PRIVACY STATEMENT [art. 13 e 14 Reg. (EU) 2016/679]
Regulation (UE) n. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
We would like to inform You – as the person involved – that the processing of your personal data is carried out in accordance with the following conditions, complying with the principle of transparency provided for in EU Regulation n. 2016/679 (hereinafter GDPR).
- DATA CONTROLLER AND CONTACT DETAILS
Pursuant to article 4 of GDPR, the Data Controller is VIRCOS S.r.l. with registered offices in Via Meucci, 10 (Z.I.) – 36066 SANDRIGO (VI). Telephone 0444 1220017. Email firstname.lastname@example.org.
- PURPOSE AND LEGAL BASIS OF THE PROCESSING
Any and all personal data provided by You – whether verbally or in writing – will be processed for the following purposes:
a) to implement all pre-contractual and contractual duties and enter them in the company databases used for contract management and monitoring;
b) to fulfil national and EU legal requirements, including those of a fiscal and/or accounting nature.
Data processing may be carried out without your consent as necessary in order to enforce a contract You’re a party to or to implement pre-contractual arrangements and to fulfil legal requirements. Failing to provide full and correct data on your side may result in our inability to fulfil obligations laid down.
c) to pursue the Data Controller’s and third parties’ legitimate interests.
Data processing may also be carried out without your consent as necessary in order to pursuit the interests of the Data Controller and of third parties, provided that this doesn’t adversely affect your fundamental rights and freedoms.
- RECIPIENTS OF THE DATA PROCESSED
All personal data provided will be made accessible to designated staff members, acting under the authority of the Data Controller.
The following parties may be provided with the processed data, in compliance with applicable regulations, tasks and purposes:
third parties (either natural or legal persons) purposely authorised or appointed as Data Processor or, as applicable, to freelancers operating as Data Controller’s consultants and/or providing the Data Controller with services connected with the implementation of the aforementioned purposes;
parties to which disclosure requirement is mandatory as provided for by existing legislation, such as public bodies, supervisory agencies, judicial authorities;
credit institutions and insurance companies.
The Data Controller is committed to entrusting with data only those parties which, thanks to their technological dimension, experience, ability and reliability, are able to fully comply with GDPR provisions, with particular reference to data security and fundamental freedoms of the person concerned.
The list of Data Controllers may be made available upon your request to the Data Controller.
Except as provided in this policy, we will not transfer your personal details to third parties.
- DATA RETENTION PERIOD
The personal data collected will be retained for a period no longer than necessary to fulfil the purposes for which personal data were collected and, still, for the time necessary to fulfil all requirements, should they be of a fiscal or accounting nature, related to or resulting from the service(s) required, pursuant to art. 5(1)(e) of GDPR.
- DATA PROCESSING METHODS
Your personal data processing will be carried out in accordance with the principles of lawfulness, fairness and transparency in order to ensure your privacy and rights. Furthermore, the Data Controller is committed to processing your data in accordance with the principle of “minimization”, consisting in collecting and processing such data with the sole aim of fulfilling stated purposes. Such data will be stored onto data carriers, hard copies and onto any other suitable media, complying with GDPR, so that to provide You with an adequate level of protection (art. 32 GDPR).
- DATA SUBJECT’S RIGHTS
Please be informed that You are entitled to ask the Data Controller to access to your personal data at any time (art. 15), to correct (art. 16) or to delete them (art. 17), or to limit the processing thereof (art. 18).
You’re also entitled to object to the processing thereof based on a legitimate interest (art. 21) and to data portability (art. 20).
If You consider that our processing of your personal information infringes data protection laws, You have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You’re also entitled to withdraw consent at any time, without this affecting the lawfulness of the processing before withdrawal.
You may exercise any of your rights in relation to your personal data by contacting the Data Controller or emailing us at the address specified in section 1.