INFORMATION ON THE PROCESSING OF PERSONAL DATA
under Regulation (EU) 2016/679 and Legislative Decree No 196/2003 as amended
This information is provided in accordance with the provisions of the Community legislation (EU Regulation 2016/679 of 27 April 2016, on the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data, hereinafter referred to as “GDPR” for the sake of brevity) and by the national legislation in force.
The data controller is Privilege Events Srl, with registered office in Pescara (PE), via Carlo Poerio n. 40 – c.a.p. 65122, (Email: firstname.lastname@example.org, PEC: email@example.com, Tel.: +39 0858963241).
PURPOSE OF THE PROCESSING
Performance of the contract concerning the provision of the requested service / product;
– Fulfillment of the fiscal and accounting, social security and welfare fields’ obligations.
LEGAL BASIS FOR PROCESSING
Performance of a contract whose data subject is a party or performance of precontractual measures adopted at his request. consent for the processing of particular categories of Data. In the event of any dispute, the Data Controller is entitled to defend his rights.
– Fulfillment of a legal obligation to which the Data Controller is subject
Duration of the contractual relation and, after cessation, for the period required by law. Until the revocation of the consent, in the absence of revocation for the entire period of the contractual relationship. In the event of any dispute, for its entire duration until the exhaustion of the terms of practicability of the appeals.
– Duration of the contractual relation and, after cessation, for the period laid down by the legal provisions to which the Data Controller is subject.
The processing of your personal data will take place at the headquarters of the Data Controller located in registered office in Pescara (PE), via Carlo Poerio n. 40 – c.a.p. 65122 and will be done using automated and manual methods and tools to ensure maximum security and confidentiality, by specifically authorized parties as long as is strictly necessary to attain the purposes for which they were collected. The data provided will be used with paper-based, computerized and telematic tools. Specific security measures are complied to prevent data loss, illicit or incorrect use and unauthorized access. Once the above storage terms have elapsed, the data will be destroyed or be anonymized through the technical cancellation and backup procedures.
NATURE OF THE PROVISION AND REFUSAL
The provision of personal data is mandatory for the conclusion and performance of the contract, as well as for the fulfillment of ex lege obligations and, therefore, any refusal, even partial, or the inaccurate indication of such data determines the impossibility for the Data Controller to properly perform the contract and/or all related obligations. With reference to the purposes for which consent is provided, the provision of personal data is optional. Failure to provide personal data, however, makes it impossible to pursue the aforementioned purposes.
RECIPIENTS OF THE DATA
The following subjects are the recipients the collected data and, therefore, will process the following data on behalf of the Data Controller, under the Article 28 of the Regulations, as Data Officers:
• IT Consultants (or Consulting Firms) for the provision of software and hardware support and maintenance services
• Banking and insurance institutions
• E-mail provider
• PEC Provider
• Business consultant
• Transport companies
• Software house which provides functional services for the purposes indicated above
Lawyers who provide functional services for the above mentioned purposes could also be data recipients.
In order to know, at any time, the subjects to whom your data will be communicated, it is sufficient that you request the updated list by writing to the Data Controller at the addresses above.
Furthermore, your data may be disclosed to external subjects such as, by way of example and not limited to, authority and supervisory and inspection bodies and, in general, public or private entities, entitled to request data (eg IRS, Financial Police).
The personal data collected will also be processed by authorized internal parties acting on the basis of specific instructions provided for the purposes and methods of the processing.
RIGHTS OF THE DATA SUJBECTS – COMPLAINT TO THE INSPECTION AUTHORITY
In relation to the data undergoing processing mentioned in this document, it is your right to:
• ask the Data Collector for access to your personal data and information related (GDPR Article 15) at any time; the correction of inaccurate data or the integration of incomplete data (GDPR Article 16); the erasure of your personal data (upon the occurrence of one of the conditions indicated in GDPR Article 17, paragraph 1 and in the respect for the exceptions provided for in paragraph 3 of the same article); the restriction of the processing of your personal data (upon the occurrence of the hypotheses indicated in GDPR Article 18, paragraph 1);
• ask to the Data Controller and obtain – in the cases in which the legal basis of the processing is the contract or consent, and it is carried out by automated means – your personal data in a structured and machine-readable format, also for the purpose of communicate such data to another Data Controller (so-called right to the portability of personal data – GDPR Article 20) at any time;
• object to the processing of your personal data to the occurrence of particular situations that affect you (GDPR Article 21) at any time.
• withdraw your consent at any time – in the cases in which the legal basis of the processing is the consent for the specific purpose. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (GDPR Article 7).
The appropriate application is submitted by contacting the Data Controller by PEC at the address firstname.lastname@example.org, by email to the address email@example.com or registered mail with advice of delivery at the address Pescara (PE), via Carlo Poerio n. 40 – c.a.p. 65122.
If you believe that the processing of your data is in violation of the Regulation terms, you can lodge a complaint with a supervisory authority (Authority for the protection of personal data – www.garanteprivacy.it), as provided for by GDPR Art. 77, or refer the matter to appropriate legal courts (GDPR Article 79).