products offered and/ or a quote.
The personal data processed will be exclusively the common data strictly necessary and relevant (name, surname and e-mail address) for the primary purposes mentioned above.
The data that will be entered voluntarily through the form will be transformed into an e-mail that can be viewed and possibly stored only within the system of receiving e-mail used by the recipient.
This personal data will not be recorded on other media and/ or devices and will not be recorded for purposes other than those indicated above.
The processing and analysis of personal data by means of fully automated decision-making procedures and without the supervision of an operator is excluded.
The processing of data for the pursuit of the aforementioned primary purpose is based on the consent expressed by the interested party when filling out the form made available by the Company on its website.
The provision by the interested party of the identification data requested in the “contact form” is optional, however, failure to collect personal data determines the impossibility for the Company to process the request for information contained in the message sent voluntarily and spontaneously by the interested party.
Communication and dissemination of personal data for the pursuit of the primary purposes of processing
Personal data are collected directly from the data subject.
The personal data collected for the pursuit of the primary purposes may be communicated to the employees, specifically authorized and in charge of the processing of data, the internal functions of the Company as well as to the Data Processors appointed by the Data Controller.
Personal data will not be disclosed.
Communications made in compliance with an obligation under Community law, regulation or legislation shall remain unaffected in this respect.
The updated list of Data Processors and Data Processors is contained in Annex F “Privacy Organization Chart” of the Internal Privacy Regulations, available for consultation by making a request to the Data Controller at the following e-mail address firstname.lastname@example.org.
Duration of treatment
The personal data processed for the above purposes will be kept for the period strictly necessary to fulfill the request contained in the message sent by the interested party.
Right to withdraw consent
Pursuant to art. 7 EU Regulation, if the purpose of the processing has as its legal basis consent, the data subject has the right to revoke at any time the consent provided, by sending an e-mail to the following address email@example.com , the processing carried out prior to such withdrawal must be considered lawful.
Method of treatment
Personal data may be processed both by paper and electronic means in any case after adoption of security measures identified in the Internal Privacy Regulation available upon written request to the Data Controller, aimed in particular at preventing and minimising the risk of destruction, loss, modification and unauthorised disclosure or of accidental or illegal access to the data processed.
Transfer of data outside the European Economic Area
The personal data of the data subject will not be transferred to third countries.
The Company guarantees that the security and confidentiality of the personal data of the data subject will be protected by appropriate protection measures, according to the provisions of the EU Regulation and the applicable national legislation, in order to reduce the risks of destruction and loss -even accidental- data, unauthorized access or processing not allowed or not in accordance with the purposes of the collection.
Exercise of rights by the data subject
Pursuant to Articles 13, paragraph 2, lett. b) and d), 15, 18, 19, 20 and 21 of the EU Regulation, the interested party is informed that:
- has the right to ask the Company as data controller for access to, rectification or erasure of personal data or restriction of processing concerning it or to object to their processing in the cases provided for;
- any rectification or cancellation or restriction of processing carried out at the request of the data subject -unless this proves impossible or involves a disproportionate effort-will be communicated by the Company to each of the recipients to whom the personal data were transmitted. The Company may inform the interested party of such recipients if the interested party so requests;
- has the right to lodge a complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority www.garanteprivacy.it;
- has the right to receive in a structured format, of common use and machine-readable personal data concerning him or her provided to a controller and he or she has the right to transmit such data to another controller without hindrance by the controller to which he or she has provided them if the conditions set out in art. 20, paragraph 1, EU Regulation or:
- the processing of data is based on the consent of the interested party pursuant to art. 6, paragraph 1, lett. a) or art. 9, paragraph 2, lett. a), or on a contract pursuant to Art. 6, paragraph 1, lett. b); and
- the processing is carried out by automated means.
The exercise of these rights is not subject to any form of constraint and is free of charge.
To exercise the aforementioned rights, the data subject may contact the Data Controller using the following addresses: firstname.lastname@example.org .
The full text of the EU Regulation can be found at the following link: https://eur-lex.europa.eu/legal-content/IT/TXT/HTML/?uri=CELEX:32016R0679&from=IT.