Information pursuant to art. 13 of Regulation (EU) 679/2016 on the processing of personal data concerned
pursuant to art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on data protection (hereinafter "Regulation" or "GDPR"), in relation to the processing of your personal data, FIRS STAMPI s.r.l. (hereinafter, for brevity, 'Firs' or the "Owner"), whose identity and contact details are indicated below,
It informs you, in your capacity as an interested party,
of the following.
1. Identity and contact details of the Data Controller.
Data controller pursuant to arts. 4 and 24 of the Regulations are:
FIRS STAMPI s.r.l. (hereinafter, for the sake of brevity, 'Firs'), with headquarters in Rivoli (TO), via Genova n.29 / A, Fiscal Code and VAT no. 11547760014, tel. 011-7801996, e-mail firstname.lastname@example.org.
2. Purposes of the processing for which the data and the legal basis of the processing are intended.
The personal data you provide to the undersigned holder will be processed exclusively for the purposes related to the realization of the object of the contract by stipulating or already in being with the Owner, in compliance with the provisions indicated in art. 13 of the Rules. For "purposes related to the realization of the object of the contract" must be understood any operation of data processing related to the management, administration and fulfillment of the contractual relationship in question. The legal basis of the processing for the aforementioned purposes is art. 6 (1) (b) of the GDPR ("processing is necessary for the execution of a contract of which the data subject is a party or for the implementation of pre-contractual measures adopted at the request of the same"). In the context of the present purposes, the processing is also carried out for the fulfillment of specific legal obligations concerning the management of the contractual relationship (for example, accounting and / or fiscal). The legal basis for processing the aforementioned purposes is art. 6, paragraph 1, letter c) of the GDPR ("the processing is necessary to fulfill a legal obligation to which the data controller is subject").
3. Particular categories of personal data.
If, in the execution of the contract or in order to fulfill specific legal obligations concerning the management of the contractual relationship, the undersigned holder must also acquire data that fall within the specific categories of personal data pursuant to art. 9 of the Regulations (in particular, personal data revealing "the racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data, biometric data intended to uniquely identify a person physics, data relating to the health or sexual life or sexual orientation of the person ") these categories of data may be processed only with your free and explicit consent. The legal basis of the processing of the data you provide belonging to the aforementioned special categories of personal data pursuant to art. 9 of the Regulations will be represented, in this case, by your specific consent pursuant to art. 9, paragraph 2, letter a), of the Regulation ("the data subject has given his explicit consent to the processing of such personal data for one or more specific purposes").
4. Methods of data processing.
In relation to the aforementioned purposes, the processing of your personal data will be done by manual, computerized and telematic means for the mere realization of the purposes themselves and, in any case, in order to guarantee their security and confidentiality, in compliance with the provisions of art. 32 of the Regulation on security measures and by persons specifically authorized, in compliance with the provisions of art. 29 of the Regulations.
5. Any recipients and any categories of recipients of personal data.
The processing of the personal data you provide will be made through subjects expressly and specifically designated by the Data Controller who operate in the interest of the same as managers (Article 28 of the Regulations) or as authorized (Article 29 of the Rules) or as subjects expressly designated for the processing of data within the terms provided for by the Regulations and by the national regulations for compliance with the provisions of the GDPR. The data provided may also be processed by the Owner directly and also communicated to third parties if said processing is functional to the obligations of law and the execution of the contract. For this purpose of communication, the data may be brought to the attention of companies or external professionals whose collaboration the Data Controller may use for the purposes indicated in this statement. The data may be communicated, in order to allow the fulfillment of contractual and legal obligations, to post offices, shippers and couriers for sending documentation, as well as to banking institutions for accounting management deriving from the execution of the contract, as well as to Public Administrations pursuant to the law, as well as to third parties for the provision of IT services or archiving services. The personal data of the data subject are not subject to disclosure and the Data Controller will not give any information or make it available to undetermined parties in any way.
6. Transfer of personal data to a third country or to an international organization.
As a rule, no personal data of the data subject will be transferred to a third country outside the European Union or to International Organizations. If this is necessary for the realization of the object of the contract stipulating or already in being with the Owner, the latter undertakes to ensure that any transfer takes place in compliance with the provisions set forth in Articles. 45 (on the basis of an adequacy decision by the Commission) and 46 (based on the existence of adequate guarantees), if applicable, or in any case pursuant to art. 49 of the Rules.
7. Period of retention of personal data.
The personal data processed will be kept in compliance with the provisions of art. 5, paragraph 1, lett. e), of the Regulations in a form that allows identification of data subjects for a period of time not exceeding the achievement of the aforementioned purposes for which personal data are collected and processed. Personal data are kept according to the following criteria: (a) for the time strictly necessary to achieve the "purposes related to the realization of the object of the contract" for which they are processed and in any case for a period not exceeding 10 (ten) years ; (b) for the time strictly necessary for the fulfillment of legal obligations, regulations or instructions given by the Supervisory and Control Bodies. At the end of the retention period, your data will be deleted, or stored anonymously.
8. Rights of the interested party.
Pursuant to articles 15 and ss. of the Rules, you, as an interested party, have the right to ask the Data Controller:
- access to your personal data;
- rectification or cancellation of the same or limitation of the processing that concerns you;
- opposition to treatment;
- data portability;
- if the treatment is based on Article 6, paragraph 1, letter a), or on Article 9, paragraph 2, letter a) of the Regulation, the withdrawal of consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation.
Without prejudice to any other administrative or judicial remedy, the person concerned who considers that the processing concerning him / her is in violation of the GDPR has the right to lodge a complaint with a supervisory authority, particularly in the Member State in which he resides habitually, or the alleged violation pursuant to art. 77 of the Regulations (the Italian supervisory authority is the Guarantor for the protection of personal data).
To exercise the above rights, the interested party may contact the owner at the addresses indicated in the paragraph 1 of this information.
9. Whether the communication of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract; possible consequences of not communicating such data.
The communication of your personal data and the consequent processing by the Data Controller are necessary for the establishment, for the continuation and for the correct management of the relationship in question; this communication, therefore, must be understood as mandatory.
Your refusal to provide the requested personal data may cause, on the part of the Owner, the impossibility to perfect and manage the contractual relationship with you by stipulating or in being.
10. Existence of an automated decision-making process, including profiling.
Pursuant to art. 13, paragraph 2, letter f) of the GDPR, we inform you that the personal data collected will not be subject to any automated decision-making process, including profiling pursuant to art. 22, paragraphs 1 and 4 of the Rules.
11. Processing of personal data for a different purpose than that for which they were collected.
If the Data Controller intends to further process your personal data for a different purpose than that for which they were collected, before such further processing will provide the data subject with information on this different purpose and any further relevant information referred to in art. 13, paragraph 2 of the Rules.
The Data Controller FIRS STAMPI s.r.l..