Dernamaria S.r.l - Via di Tizzano, 169 50012 Bagno a Ripoli, Firenze (below, “Controller”) as the Data Controller, informs that in accordance with article (Italian law) 13 D.Lgs. 30.6.2003 n. 196 (below, “Privacy Code”) and with article 13 EU Regulation n. 2016/679 (below, “GDPR”) your personal data will be processed according to the following modalities and for the following purposes:
- Type of data processing:
The Controller processes personal data, identifying and not sensitive (specifically name, last name, social security number, VAT registration number, email, telephone number - below “Personal Data” or “Data”) reported by you in the registration stage on the occasion of working relationships, contracts or other exchanges between you and the Controller.
2. Intended use of personal data:
Your personal data will be processed A) without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), with the following purpose of service: conclude contracts for the Controller services, comply the pre-contractual, contractual and fiscal obligations arising from relationships with you; comply with the obligations set out in the law, in a Regulation, in a Community legislation or in an Authority’s order (e.g. on the anty-money-laundering ‘AML’); exercise the right of the Controller, e.g. the right of defense in court.
- B) only with your prior distinct and separate consent (art. 23 e 130 Privacy Code and art. 7 GDPR) with the following Marketing purposes: send you by e-mail, mail and/or sms and/or telephone contact, newsletter, commercial communications, advertising material on products and services offered by the Controller and detection of the level of satisfaction for the services quality forms; send you by e-mail, mail and/or sms and/or telephone contact commercial communications and/or advertising material on third parties (e.g. business partners, insurance companies or other companies of the Group).
We note that, if You are already our customer, we may send you commercial communications on services and products of the Controller similar to those you already received, unless your disagreement. (art. 130 c. 4 Privacy Code)
3.Modalities of data processing
Your data are processed by means of the operations indicated in article 4 Privacy Code and in article 4 n. 2) GDPR and precisely: collection, registration, organization, retention, consultation, processing, alteration, selection, mining, comparison, use, interconnection, blocking, reporting, deletion, destruction of data.
Your data are processed both, with the paper and electronic and/or automated treatment.
The controller will process your data the time required to comply the above purposes and no later than 10 years after the termination of the contract for the service purposes and 2 years after the collection for Marketing purposes.
The legitimate interests pursued by the Controller in the data processing is to respect and perform the contractual obligations between the parties. Under Article 6 the lawfulness based on obviously expressed consent from the data subject, in written form.
Your data will be made accessible for the purpose at point 2.A) and 2.B):
-to employee and collaborators of the Controller or others Ermanno Scervino Group’s companies to which the Controller belongs, as employee in charge and/or internal processors and/or system administrators.
-to Ermanno Scervino Group’s companies to which the Controller belongs (e.g. for support activities in feasibility studies on projects for the customer, for project’s technical management activities, for data storage, etc.) or to third parties (e.g. web site operation and maintenance providers, suppliers, credit institutions, professional firms, etc.) whom pursue outsourcing activities for the Controller, as external Data Processors.
Without your express consent, (ex art. 24 lett. a), b), d) Privacy Code e art. 6 lett. b) e c) GDPR) , the Controller may report your data for the purposes at point 2.A) to Supervisory Authorities, Judicial Authorities, as well as to all the others to which the communication is mandated by law for the performance of the gave purposes. Your data will not be widespread.
The management and conservation of Your data will take place on servers hosted in the European Union, of the Controller and/or of third companies nominated and duly appointed as Data Processors. Your data will not be transferred outside the European Union. However is being understood that the Controller, when necessary, will have the right to change the servers hosting in Italy and/or in the EU and/or in extra-EU countries. In that case, the Controller ensures from now that the extra-EU data transfer, will take place in accordance with applicable requirements, by entering into, if necessary, agreements which ensure an adequate level of protection and/or by adopting the standard contract terms envisaged by the European Commission.
7.Data contribution in kind and consequences of a refusal to reply
It is mandatory to provide your data for the purposes at point 2.A). In absence on your data we will not be able to guarantee neither the registration on the web site nor the services at point 2.A).
It is optional instead, to provide your data for the purposes at point 2.B). You can decide to not provide your data or to deny subsequently the possibility to process already provided data: in that case, you will not receive newsletters, commercial communications advertising material on Services offered by the Controller. In any case, you will continue to have the right for Services as at point 2.A)
8. Rights of the data subject
In your capacity of Subject, you have the rights provided for in aricle 7 Privacy Code and art. 15 GDPR, and precisely the rights to:
- obtain confirmation as to whether or notdata relating to you are being processed, even if not stored yet, and their communication in an intelligible form;
- obtain indication a) of the data source; b) of the processing purposes and modalities; c) of the approach applied in case of processing by electronic means; d) of the contact details of the Controller, the processors and of the designated Representative as provided in article 5, comma 2 Privacy Code and art. 3, comma 1, GDPR; e) of the subjects or categories of subjects to which your data can be communicated or which may become aware of, as designated representative within the Nation’s territory, as officers or as appointed;
- obtain: a) updating, rectification and, when you have an interest to, integration of your data; b) the deletion, transformation in an anonymous form or blocking of data processing in breach of the law, Including those that do not require the storage for the purposes that the data were collected for or later processed; c) documentary evidence that operations at points a) and B) have been made aware, also regarding their content, the ones to whom data have been communicated or spread, except when this requirement proves to be impossible or requires disproportionate large measures of deployment compared to the protected right;
- oppose in full or in part a) for legitimate reasons the data processing of data regarding your person, although relevant to the collection purpose. b) your data processing for the purposes of sending you advertising material or of direct selling or of market research conduction or of commercial communication, by using automated calling systems without the intervention of an operator, by sending emails and/or by traditional marketing modalities by telephone or by mail.
Please note that the right to object of the subject, exposed to point b) to direct marketing purposes by using automated systems extends to the traditional ones and that it is and remains the possibility for the subject to exercise the right to object even partially. Therefore, the subject may decide to receive communications only by traditional modalities i.e. only automated communications or either of those types of communication.
If applicable, has also the rights as for articles 16-21 GDPR (Right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain with the Guarantor Authority.
9. Procedure for the exercise of your rights
You will at all times be able to exercise your rights by sending:
- a registered letter with “AOR” to Dernamaria S.r.l - Via di Tizzano, 169 50012 Bagno a Ripoli, Firenze
-an email to firstname.lastname@example.org
Without any prejudice to any other administrative or judicial review, we inform you that whether you believe that your data processing infringes this regulation, you have the right to lodge a complaint with the Supervisory Authority (Data Guarantor), particularly in the nation where you are habitually resident, work or in the nation where the alleged breach took place.
11. Controller, processor and officers
The processing Controller is Dernamaria S.r.l.
The updated list of processors and officers in charge is kept in the Controller’s venue.
12. Amendments to this disclosure
This informative report may be subject to amendments. Monitoring this informative report on a regular basis is therefore recommended, as well as referring to the latest version.