CIRCULAR EX ART 13 OF EU REGULATION 2016/679
Pursuant to Legislative Decree n. 196/2003 and EU Regulation 2016/679 on “General Regulation on Data Protection” (“Regulation 2016/679 / EU”), Studio Paserio (hereinafter “the Firm”), as Data Controller, is required to provide information on the use of personal data of the subjects concerned.
This information also refers to the processing carried out by the parties who perform, on behalf of the Firm, the technical and organizational tasks described in paragraph 1.
- Purposes and methods of treatment. Nature of the provision of data.
The personal data held by the Firm are provided directly by the person to whom the personal data refer (“Interested”). Personal data may also be acquired by the Firm in the exercise of its business or by third parties (e.g. banks and other financial intermediaries, partners, etc.).
Personal data are processed within the normal activity of the Firm for the following purposes:
- Purposes strictly connected and instrumental to the management of relations with the Firm’s Clients and of the professional activity that the Firm carries out for their benefit in fulfilment of the obligations deriving from the professional mandate. In particular, purely by way of example and not exhaustive and without excluding other activities required:
- for the stipulation and execution of the agreement concerning the services offered by the Firm, i.e. for purposes strictly connected and instrumental to the completion of the necessary pre-agreement activities (creditworthiness and solvency verification), to the management of the contractual relationship (administrative and accounting activities, customer assistance, complaints management, credit recovery), the provision of services, from time to time, required;
- for the protection of the Firm’s corporate assets and the defence of their rights on the basis of legitimate interest
The provision of personal data necessary for these purposes is not mandatory, but the refusal to provide them may involve – in relation to the relationship between the data and the service requested – the impossibility of the Firm to provide the service itself. Their treatment does not require the consent of the interested party;
- execution and fulfilment of obligations imposed by laws, regulations or Community legislation
- execution and fulfilment of obligations imposed by anti-money laundering legislation
The provision of personal data necessary for these purposes is mandatory and the related processing does not require the consent of the interested party;
- other purposes functional to the activity of the Firm such as:
- commercial and marketing purposes, with specific consent, by sending promotional and advertising material relating to products or services similar to those covered by the service;
- dissemination purposes, with specific consent, by sending professional and training refresher newsletters
- purposes of interaction via chat on the site
- for profiling purposes, to allow the processing and completion of studies and statistical and market research, to allow the creation/definition of a profile, to analyse the tastes, preferences, habits, needs and/or consumption choices of the interested in offering products and services more in line with their needs, as well as promotions and discounts
The provision of data necessary for the purposes referred to in the previous letter c) it is not mandatory, and their treatment requires the consent of the interested party.
In relation to the purposes described, the processing of personal data takes place through manual processing or electronic or otherwise automated, according to logic strictly related to the purposes themselves and in any way to ensure the confidentiality, integrity and availability of personal data.
For some services, the Firm avails itself of companies of its own trust which, as Data Processors, perform tasks of a technical or organizational nature, such as: the provision of printing services, enveloping, transmission, transport and sorting of communications; the provision of IT services relating to the provision, development and maintenance of software and hardware systems necessary or in any case functional to the performance of the services provided by the Firm, the measurement of customer satisfaction or needs; banking and financial brokerage; accounting activity.
- Categories of data processed.
In relation to the purposes described in paragraph 1 above, the Firm and the other parties that perform, on behalf of or in favour thereof, the tasks described in paragraph 1 above, process personal data relating to:
- personal data and identification (name, surname, date and place of birth, tax code, VAT number);
- the address of residence, the telephone number and the e-mail address;
- the bank account details for the relative debit;
- for companies, personal data of the legal representative/attorney
- in general, any other data and information necessary for the conclusion and execution of the contract.
