PRIVACY NOTICE ON PERSONAL DATA PROCESSING
–
pursuant to REGOLAMENTO GDPR UE 2016/679, D.lgs. 101/2018, D.lgs. 196/2003 Novellato
Dear Customer,
ELY SISTEMI PROJECT S.R.L., P.I. 02944450929, Via Renzo Laconi 18 – 09121 CAGLIARI (CA),
Tel. 070240601,e-mail: info@elysistemiproject.com, p.e.c. elysistemiproject@certificazioneposta.it (hereinafter the “Company”), in its role of data controller, pursuant to art. 13 of the European Regulation 679/2016 concerning the protection of personal data (the “Regulation”), wishes to provide you with the following information:
1. Types of personal data
We process the following data: name, surname, contact data, e-mail addresses, positions where relevant, in accordance with the Regulation and with local laws, including possible decisions issued by the Supervisory Authority, as applicable.
2. Purposes of the processing
The Company will process the data while carrying out its commercial and financial activities and for the performance of contractual relationships. In particular, the data will be processed in order to comply with the obligations established by the law (for example, tax and accounting obligations); for the registering customers into the Company’s management system (customers’ list); for the administrative management of the agreements including for handling of invoices; for the compliance with obligation related to the supply of goods, as well as for handling possible litigation.
The processing of data for the abovementioned purposes does not require the individual consent since the Company is authorized to avail itself of the reliefs available under letter b), c) of article 6.1, of the Regulation.
3. Nature of collection and processing methods
The collection of personal data is a requirement: failing this, it becomes impossible to enter into a commercial agreement or, in case of existing agreements, to fulfil the obligations and commitments arising from such agreements.
The data shall be processed by the Company, and by those entrusted by the Company with processing, mainly by means of electronic or manual systems and according to the principles of fairness, integrity and transparency that are required by applicable laws on data protection as well as by preserving the privacy of the concerned persons, through the implementation of technical and organizational measures ensuring an adequate safety level (including, without limitation, by preventing access from unauthorized persons -unless such access is required by the applicable laws- or by ensuring restoration of access to data after material or technical accidents).
4. Storage of data
The data shall be stored in compliance with the applicable regulations on protection of personal data for the time that is necessary to comply with the above-mentioned purposes. In particular, personal data will be stored by Company for the whole duration of the contractual relationship and also after its termination, in compliance with applicable laws (including, without limitation, the obligation to keep the invoices and other company documents for at least 10 years).
5. Disclosure, dissemination, and transfer of data
Without prejudice to the duty of disclosure in order to fulfil any legal or contractual obligations, the data may be disclosed to tax or legal consultants, to collaborators of the Company, to public entities as well as to those persons that are authorized by the laws to receive such data, to Italian or foreign judicial or other public authorities for the fulfilment of legal obligations, or for the performance of the obligations arising from an agreement, including for the purposes of defence before the Courts. Such entities act as independent data controllers.
In order to perform certain services implying the need of personal data processing, the Company may also avail of third parties, including in respect of the service of substitutive filing or maintenance on the IT systems in which data are processed. These companies shall operate as external data processors in compliance with specific and adequate directions concerning the processing methods and safety measures as specified in specific contractual documents.
With reference to transfer the data to countries located outside the European Union, the Company undertakes to ensure a level of protection and preservation, also by means of entering into specific contracts, adequate to the applicable laws, including the entering into standard contractual clauses (a copy of the undertaken commitments with the Group companies is available on request to the contacts mentioned below). Personal data shall not be disseminated.
6. Rights of Data Subjects
A Data Subject shall have the rights contemplated in the Regulation (articles from 15-21) in respect of the processing of data contemplated thereto, including the right to:
– Obtain confirmation of the existence of personal data concerning him/her and to gain access to them (right of access);
– Obtain the updating, modification and/or rectification of its personal data (right of rectification);
– Obtain erasure, or to set limits to processing, of personal data whose processing is unlawful, including those that are no longer necessary in relation to the purposes for which they were collected or otherwise processed (right to be forgotten and right to the restriction of processing);
– Object to processing (right to object);
– Withdraw previously given consent, if any, without prejudice to the lawfulness of processing based on that consent;
– Receive a copy in electronic form of the data concerning him or her which have been provided to a controller in the framework of an agreement and to have such data transmitted to another controller (right to data portability).
For the exercise of the rights above and in case of further requests for information regarding the present privacy notice, you can contact the Company by sending an email to the Company.
You may also lodge a complaint with the Supervisory Authority in case of infringement of regulations concerning the protection of personal data.