AMITEK Srl, in its role as Data Controller of Your personal data, for all intents and purposes of (EU) Regulation 2016/679 (hereinafter simply the “Regulation”), herewith informs You that the indicated legislation provides protecting the interested persons with respect to the processing of personal data, and that such processing be based on the principles of correctness, lawfulness, transparency and protecting Your confidentiality and Your rights.
In order to achieve its goals concerning managing relations, the Data Controller requires obtaining personal data such as, by way of example, name and surname, phone number or mobile number, email address, tax number or VAT registration number, etc.
Your personal data shall be processed according to the legal provisions of the above-indicated legislation and the obligations of confidentiality therein provided.
PURPOSE AND LEGAL BASIS FOR THE PROCESSING
Your data shall be processed in particular for the following purposes associated with implementing obligations related to legislative or contractual obligations:
- tax and accounting obligations by law (against issue of registered receipts/invoices); legal basis: legal obligation;
- managing suppliers; legal basis: contractual obligation;
- suppliers billing; legal basis: legal obligation;
- obligations set forth by current legislation; legal basis: legal obligation.
CONSEQUENCES OF FAILURE TO PROVIDE INFORMATION
The processing of the data is required upon the client's request for the purposes indicated. Any failure to provide the mandatory information, or communication of incorrect mandatory information, may result in the impossibility for the Data Controller to ensure the relationship.
The processing shall be carried out with manual and/or computerized tools so as to ensure the security, integrity and confidentiality of the data in compliance with the organisational, physical and logistical measures provided by the current provisions, and such as to minimise the risks of destruction or loss, unauthorised access, unauthorised modification and disclosure of the data, in compliance with the methods set for in Articles 6, 32 of the Regulation.
Certain data may be disclosed or communicated to recipients to perform certain activities or to provide support for the operation and organisation of the business. Said subjects are:
Third parties: (communication to natural or legal persons, public authorities, service or other entity that is not the interested person, the Data Controller, the Data Manager and the Authorised Data Supervisors), including:
- banks to manage collection and payments;
- companies managing traditional or computer postal services (if required for the purposes indicated);
- consultants and independent professionals, also in associate form on legal matters, etc. in their role as autonomous data controllers;
- subjects/entities for legal obligation, whose power to possibly access Your data is recognized by legal obligations.
Data Supervisors: (the natural or legal person, public authority, service or other entity that processes personal data on behalf of the Data Controller):
- companies and other subjects, consultants and independent professionals who have been provided with mandates for managing the mandatory obligations concerning the areas of taxes, administration, accounting, legal consulting, etc.;
- possible providers of computer, Internet services or other services required to achieve the purposes required to manage the relations.
Your data shall be processed within the corporate organisation exclusively by personnel expressly authorised by the Data Controller, with the assurance of the implementation of a confidentiality agreement and, in particular, by the following categories of appointees:
Your personal data shall not be disclosed in any manner.
TRANSFER OF DATA TO THIRD-PARTY COUNTRIES
The Data Controller does not transfer personal data to countries outside the EU. Should there be the need to do so, the interested persons shall be informed beforehand, and transfer assurance measures shall be implemented for the recipients, which according to the case histories, may be: verification by the Commission of the existence of decisions of adequacy for the receiving country, undersigning of standard contractual clauses, in the event of the USA, verification of acceptance of the international Privacy Shield agreement; by way of derogation of such guarantees, the verification of the existence of a contract or pre-contractual measures in favour of the interested subject or consent.
We inform You that pursuant to Art. 5 of the Regulation, in compliance with the principles of lawfulness, limitation of the purposes, data minimisation, the retention period of Your personal data is established as a period of time not exceeding the achievement of the purposes for which they were collected and processed. If there is a contract such retention period may cease with the revocation or withdrawal of the contract, however the same data may be stored, when applicable, for a further period of time, in order to managing possible disputes. The legal basis of such retention is the contractual obligation, and the legitimate interest of the Data Controller. The same may be retained, with the same methods and data protection guarantees, for a period of time in compliance with the obligations set forth by the current legislation; by way of example, on the basis of fiscal legislation, for at least 10 years.
Pursuant to the current legislation, the Data Controller is company AMITEK Srl, with registered office and headquarters in 47824 Poggio Torriana (RN), [Italy] at Via Santo Marino 250, VAT registration no. 03977850407, in the person of its legal representative pro tempore. For more information concerning the data provided, contact the Data Controller at firstname.lastname@example.org. Further information on the Privacy Policies implemented by the Data Controller are also available at www.amitek.it.
EU REG. 2016/679: ARTICLES 15, 16, 17, 18, 19, 20, 21, 22, 23 - RIGHTS OF THE INTERESTED PERSON
1. The interested person has the right to obtain the confirmation of the existence or non-existence of his/her personal data, even if they still have not been registered, and the communication thereof in an intelligible manner.
2. The interested person has the right to obtain information concerning:
- a. the origin of the personal data;
- b. the purposes and processing methods;
- c. the logic applied in the event processing is performed with the use of computers;
- d. data identifying the Data Controller, Supervisors and designated representative pursuant to Art. 5(2);
- e. subjects or categories of subjects to whom the personal data may be disclosed or who may be informed thereof in their capacity as designated representative in the territory of the State, supervisors or appointees.
3. The interested person has the right to obtain:
- a. the updating, correction, or when interested in doing so, the integration of the data;
- b. the cancellation, anonymous transformation or blocking of data processed in violation of the law, including those whose retention is not required in relation to the purposes for which the data were collected and subsequently processed;
- c. a demonstration that the operations as per letters a) and b), including the contents thereof, have been brought to the attention of those to whom the data were communicated or distributed, with the exception of the case in which said fulfilment is impossible or requires the use of obviously disproportionate means with respect to the right protected;
- d. the portability of the data.
4. The interested person has the right to partially or wholly oppose:
- a. for legitimate reasons, the processing of his/her personal data, even if they are pertinent to the purpose for which they were collected;
- b. the processing of his/her personal data for the purposes of distributing advertising, direct sales material and publicity or to perform market research.
RIGHT OF COMPLAINT
Should the conditions exist, the interested persons also have the right to lodge a complaint with the supervisory authority according to the envisaged procedures. For any further information or to exercise Your rights, please contact the Data Controller (see contact details provided above).