INFORMATION PURSUANT TO ART. 13-14 EU REG. NO. 2016/679 FOR THE PROCESSING OF PERSONAL DATA
S.F.C.M. SRL™ hereby informs you that, pursuant to and for the purposes of Articles 13 and 14 of the European Regulation No. 2016/679 GDPR, the data acquired and/or provided by you will be processed in accordance with the above regulations.
The Data Controller is: S.F.C.M. SRL™ Via della Moscova, 47 Milano 20121 Mi email@example.com
PURPOSES OF MANDATORY TREATMENTS
S.F.C.M. SRL™ acquires the data you provide in compliance with the rules of confidentiality and security provided by the Regulations and the law.
S.F.C.M. SRL™ processes data collected digitally from the website without your express consent (Art. 6 GDPR) for the following purposes:
- Carry out its normal activities of responding to questions we receive through the various forms on the website;
- Fulfill pre-contractual, contractual and tax obligations arising from existing relationships with you;
- Fulfilling obligations under the law, a regulation, EU legislation or an order of the Authority (for example: issuing invoices);
- Exercise the Holder's rights (e.g., treasury management, right to defense in court, etc.).
PURPOSES OF NON-MANDATORY PROCESSING
Subject to your specific and separate consent (Articles 6 and 7 GDPR), we will process your data for the following marketing purposes:
- to send them via email, mail, newsletter, commercial communications and/or informative material on products and/or services offered by the Owner and satisfaction survey on the quality of services;
- Send them via e-mail, mail newsletters on products and/or services offered by third-party companies and satisfaction survey on the quality of services.
MODE OF TREATMENT
The processing consists, for example, in operations of collection, recording, organization, storage, extraction, consultation, use, communication, deletion of personal data. It is carried out, for the aforementioned purposes, according to principles (ex art. 5 of GDPR No. 2016/679) of lawfulness, correctness, transparency, data minimization and accuracy. Data are processed by telephone, paper, computer and telematic means. The processing is carried out using appropriate tools, technical and organizational measures adequate to ensure security, integrity and confidentiality, avoiding in particular the risk of loss, unauthorized access, unlawful use, dissemination, in compliance with the provisions also of Article 32 of GDPR No. 2016/679, by the subjects and in compliance with the provisions of Article 29 of GDPR No. 2016/679 and Article 2-quaterdecies of the Privacy Code.
NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO RESPOND
Providing data for mandatory purposes does not require consent. Without such data, we will not be able to provide our services. The provision of data for other purposes is optional and requires your express consent. In the absence you will not be able to receive newsletters, informative material, commercial communications about services offered by the Owner or third party companies You will still continue to be entitled to our services.
Your data may be made accessible for the above purposes:
- to employees and collaborators of the Owner in their capacity as data processors and/or system administrators;
- to third-party companies or other entities (by way of example: professional firms, consultants, software houses that provide the management systems, credit institutions, insurance companies, etc.) that carry out outsourced activities on behalf of the Controller, in their capacity as external data processors.
COMMUNICATION OF DATA
The Data Controller may communicate your data to Public Administration, Supervisory Bodies and/or Judicial Authorities as well as to all other subjects to whom the communication is obligatory or necessary by law. Your data will not be disseminated.
We inform you that we generally try to avoid data transfers outside the European Union. However, it is understood that the Data Controller will be entitled to transfer data to countries outside the EU, should it become necessary. In such a case, the Data Controller hereby assures you that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by entering, if necessary, into agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission and/or binding corporate rules.
All personal data provided will be processed in accordance with the principles of lawfulness, correctness, relevance and proportionality, only in the manner, including computer and telematic, strictly necessary to pursue the purposes described above. Personal data will be kept for the 6 years following the last contact made with the data subject or until the data subject requests cancellation. In this case, data related to the legitimate interest of the owner or necessary for the fulfillment of legal obligations may still be retained. It should be noted that the information systems used to manage the information collected are configured from the outset to minimize the use of personal data.
RIGHTS OF THE DATA SUBJECT
As a data subject, you have the rights under Art. 15 ff and Art. 77 GDPR, namely the rights to:
To obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organizations; when possible, the period for which the personal data are expected to be retained or, if this is not possible, the criteria used to determine this period; where the data are not collected from the data subject, all available information about their origin; the existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic used, as well as the importance and the expected consequences of such processing for the data subject.
Obtain from the data controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.
Obtain from the data controller information about personal data concerning him or her without undue delay, if any of the following grounds applies: ( a ) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; ( b) the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a), and if there is no other legal basis for the processing; (c ) the data subject objects to the processing in accordance with Article 21(1) and there is no overriding legitimate ground for processing, or objects to the processing in accordance with Article 21(2); (d ) the personal data have been processed unlawfully; and (e ) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;
Obtain from the data controller the restriction of processing when one of the following occurs: ( a ) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; (b ) the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests that its use be restricted; (c) although the data controller no longer needs the personal data for the purposes of processing, the personal data are necessary for the establishment, exercise or defense of a legal claim; (d) the data subject has objected to the processing pursuant to Article 21(1), pending verification as to whether the legitimate grounds of the data controller override those of the data subject.
To receive in a structured, commonly used and machine-readable format personal data concerning him or her that he or she has provided to a data controller and to transmit such data to another data controller without hindrance from the data controller to whom he or she has provided the data if the processing is carried out by digital means. In exercising his or her rights with regard to data portability, the data subject has the right to obtain the direct transmission of personal data from one controller to another, if technically feasible.
Object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her under Article 6(1)(e) or (f), including profiling on the basis of these provisions. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling insofar as it is related to such marketing.
Right not to be subjected to a decision based solely on automated processing, including profiling, that produces legal effects concerning him or her or that significantly affects him or her in a similar way.
Right to file a complaint with a supervisory authority under Art. 77.
WAYS OF EXERCISING RIGHTS
You may exercise your rights at any time by contacting the Holder at the following e-mail address: firstname.lastname@example.org
EXTERNAL MANAGERS AND APPOINTEES
The updated list of external data controllers and processors is kept at the registered office of the Data Controller.
MODIFICATION OF THE CURRENT DISCLOSURE
This notice was prepared on 2023-03-15 16:18:45 and may be subject to change over time, including in accordance with additions or amendments to relevant laws and regulations. The Interested Party is invited to consult this page often.