CUSTOMER INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF EU REGULATION NO. 2016/679
Pursuant to current legislation on the protection of personal data (privacy), the S.I.G.T. S.p.A. VAT No. 07254940633 with registered office in Naples via Galileo Ferraris, 40 as Data Controller (hereinafter, also “Data Controller”), wishes to provide information regarding the processing of personal data.
1) Categories of data object of the treatment
The personal data provided by the Customer belong to the category of common data, consisting mainly of identification data, and do not include sensitive, health, genetic, biometric, judicial data, or data as per art. 9 and 10 of EU Regulation n / 2016/679, since the processing of these last categories of data is not necessary for the purposes pursued by the Data Controller.
The data may include the customer’s bank details, including the IBAN code, if this is necessary for the purpose of providing the requested service.
Both when the contract is signed and / or at the pre-contractual stage and during the execution of the contract, only the personal data necessary for pursuing and legitimate purposes will be requested and processed, with respect to which the treatment will always be relevant and never excessive.
2) Source from which personal data originate
The personal data object of the treatment are collected, mainly, at the Customer’s premises by employees and collaborators of the appointed Data Controller.
Personal data may also be collected at the offices of the owner, at third parties specifically authorized by the customer, or may be sent electronically by the customer to the owner.
3) Purpose of the processing
Customer’s personal data may be processed:
- a) For the provision in favor of the Customer of the services object of the contract and the fulfillment of the relative obligations as well as for the execution of specific pre-contractual measures requested by the Customer;
- b) For the fulfillment of the obligations established by the law and by community regulations;
4) Consequences of the failure to provide personal data and their consent for the purposes referred to in Article 3) letter a) and b)
The provision by the Customer of the personal data requested at the time of signing the contract or in the course of execution of the relationship, as well as consent to the related processing, while being remitted to the exclusive and autonomous will of the Customer, are mandatory to allow Owner to pursue the purposes referred to in Article 3 letter a) of the information.
Therefore, in the absence of the conferment of the aforementioned data and consent to the related processing, or even in case of refusal to the processing of the same, the owner can not perform pre-contractual activities possibly desired by the customer, can not enter into the contract with the customer or fulfill to the obligations arising from the contract already stipulated and, moreover, the Customer could incur contractual responsibilities towards the Owner.
The provision of these data is also mandatory to allow the Owner to fulfill specific obligations under the law and Community regulations, which may involve the processing of personal data of the user.
5) Legal basis of the processing
The legal basis of the processing of data for the purposes referred to in letter a) of Article 3, consists of the fulfillment of contractual obligations arising from the signing of the contract, or in the implementation of pre-contractual measures taken at the request of the customer, as well as in Customer consent.
The legal basis of the processing of personal data relating to the purposes referred to in Article 3 letter b) consists in the fulfillment of obligations imposed by law or by community regulations.
6) Processing methods
The personal data provided by the Customer will be processed at the premises of the Owner, or in other places where the parties involved in the processing operate, using electronic and / or mechanical and analogical methods for the time strictly necessary to achieve the purposes for which they were collected and in any case not exceeding the limits indicated in art. 12, in full compliance with the purposes indicated in article 3, and, in any case, in compliance with the current regulations on privacy.
Specific security measures are observed to prevent data loss, illicit or incorrect use of the same and unauthorized access.
7) Communications of personal data for the fulfillment of contractual or pre-contractual obligations or legal obligations
In compliance with current privacy legislation, your personal data may be disclosed to third parties to whom communication is necessary for the purposes of pursuing the purposes referred to in Article 3 letters a) and b), without the need to acquire separate consent.
Pursuant to Article 13 letter e) of EU Regulation no. 2016/679, it is specified that such personal data of the Customer may be made aware of the following categories of subjects:
- Employees and collaborators of the appointed Holder appointed for processing and specifically instructed pursuant to Article 29 of the EU Regulation n. 2016/679;
- Subjects appointed as Data Processors;
- Public offices with which the Data Controller is called to interact for the fulfillment of the contractual obligations assumed towards the Customer;
- Public authority or any other third party if required by law.
8) Communications of personal data for the pursuit of promotional purposes and marketing in a broad sense
The Customer’s personal data will not be disclosed to third parties for promotional or marketing purposes in a broad sense, will not be subject to the diffusion of non-EU transfers and / or to international organizations.
9) Further communications of personal data
For the sole purpose of satisfying the legitimate interest of the Data Controller to protect their rights, the personal data of the user may be communicated, without the consent of the latter, to individuals and companies that perform legal, tax and administrative consultancy activities. tributary or defense and technical assistance, both judicial and extrajudicial, which will act as autonomous Data Controllers.
Outside of these hypotheses, the Customer’s personal data will not be published or further disseminated.
10) Dissemination and transfer of personal data to non-EU countries or to international organizations
The Data Controller will not disclose the Client’s personal data and will not transfer them outside the EU or towards international organizations.
11) Period of retention of personal data
Considering that the warranty provided by the civil law, with reference to the works contract and, consequently, to the continuous and periodic service provision, is 2 years from the delivery of the work or from the provision of the service, the personal data provided by the interested for the purposes referred to in Article 3 letter a) will be retained by the Data Controller for a period not exceeding 2 years from the termination of the contractual relationship, unless prior request for cancellation by the party concerned.
In any case, the terms of five or ten years of conservation of the documents and related data will be respected for the fulfillment of the civil, accounting and tax obligations prescribed by the current legislation, as well as for the legal protection of the rights of the owner.
12) Rights of the interested party
Pursuant to articles 13, co.2, letters b) and d), 15,18,19,21 of EU Regulation n / 2016/679, it is made known to the interested party that he may at any time exercise, directly addressing the Data Controller, the rights referred to in articles From 15 to 23 of the aforementioned EU Regulation.
In particular, the interested party can exercise:
- The right to have access to personal data and to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and communication in an intelligible form of the same data, as well as the right to data portability (ie the right to receive the personal data provided, in a structured format, commonly used and readable by automatic device);
- The indication of their origin, of the purposes and methods of processing, as well as, in the event that the processing is carried out using electronic means, of the logic on which the treatment is based; an indication of the identity of the Data Controller and of any responsible parties;
- The indication of the subjects and categories of subjects to whom the personal data may be communicated or who may come to know as managers or agents;
- Updating, rectification or, if interested, integration of data;
- The cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
- To object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection; to oppose the processing of personal data concerning him for the purposes of commercial information or the sending of advertising or direct sales material or for carrying out market research or commercial communication;
- To obtain the correction and / or cancellation of the same and / or the limitation of the treatment that concerns him;
- To withdraw consent to the processing, if the treatment is based solely on their consent;
- To propose a complaint to the supervisory authority that is represented in Italy by the Privacy Guarantor based in Rome, piazza Monte Citorio n.121 cap 00186.
13) Use of automated decision-making processes, including profiling
The Data Controller will not subject the user’s personal data to automated decision-making processes, including profiling. To find out more, read our cookies law
14) Data Controller – Data Processor – Data Protection Manager
For the exercise of the rights referred to in articles from 15 to 23 of EU Regulation n / 2016/679, the Customer may contact the Data Controller at any time, whose identification details are indicated: S.I.G.T. S.p.A. Naples, via Galileo Ferraris, 40 mail: firstname.lastname@example.org ”
At the indicated location of the Data Controller, you can find the updated list of appointed processors.