Object of the processing.
The Owner treats personal data, identification (in particular, name, surname, tax code, VAT number, email address, telephone number – hereafter, “personal data” or even “data”) you have provided during the signing of this information.
Purpose of the processing
Your personal data are processed:
A. without your express consent pursuant to art. 6 letters b), e) GDPR 2016/679, for the following purposes:
- to fulfil the obligations established by law, by community legislation, by a regulation or by an order of the Authority;
- Execution of the contract you have signed.
Nature of the data
The conferment of your personal data referred to in point 2 lett. A is mandatory, therefore, any refusal could result in a failure and / or in a partial execution of the contract and / or continuation of the relationship.
Modalities of the processing
The processing of your personal data is carried out by the operations indicated in the art. 4, n. 2 GDPR 2016/679 and more precisely: collection and registration, organization, conservation, consultation, cancellation and destruction of data. The processing of your data will be based on the principles of correctness, lawfulness and transparency and can also be carried out through automated procedures designed to store, manage and transmit them and will take place through appropriate tools, as far as reason and state of the art, to ensure safety and confidentiality through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination. Your personal data are subjected to both paper and electronic processing.
Data retention period
The Data Controller will process personal data for the time necessary to fulfil the aforementioned purposes and in any case for the performance of the contract. After this deadline, the data will be destroyed or made anonymous.
The personal data processed by the Data Controller will not be disclosed, or will not be disclosed to indeterminate subjects, in any possible form, including that of their availability or simple consultation. Instead, they may be communicated to workers working for the Data Controller and to some individuals who work with them. Finally, it may be communicated to the persons entitled to access it by virtue of legal requirements, regulations and community regulations.
In particular, based on the roles and tasks performed, some workers have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given to them by the Owner. The access to the data and / or the portability request will be fulfilled within the maximum term of 30 days, except for impediments and / or complexity in the execution. For the release of further copies of the personal data being processed, a fee will be charged based on the administrative costs incurred.
Recipients of the data
Even without your express consent pursuant to art. ex art. 6 lett. b) – c) and art. 13 lett. e) GDPR 679/2016, the Data Controller may communicate your data for the purposes indicated to Supervisory Bodies, Judicial Authorities, as well as to all other subjects, to whom communication is mandatory by law. As well as your data can be transmitted to:
- External Agents;
- Subsidiaries and associates;
- Banks and credit institutions;
- Provider of service;
- Data transfer
The management and storage of personal data will be carried out on servers located within the European Union belonging to the Owner and / or to third-party companies commissioned and duly appointed as Data Processors. Currently the servers are located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, where necessary, will have the right to move the server location to Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions.
- Rights of the interested party
As an interested party, You are the owner of the rights referred to in art. 15 and ss. of the GDPR 2016/679 and precisely the right:
- to request the data controller, to have access to personal data (article 15), i.e. confirmation of whether or not the processing of your personal data is being processed and, in this case, have access to the data;
- to demand, to the data controller, a correction (article 16), that is to obtain the correction and / or integration of the incorrect personal data concerning you;
- to ask the data controller to delete them (art. 17) or to obtain the cancellation of data concerning them without undue delay;
- to ask the data controller to limit the processing that concerns it (Article 18), i.e to obtain a confirmation that the processing of your personal data is limited to what is necessary for the storage purpose;
- to have the data portability (article 20) that is to obtain, in a structured common and legible format, your personal data;
- to object to their processing (article 21) or, at any time, to oppose, for any reason connected with your particular situation, the processing of your data;
- rights concerning the automated decision-making processes (article 22), i.e the right not to be subjected to a decision based uniquely on automated data processing without your explicit consent.
- to cancel (Article 17), i.e. the right to obtain, in the cases provided for by the Regulations, the cancellation of Your personal data; Furthermore, at any time, you may revoke the consent on which the treatment carried out is based, on the achievement of the consent to the processing;
- to lodge a complaint with the Supervisory Authority (Article 77), i.e the right to appeal to the Authority in the event that it considers that the treatment concerning you is infringing the Regulation;
- Data breach and notification to the Privacy Guarantor and / or communication
of the violation to the interested party
In case of violation of personal data – to be understood as a breach of security that involves accidentally or in an unlawful manner the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed – in which the risk for the rights and freedoms of persons is to be considered probable and / or high, the Data Controller will notify the Privacy Guarantor without delay and in any case no later than 72 hours, giving a description of the nature of the data breach, including the number of data subjects and the categories of data concerned. The name and address of the DPO will also be indicated.
Procedure for the exercise of any right
You may exercise, at any time, the above rights by sending:
- a registered letter to: MANNI GROUP S.p.A., via Righi n.7, 37135 – Verona (IT)
- e-mail: firstname.lastname@example.org