Privacy Policy Form
Form ICONT – Dated on 11/2023
Policy on personal data processing
Pursuant to Article no. 13 of EUROPEAN REGULATION No. 679/2016
Dear Data Subject,
ARGHENTIA S.R.L., as Data Processor in accordance with article no. 13 of the European Regulation no. 679/2016 "General Data Protection Regulation (GDPR)" (hereinafter referred to as the EU Regulation), containing provisions on the processing of personal data, would like to inform you about the processing of your personal data.
The provision requires that anyone who processes personal data must inform the data subject of the data processed and the elements qualifying the processing, which must in any case be carried out in a lawful, correct and transparent manner, as well as protect the confidentiality and guarantee the rights of the data subject.
It should be noted that data processing means any operation or series of operations concerning the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, distribution and destruction of data.
-
1. The Data Processor
The Data Controller of your personal data is ARGHENTIA S.R.L., who is responsible for the legitimate and correct use of your personal data. You can contact the company for any information or request at the following addresses: telephone 0575300449, email: amministrazione@arghentia.it
-
2. Nature of the Data Processed, the Purpose and Legal Basis of the processing
Nature of the data processed. In relation to the purposes of the processing below, please note that only "common personal data" will be processed, such as, for example:
- company identification data (name, surname, email, etc.);
Purpose of processing. Your personal data will be processed for the following purposes:
- to reply to your requests: by filling in the appropriate form in this contact area on a voluntary basis;
- to fulfil legal obligations;
Legal basis of processing. Personal data, for the purposes referred to in point 2A and 2B, will be lawfully processed to fulfil pre-contractual and contractual obligations between us and the user (Article 6, paragraph 1, letter b), to fulfil our legal obligations (Article 6, paragraph 1, letter c).
The consent you have given may be withdrawn at any time, without affecting the lawfulness of the processing based on the consent given before the withdrawal (Article 7 paragraph 3 of the EU Regulation)
-
3. Recipients of the data and processing methods
The processing of your personal data will be based on the principles of fairness, lawfulness and transparency and may be carried out using paper and electronic tools both by the staff of the undersigned Company, authorised/charged with the processing of personal data, and by external parties called upon to carry out specific tasks, on behalf of the Data Processor, in their capacity as Data Processors, pursuant to article 28 of the EU Regulations, subject to our letter of appointment requiring them to observe the duty of confidentiality and security in the processing of personal data, and the adoption of suitable security measures to prevent the loss of data, unlawful and incorrect use, and unauthorised access, in compliance with the provisions in force on the protection of personal data.
For the sake of brevity, the detailed list of these figures is available at the Data Controller's headquarters and is at your disposal.
Your personal data will not be disclosed and will not be transferred to third countries or international organisations, will not be disclosed to third parties except for legal or contractual obligations
-
4. Data retention periods
Your personal data will be retained for a period of time not exceeding the purposes for which they are processed, in compliance with the principle of retention limitation provided for in the EU Regulation and/or for as long as necessary for legal and contractual obligations or until you revoke your specific consent, and therefore
- with reference to the purposes set out in points 2A-2B, the data will be kept for a period of time not exceeding the fulfilment of the purposes for which they are processed and/or for the time strictly necessary for the fulfilment of legal and contractual obligations;
In order to guarantee the stated retention periods, a periodic check is to be carried out annually on the data processed and on whether it can be deleted if it is no longer needed for the intended purposes.
-
5. Access to data (categories of recipients to whom the data can be disclosed)
We also inform you that the data collected will never be disseminated and will not be communicated without your express consent, except for necessary communications that may involve the transfer of data to public bodies, consultants or other entities for the fulfilment of tax and legal obligations or for the fulfilment of primary and secondary purposes (where authorised), subject to our letter of appointment imposing on them the duty of confidentiality and security in the processing of personal data.
With reference to art. 13, par. 1, letter e) of the GDPR, we hereby specify the subjects or categories of subjects who may become aware of the personal data of the data subjects as managers or agents, and provide a specific list by categories:
- Shareholders, employees, collaborators and suppliers of the Data Controller in Italy and abroad, in their capacity as appointees/authorised persons and/or data processors (e.g. offices: commercial, technical, administrative, legal, press; system administrators, external professionals, various service providers, etc.)