During the treatments, the Firm can learn about personal data that the art. 9 of the aforementioned Regulation defines as “particular”, as suitable to reveal, for example, a state of health, membership in a political party or a trade union, religious beliefs, etc. In any case, these data are relevant and not exceeding the assigned positions, which will be kept for the period set by the law, in any case not exceeding the period strictly necessary for the fulfilment of the tasks.
- Categories of subjects to whom the data may be communicated or who may become aware of it as responsible or authorized to process.
For the pursuit of the purposes described in paragraph 1, the Firm needs to communicate the personal data of the Interested parties to third parties belonging to the following categories:
- To all the bodies of the Financial Administration and of social security and welfare organizations, if necessary, also during inspections or audits;
- To the Public Security Authority, in the cases provided for by law;
- To other bodies (e.g. judicial authorities, INPS, INAIL, Territorial Labour Inspectorate, Tax Offices, ASL, Enasarco, Chamber of Commerce, Employment Center, Funds or even private pension and assistance funds, Bilateral Bodies, Entrepreneurial Organizations to which the company adheres) on the basis of specific requests or for specific compliance with the law or regulations and / or national agreements;
- To lawyers, accountants, companies or credit recovery agencies or for any actions related to the recovery itself;
- To banks or credit institutions and institutions for insurance, financial intermediation, banking and similar purposes, as part of the financial management of the Firm.
The recipients of the communications described in this statement operate in complete autonomy, as separate data controllers, or, in some cases, have been appointed by the Firm as data controllers. Their list, constantly updated, is available at the Firm.
It is also specified that the personal data in question will be disclosed only if it is necessary for the purposes of prevention, assessment or repression of crimes, in compliance with the rules governing the matter.
Some categories of persons, as authorized for processing, can access the personal data of the interested subjects for the purpose of fulfilling the duties assigned to them. In particular, the Firm has designated, as authorized to process the data of the subjects concerned, the employees of the same Firm, including the system administrators, for the purpose of fulfilling the tasks assigned to them, the temporary work contractors used by the Firm, interns, practitioners, collaborators or other self-employed workers.
Personal data may also be disclosed during the execution of the tasks assigned to them, including those designated by the Firm as Data Processors. The identity of the data processors designated by the Studio can be known in the manner indicated in the following paragraph 11.
- Data transfer abroad
Normally the data provided by the interested party to the Firm are not transferred outside the European Union. In some specific circumstances and for purposes related to the verification of creditworthiness and financial soundness, some data may be transferred to third countries.
In this case, the Studio ensures that the recipient, acting as data controller, complies with the provisions of the GDPR, including the rules specifically for the transfer of personal data to third countries. In particular, it ensures that such transfers are made on the basis of an adequacy decision or the signing by the manager of contractual clauses of data protection type approved by the European Commission.
The actual transfer of personal data to third countries and the related additional information can be requested by contacting the Firm at the addresses indicated in paragraph 11 below.
- Privacy Notice Website
Following the consultation of this site personal data may be processed.
- Navigation data
The computer systems and software procedures used to operate this website record, during their normal operation, some personal data whose acquisition takes place automatically and inevitably, if the Internet communication protocols are used. These are data that, although they are not found for the specific purpose of identifying the respective interested parties, they could, due to their own characteristics, be associated with third-party databases and thus allow the identification of users. For example, this category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good order, error, etc.) and other parameters related to the operating system and the computer environment of the user. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Portal and to check its correct functioning and are deleted immediately after processing.
It should be noted that the data could be used to ascertain responsibility in the event of any IT crimes to the detriment of the Portal, in accordance with the procedures in force at the competent Authorities.
- Data provided voluntarily by the user
For constant interpretation, the e-mail addresses and the information contained in the messages are personal data. The optional, explicit and voluntary sending of e-mails to the addresses indicated on the various pages of this Website for:
- Appointment request
- Contact request
- Sending applications
- Subscribe to the newsletter
- Proposition of questions
- Chat interaction
involves the subsequent acquisition of the sender’s address by the respective recipient, necessary to respond to requests, as well as other personal data included in the message. In particular, the e-mail addresses of these users will not be extracted and used to communicate information on the services provided by the structure, unless this is the very reason for the message sent by the user.
