It informs that the relationships established with DataConSec s.r.l. (Data Controller) may entail the processing of personal data, in compliance with the following general principles:
- all data are processed in a lawful, fair and transparent way for the data subject, in compliance with the general principles set forth by Article 5 of the GDPR;
- specific security measures are taken to prevent the loss, unlawful or unfair use of or unauthorised access to data;
- the Data Controller is the undersigned Company: DataConSec S.r.l., Viale Fratti, 56 – 43121 Parma (PR) Italy (Email: firstname.lastname@example.org, Tel/Fax. +39 0521 771298)
DATA UNDERGOING PROCESSING
The Controller processes personal identification data of the client/supplier (e.g. name, surname, company name, personal/tax data, address, telephone number, e-mail, bank and payment reference data) and of his/her representatives (name, surname and contact details) acquired and used during the provision of services by the Controller.
LEGAL BASIS AND PURPOSES OF THE PROCESSING
Data are processed:
- to establish contractual/professional relationships;
- to fulfil pre-contractual, contractual and tax obligations arising in relation to the existing relationships, as well as to manage the required notices connected with them;
- to fulfil legal obligations, or obligations set forth by a regulation, the EU legislation or by an order issued by the Authority;
- in order for the Controller to exercise a legitimate interest as well as a right (e.g.: right of defence of legal claims, protection of claims; ordinary internal operational, management and tax needs).
A non-provision of said data will prevent the establishment of the relationship with the Controller. In accordance with Article 6 paragraphs b,c,f, the above-mentioned purposes provide an appropriate legal basis for the lawfulness of the processing. Should the processing be carried out for different purposes, specific consent shall be required from the data subjects.
Personal data are processed by means of the operations indicated in Article 4 no. 2) GDPR, more specifically: collection, recording, organisation, storage, consultation, processing, alteration, selection, retrieval, alignment, use, combination, denial, disclosure, erasure and destruction of data. Personal data are processed both by paper and by electronic and/or automatic means. The Controller shall process personal data for the amount of time required to fulfil the purposes for which they have been collected and the related legal obligations.
SCOPE OF THE PROCESSING
Data are processed by internal individuals, who are duly entitled and instructed to the processing in compliance with Article 29 of the GDPR. The scope of disclosure of personal data may also be requested, obtaining precise indications as to whether there are external individuals acting in the capacity of autonomous Processors or Controllers (consultants, specialists, bank institutions, carriers, etc.). It is also hereby stated that personal data may be subject to an intercompany disclosure among the Group’s companies. Data are not disclosed or handed over to extra-EU countries. Should it be necessary, within the context of tender procedures or contracts or for the fulfilment of regulatory obligations (e.g.: joint liability, anti-corruption, anti-mafia, anti-money laundering, etc.) acquiring from clients/suppliers their employees’ personal data, the parties hereby agree that the undersigned company shall be authorised to the processing of such data in the capacity of External Processor (Article 28 of the GDPR) or of authorised subject (Article 29 of the GDPR). Within such relationship, the undersigned company commits itself to processing such data in compliance with the compliance requirements provided for by the GDPR, ensuring that it will only disclose data to other subjects within the context of specific legal obligations.
RIGHTS OF THE INTERESTED PARTY
DataConSec S.r.l., guarantees to be able to exercise at any time the rights provided by the art. 12 of the GDPR. In particular, you have the right:
- Right of access by the data subject (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (‘right to be forgotten’) (Art. 17)
- Right to restriction of processing (Art. 18)
- Notification obligation regarding rectification or erasure of personal data or restriction of processing (Art. 19)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Automated individual decision-making, including profiling (Art. 22)
The exercise of these rights can be exercised by communication to the Data Controller whose addresses are: e-mail email@example.com, Tel. +39 0521 771298.