Pursuant to the current legislation on the processing of personal data (Regulation (EU) 2016/679 and Leg. Decree 196/03, as amended by Leg. Decree 101/2018), data provided regarding the data subject (also in the case of data subjects operating as sole traders, small businesses, or professionals) or its employees, agents, representatives and collaborators (hereinafter the “Data”), will be processed in accordance with the provisions of the current applicable privacy legislation; in any case, Data is processed in such a way as to ensure the safety of said data, and in line with the principles of fairness, lawfulness and confidentiality provided for by law (art. 5 of Regulation (EU) 2016/679 – hereinafter the “GDPR”).
The Data Controller, pursuant to art. 4 of the GDPR, is Anci Servizi S.r.l. a Socio Unico, with registered offices in Milan, Via Alberto Riva Villasanta 3, with operating premises in Vigevano, C.so Brodolini 19 and Via Aguzzafame 60/B. To contact the Data Controller, simply send an e-mail to email@example.com or call either +39.0381.84722 or +39.02.438291. The Data Controller has appointed a DPO, who can also be contacted as above.
Data is processed, in line with the principles of lawfulness provided for under art. 6 of the GDPR, for purposes relating to the relationship established with the Data Controller; therefore, data processing is legally justified, as required by art. 13 c) of the GDPR, by the purposes for which the relationship is established with the Data Controller, i.e. the execution of the contract between the parties.
Given the above purposes, the processing of data supplied to the Data Controller will include activities that are necessary for the proper execution of the provisions of the commercial agreement, such as, inter alia: the management, organisation, storage and creation of a database, consultation, archiving, communication of initiatives, processing for administrative-accounting purposes, emailing soft spam, the production of statistics, the use, destruction and rectification of data processed following the data subject’s notification.
Providing your data is optional. However, failure to provide same may prevent the execution of the obligations arising from the contract between the parties. Therefore, in the case of pursuing the commercial relationship, the processing of any personal data supplied (also in the name, on behalf and in the interest of employees and/or consultants, collaborators and agents) shall in any case be deemed authorised pursuant to art. 6, para. 1 b) of the GDPR.
Should the Data Controller intend to process personal data for a purpose other than that for which it was collected, the data subject will be provided in advance with information on this new purpose and all other pertinent information, and the Data Controller will seek his or her prior consent.
Data will be processed in paper form and/or electronically by parties specially authorised to do so. Data processed for accounting and/or administrative purposes will be stored for 10 years, as will any data processed for the CE/EU certification of PPE; for all other purposes, the storage period shall in no case be more than 10 years.
Processing includes communication of data to members of the Data Controller’s organisational structure, i.e. to its consultants entrusted with managing the business, in order to fulfil the established trade relationship. Moreover, it should be noted that the data collected and subsequently processed will be communicated and hence made available to the DPO for accounting and/or administrative purposes and in any case to related parties in order to ensure the correct execution of the existing contract, as well as to the Ministry of Economic Development and the Ministry of Labour as regards the CE certification of Personal Protective Equipment (PPE).
The data collected will not be disseminated.
Processing will include the use of data supplied both within and outside the EU, but only in the countries set forth in artt. 45 and 46 of the GDPR.
The Data Controller reminds the data subject that the personal data requested and supplied does not fall under the categories of personal data listed in artt. 9 and 10 of the GDPR.
Existence of automated decision-making, including profiling.
The Data Controller does not process data on the basis of automated decision-making processes or for profiling purposes.
The Data Controller also informs you that the following rights are guaranteed under art. 13, para. 2, of the GDPR:
- The right of access to personal data and to related information as listed under art. 15 of the European Regulation;
- The right to correct or delete the data supplied or request limitation of data processing;
- The right to object to data processing;
- The right to data portability;
- The right to revoke your consent at any time without affecting the lawfulness of data processing on the basis of consent given prior to revocation, if processing is based on article 6, para. 1 a), or art. 9, para. 2 a) of the GDPR;
- The right to lodge a complaint with a supervisory authority.
The Data Controller informs you that the rights listed in and guaranteed by artt. 15-22 of the GDPR may not be exercised by submitting a request to the Data Controller or by lodging a complaint under art. 77 of the GDPR if exercising same could cause real, concrete injury to certain data categories and/or to certain activities as listed in art. 2-undecies of Leg. Decree 196/03, as harmonised by Leg. Decree 101/2018; this does not prejudice the provisions, specified in paragraphs 2 and 3 of the aforementioned article, in terms of limitations, exclusions or delays in exercising rights.
To exercise the rights listed above, simply e-mail firstname.lastname@example.org, stating the wording “Exercising of rights under the GDPR” in the subject line and specifying the right that you wish to exercise in the body of the email, along with your name, surname and the email address where you wish to receive a reply from Anci Servizi s.r.l. Once your request has been processed, the Data Controller will send its feedback in the terms set forth in art. 12, point 3, of the GDPR.