Copyright © 2023 - Powered by Roberta Staccioli
PURSUANT TO AND FOR THE PURPOSES OF ART. 13 GDPR 679/2016
In compliance with the provisions of GDPR 679/2016, we hereby inform you, as the "Data Subject," about the purpose of data collection and the methods of processing personal data relating to your Company/Person, which we have acquired directly from you, in order to allow us to carry out our activities appropriately and in accordance with current legal requirements.
We therefore provide you with the correct information regarding the processing of personal data, as specifically indicated below.
1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER (IF APPLICABLE: OF THE REPRESENTATIVE/INTERNAL MANAGER/DPO)
The Data Controller is Roberta Staccioli – Vicolo del Mandorlo 7, 56048 Volterra (PI) – VAT number: 02443100504 – email: info@robertastaccioli.com
2. PURPOSE OF THE PROCESSING
Without prejudice to compliance with obligations under laws, regulations, and EU regulations, the data collected will be processed by us for the following activities:
1. acquisition of pre-contractual/contractual information and fulfillment of obligations arising from one or more contracts;
2.administrative and accounting management of customers and suppliers, in particular:
•customer/supplier administration;
•management of the contractual relationship;
•billing;
•order management;
•receipts and payments;
•debt collection;
1. sending newsletters and/or material and/or advertising and promotional communications, related to products, services or events attributable to the activity of our company.
3.LEGAL BASIS OF PROCESSING
The legal basis for processing consists of the fulfillment of pre-contractual and/or contractual obligations.
With reference to the specific marketing purpose referred to in the previous art. 2 letter c., the legal basis for the processing is constituted by the specific consent given by you.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The personal data collected may be disclosed by us exclusively to the third parties listed below:
•accounting, tax, legal consultant;
•debt collection agencies, only where necessary;
•banking institutions;
•public bodies, judicial authorities, financial authorities and other institutions, if provided for by laws, regulations, or EU directives;
Personal data may also be accessed by personnel expressly appointed by the Data Controller, who may carry out data management operations in relation to the purposes indicated above.
The specific identification data of the aforementioned third parties may be known by you at any time through the exercise of your right of access, subject to any legal limitations in this regard.
5. INTENTION OF THE DATA CONTROLLER TO TRANSFER PERSONAL DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANIZATION
It is not the intention of the Data Controller to transfer the collected data to a third country or to an international organization.
6. PERIOD OF STORAGE OF COLLECTED PERSONAL DATA
The collected data will be stored as follows.
1.Data necessary for the purposes of the pre-contractual relationship: for the time strictly necessary for the possible completion of the contractual relationship and, in any case, for a period not exceeding one year from collection.
2.Data necessary for the execution of the contractual relationship: for the entire duration of the contractual relationship and any warranty obligations provided for by law and/or contract.
3. Accounting records, invoices and correspondence: ten years, as established by law.
4.Data necessary for credit recovery activities: until the completion of said activity.
5.Data necessary for the management of any litigation: until the resolution of the litigation itself.
6.Data necessary for marketing activities: for the duration of the contractual relationship, if in place, or, in the absence of a contractual relationship, for one year from the date of your expression of consent for processing for marketing purposes and, in any case, until any withdrawal of consent.
Any longer retention periods remain valid, in the event that they derive from legal, accounting and/or tax obligations.
After the retention period has elapsed, as described above, all data you have provided will be completely deleted.
7.RIGHTS OF THE DATA SUBJECT
GDPR 679/2016 recognizes certain rights to the Data Subject:
1. right of access to collected and processed data – art. 15;
2. right to obtain rectification of data – art. 16;
3. right to obtain the erasure of data and right to be forgotten – art. 17;
4. right to obtain restriction of processing – art. 18;
5. right to data portability to another controller – art. 20;
6. right to object to processing – art. 21;
7.right not to be subject to automated processing – art. 22;
8. right to withdraw consent at any time, without affecting the lawfulness of processing based on consent given before withdrawal – art. 7;
9. right to lodge a complaint with the Supervisory Authority – art. 77;
10. right to lodge a judicial appeal against the supervisory authority (art. 78) and against the Data Controller or Processor (art. 79).
To exercise the rights referred to in points a) to h), it is necessary to contact the Data Controller.
8.NATURE OF THE PROVISION
The provision of personal data by the Data Subject, although not mandatory, is necessary for achieving the purposes indicated above. Failure to provide the data makes it impossible to execute the legal relationship underlying the processing.
It is the responsibility of the Data Subject to promptly notify the Data Controller of any changes concerning the personal data provided.
9.AUTOMATED DECISION-MAKING PROCESSES INCLUDING PROFILING
The data provided will not be subject to processing by automated decision-making processes, including profiling.
10.METHODS OF PROCESSING
The data provided will be processed by us in accordance with the provisions of GDPR 679/2016 and according to the following methods:
1.access to data and archives allowed only to those Appointed/authorized for processing;
2. protection of data and areas through appropriate measures that are systematically monitored;
3.data collection through direct contact with the Data Subject;
4. registration and processing both through IT supports and through files and paper supports;
5. organization of archives mainly in digital form, but also on paper;
6.verifications and data modifications following any request from the customer/supplier.
7.
11.COMPLAINT TO THE SUPERVISORY AUTHORITY
The Data Subject has the right to lodge a complaint with the Supervisory Authority if they believe that the processing concerning them violates GDPR 679/2016.
The relevant authority is the Data Protection Authority
http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524
Copyright © 2023 - Powered by Roberta Staccioli