It is necessary to clarify that the treatments carried out through the different pages of the Site will only concern common data: we therefore invite the user not to send data suitable to reveal the racial and ethnic origin, religious, philosophical or other beliefs, the political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political and trade union nature, as well as personal data capable of revealing the state of health and sexual life or information that can be qualified as “sensitive data” under art. 4, paragraph 1, letter d) of the Privacy Code. Otherwise the corresponding message will be immediately destroyed.
- Automatic data collection mechanisms
In this site cookies are used, for more details click here.
- Terms of retention of personal data.
Personal data will be processed for the entire duration of the contractual relationships established, and also subsequently, for the fulfilment of all legal obligations and in any case for a period not exceeding 10 years from the termination of the contractual relationship or beyond in the cases expressly requested by the law.
The personal data processed for the purposes of Marketing, Newsletter and Profiling, will be processed by the Firm until the revocation of the consent given by the interested party, and subsequently kept for a period not exceeding 3 years.
- Rights of the interested party referred to in articles 15 and ss. of the EU 2016/679 Regulation
It is hereby announced that the legislation on the protection of personal data confers on the interested parties the possibility to exercise specific rights. In particular, each interested party has:
- the right of access, expressly provided for by art. 15 of Regulation 2016/679, i.e. the ability to access all personal information concerning him;
- the right of rectification, expressly provided for by art. 16 of Regulation 2016/679, i.e. the possibility of obtaining the updating of inaccurate personal data concerning him without justified delay;
- the right to be forgotten, expressly provided for by art. 17 of Regulation 2016/679, consisting of the right to cancel personal data concerning the individual concerned;
- the right to limit processing when one of the hypotheses provided for by art. 18 of the 2016/679 Regulations;
- the right to data portability, expressly provided for by art. 20 of Regulation 2016/679, i.e. the right to obtain, in an interoperable format, your personal data and/or the right to have your personal data transmitted to another data controller without impediment by this Company, where this right is applicable;
- the right of withdrawal of consent at any time, expressly provided for by art. 7 of the 2016/679 Regulations;
- the right to lodge a complaint with the competent Supervisory Authority (for Italy, Garante Privacy, http://www.garanteprivacy.it), if it considers that the processing of personal data is contrary to the law in force;
- the right to bring a judicial remedy in case of unlawful data processing, even against the actions taken by the Guarantor pursuant to Article 78 of the 2016/679 Regulation;
- the right to oppose at any time the processing for sending commercial communications and advertising or direct sales material, by sending an email to the address firstname.lastname@example.org expressly requesting the cancellation of their names from the advertising list.
The Firm will provide the data subject with information relating to one or more of the actions taken in the previous list without unjustified delay and, in any case, no later than one month after the request itself. This deadline may be extended by two months, taking into account the complexity and the number of requests, with consequent disclosure to the interested party of this extension and of the reasons for the delay, to be provided within one month from receipt of the request.
The exercise of the rights referred to in this article may be exercised by the interested party at the following email address: email@example.com
- Data Controller and Data Processors
The data controller is Studio Paserio based at: Via XXII Marzo 32, 21013 GALLARATE VA – Phone. 0331 775220 email firstname.lastname@example.org.
The requests relating to the exercise of the rights recognized by Regulation 2016/679 as the requests relating to the identity of the other Data Processors appointed by Studio Paserio as well as the requests referred to in paragraph 9 above may be sent in writing also by e-mail sent to email@example.com.
This notice is effective from 25 May 2018. Studio Paserio reserves the right to modify or simply update its content, in part or completely, also due to changes in the applicable legislation. The interested party is therefore invited to regularly visit this section to take cognizance of the most recent and updated version of the information in order to be always updated on the Personal Data collected and, on the use, that the Firm makes of it.