Information pursuant to Art. 13 of EU Regulation No. 2016/679 regarding the processing of personal data
Under and by effect of Art. 13 of EU Regulation No. 2016/679 regarding the processing of personal data, the undersigned BOSISIO SIGN Srl, with registered office in Milano, 20123, Via Giovanni Boccaccio 29, as Data Controller, informs its customers that the personal data acquired with reference to the business relationships established will be processed in compliance with the above mentioned legislation. According to the above mentioned law, such treatment will be based on the principles of correctness, lawfulness and transparency and protection of confidentiality, as indicated below.
1. Object of the treatment
The personal data collected and processed by the writer are:
- identification data (personal data, address, tel., fax, e-mail, tax data, etc..)
- data relating to economic and commercial activity (orders, bank data, accounting and tax data, etc..)
2. Purposes of processing:
Your personal data are processed:
- without your express consent (Art. 6 letter b), e) EU Regulation no. 2016679), for the following Service Purposes:
- to conclude contracts for services of the Data Controller;
- to fulfill the pre-contractual, contractual and fiscal obligations arising from relationships with you in place;
- to fulfill the obligations under the law, a regulation, Community legislation or an order of the Authority (such as AML), in accordance with Art. 6 paragraph 1 letter c) of EU Regulation No. 2016/679;
- to exercise the rights of the Data Controller, for example the right to defense in court, pursuant to Art. 6 paragraph 1 letter f) of EU Regulation No. 2016/679.
In all these cases the provision of data for the performance of these activities is essential for the exact execution of a contract to which the person concerned is a party or the execution of pre-contractual measures taken at the request of the same and therefore the failure to provide prevents the conclusion of the contract for the services of the Data Controller. The need to provide data for the execution of the contract of which the person concerned is a party or for the execution of pre-contractual measures adopted at the request of the same constitutes the legal basis for the processing of data pursuant to Art. 6 paragraph 1 letters b) and c) of EU Regulation no. 2016/679.
- only with your specific and distinct consent (Art. 6 paragraph 1 letter a) and Art. 7 of EU Regulation No. 2016/679), for the following Marketing Purposes: to send you via email, mail and telephone contacts, newsletters, commercial communications and advertising material on products or services offered by the Data Controller and detection of the degree of satisfaction with the quality of services;
The provision of data for the purposes referred to in Art. 2.B) is optional. You may therefore decide not to provide any data or subsequently deny the possibility of processing data already provided, by revoking your consent pursuant to Art. 7, paragraph 3 of EU Regulation no. 2016/679: in this case, you may not receive newsletters, commercial communications and advertising material relating to the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in Art. 2.A).
We inform you that if you are already our customers, we may send you commercial communications relating to services and products of the Data Controller similar to those from which you have already used, except your right to revoke the consent already given pursuant to Art. 7, paragraph 3 of EU Regulation No. 2016/679), specifying in this regard that the revocation of such consent does not affect the lawfulness of the processing based on the consent previously expressed before revocation.
3. Methods of processing
The processing of your personal data is carried out by means of the operations indicated in art. 4 No. 2) EU Regulation No. 2016/679 and specifically: collection, recording, organization, structuring, storage, consultation, processing, adaptation or modification, selection, extraction, comparison, use, consultation, interconnection, blocking, communication by transmission or any other form of provision, limitation, cancellation and destruction of data. The acquired data will be processed with electronic, computer and telematic instruments and with paper supports with logic strictly related to the purposes indicated above by internal collaborators and employees specifically appointed for the processing or by external data processors. The data are stored on paper and computer in compliance with the minimum security measures required by law, both technical and organizational, adequate to ensure the confidentiality and confidentiality of personal data, adopting security measures to prevent alteration, loss, processing or unauthorized access and to ensure the integrity and security of personal data. In accordance with the principle of minimization, the data that the Data Controller may process shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed and in any event in compliance with the wishes of the data subject.
Pursuant to Art. 13 paragraph 2 letter a) of EU Regulation No. 2016/679, the Data Controller specifies that he will process personal data for the time necessary to fulfill the above purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes (also taking into account the ordinary limitation period for contractual relationships) and for no more than 2 years from the collection of data for the Marketing Purposes.
4. Access to your data
Pursuant to Art. 13 letter e) of EU Regulation No. 2016/679 it is specified that personal, accounting and tax data will not be communicated, sold or exchanged with third parties, except to consultants and technicians, in their capacity as data processors or external data processors, for the performance of activities functional to the company, such as administrative, operational, accounting, tax and legal. In this case, the use by third parties must be in full compliance with the principle of correctness, lawfulness and transparency and with the current legal provisions and in particular the provisions of Art. 28 of EU Regulation No. 2016/679.
The updated list of external managers and processors is kept at the registered office of the Data Controller.
Without the need for express consent (Art. 6, paragraph 1, letters b) and c) of EU Regulation no. 2016/679), the Data Controller may communicate your data for the purposes referred to in Art. 2.A) to judicial and administrative authorities as well as to all those subjects to whom communication is required by law for the performance of the aforementioned purposes. These subjects will process the data in their capacity as independent data controllers.
5. Rights of the data subject
In your capacity as data subject, pursuant to Art. 13 paragraph 2 letter b) of EU Regulation No 2016/679 , you have the right to request from the Data Controller access to your personal data (Art. 15 of EU Regulation No. 2016/679), the rectification of such data (Art. 16 of EU Regulation No. 2016/679), the erasure of such data (Article 17 of EU Regulation No 2016/679), the restriction of the processing of such data (Art. 18 of EU Regulation No. 2016/679), to oppose their processing (Art. 21 and Art. 22 of EU Regulation No. 2016/679) and you still have the right to data portability (Art. 20 of EU Regulation No. 2016/679).
As a data subject, you may exercise your rights by contacting BOSISIO SIGN Srl, with registered office in Milano, 20123, Via Giovanni Boccaccio 29, Data Controller, using the contact data indicated below. You also have the right to lodge a complaint with a supervisory authority in accordance with the provisions of EU Regulation no. 2016/679 and in particular, on the basis of Art. 77 of the same Regulation, to the supervisory authority of the Member State in which you habitually reside or work, or the place where the alleged violation occurred, always without prejudice to the right to apply in any case to the competent ordinary judicial authority.
Contact details of the Data Controller:
BOSISIO SIGN SRL