Your personal data may also be disclosed to external recipients of the files concerning you, in the performance of the activities and to external subjects who interact with the undersigned, always and exclusively for activities functional to the purposes described above, external subjects called to carry out specific tasks, on behalf of the Data Controller, as Data Processors, pursuant to art. 28 of the EU Regulation.
For the sake of brevity, the detailed list of these figures is available at our office and is at your disposal.
-
6 and 7. Data communication and data transfer
Without the need for express consent (art.6, co. 1, lett. b), c) and f) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in points 2A to 2F to supervisory bodies, judicial authorities, as well as to those subjects to whom communication is mandatory by law for the fulfilment of the purposes indicated above.
These parties will process the data in their capacity as autonomous data controllers.
Personal data is stored on devices located at the headquarters of the Data Controller or at providers within the European Union.
Your data will not be made public.
To guarantee the security of these transfers, we only use subjects who offer the necessary guarantees to implement adequate technical and organisational measures so that the processing carried out complies with the provisions of EU Reg. UE 679/2016.
Both as regards the data on its own devices and any data held by providers, the Data Controller has put in place adequate technical and organisational measures to ensure an appropriate level of security, in full compliance with the EU Regulation.
-
8. Consequences of the failure to disclose personal data
The personal data referred to in items 2A-2B of this information sheet are necessary, without these it would not be possible for us to proceed and fulfil our contractual and legal obligations.
-
9. Rights of data subjects
Data subjects have the rights set out in articles 15 to 22 of the EU Regulation below, and more specifically, data subjects have the right to:
- obtain acknowledgement of the existence and processing of personal data concerning them, and in that case, obtain access to their data (so-called right of access);
- obtain details on the purposes of the processing, the categories of the data concerned, the recipients or categories of recipients to whom the data have been or will be disclosed, in particular if they are recipients from third countries or international organisations, the intended data retention period or the criteria used to determine that period; and where the data are not collected from the data subject, obtain all available information on their origin;
- obtain rectification of the data concerning them (so-called right of rectification)
- obtain the deletion of data concerning them (so-called right to be forgotten);
- obtain the limitation of processing (so-called right of restriction of processing);
- obtain the portability of data, i.e. receive the data from a Data Processor in a structured, commonly used and machine-readable format and transmit them to another Data Processor without any obstacle (so-called right to data portability);
- object to the processing at any time (so-called right of objection). We would like to specifically inform you, as required by article 21 of the EU Regulation, that if personal data are processed for direct marketing purposes (including profiling), the data subject has the right to object at any time to the processing of personal data concerning them carried out for such purposes, and that if the data subject objects to the processing for direct marketing purposes, the personal data may no longer be processed for such processing;
- be made aware (with the option to object) of the existence of an automated decision-making process concerning natural persons, including profiling;
- withdraw consent at any time, without affecting the lawfulness of any processing based on consent given prior to revocation;
- submit a complaint to the Supervisory Authority for Data Protection in Italy (Data Protection Authority).
Please note that there may be conditions or limitations to the exercise of these rights, as provided for in the legislation in force.
-
10 - How to exercise your rights
At any time, you may exercise your rights in a clear and explicit manner by submitting:
- a registered letter with return receipt to the undersigned;
- an email to amministrazione@arghentia.it
- Or by contacting the Data Controller directly at: +39 0575300449.
-
11 - Minors
What the Data Controller offers and what is the subject of the relationship with you in existence does not provide for the intentional acquisition of personal information referring to minors. If information on minors is unintentionally recorded, the Data Processor will delete it in a timely manner on the request or indication of the data subject.
-
12 - Appointed/Authorised Persons – Data Processors
Below we provide you with some information that we need to bring to your attention, not only in order to comply with legal obligations, but also because transparency and fairness towards the Interested Parties is a fundamental part of our business.
Appointees/Authorised Persons. The updated list of the appointees/Authorised persons and the staff involved in data processing is kept at the Data Controller's registered offices.
Data controllers.
For the sake of brevity, the detailed list of these figures is available at our office and is at your disposal.