INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA
pursuant to article 12 of EU Regulation 679/2016
EU Regulation 2016/679 (“General Data Protection Regulation”), hereinafter referred to as the “Regulation”, concerns the protection of natural persons with regard to their personal data and states that the processing of such data must be in compliance with the principles of fairness, lawfulness and transparency, with a view to increasing the accountability of data processors.
According to the Regulation, personal data means any information relating to an identified or identifiable natural person (‘data subject’) and processing means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by electronic or automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Your relationship with our company means that we are in possession of certain data referable to you, which have been acquired, even verbally, directly or through third parties that carry out operations concerning you and that, in order to satisfy your requests, have acquired and provided us with information. You will be given all the guarantees laid down in the Regulation.
Zucchetti Centro Sistemi SpA, therefore, in its capacity as Data Controller, will process your data in compliance with the applicable legislation, ensuring maximum protection, also in terms of confidentiality.
We are therefore pleased to provide you with the following information (in accordance with article 12 et seq. of the Regulation), committing ourselves to protect your personal data from unauthorised access or disclosure and improper use, and to make sure it is kept accurate and up to date.
1. Data Controller.
The Data Controller, i.e. the entity which determines the purposes and means of the processing of personal data, is Zucchetti Centro Sistemi Spa with registered office in Terranuova B.ni (AR), Via Lungarno no. 305/A – 01262190513 – 0559197200 – firstname.lastname@example.org – email@example.com
2. Personal data collected
You may be requested to provide, even partially, the following data:
- personal data, tax code, VAT number, company name, registered office, residence and domicile and contact details;
- data relating to the contractual relationship, describing the type of contract, as well as information relating to its execution and necessary for the performance of said contract;
- accounting data relating to the economic relationship, amounts due and payments, their periodic performance, and a summary of the accounting statements;
- data to make the relationship with our organisation more defined and our collaboration and operations more efficient and effective;
- data relating to your employees and/or collaborators, information regarding the profession carried out or regarding your company.
To achieve the purposes referred to in the following paragraph, it may be necessary to know the data referred to in article 9 of the Regulation (e.g. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in parties, trade unions, associations or organisations of a religious, political, philosophical or union nature, biometric data intended to uniquely identify a natural person, data concerning health or sex life or sexual orientation). If such data are collected, in accordance with the legislation, they can only be processed with your written consent and for the specific purpose for which they are collected (article 9, letter c) of the Regulation), as well as in the cases referred to in letters b) to j) of article 9 of the Regulation.
3. Legal basis and purpose of the processing.
The personal data provided allows, on the one hand, to carry out all the executive activities relating to your contract or relationship with our company, and on the other hand, to provide and offer new services and products that meet your needs.
In particular, your personal data are processed for the following purposes and legal basis:
1) Without your prior consent for the contractual purposes and in particular to
- execute the contract or fulfil pre-contractual commitments such as to provide, activate, suspend and manage products and services, issuing the relative invoices and sending service communications and assistance, or to provide all the services included in the commercial offer and improve technical assistance, customer care, services and products, also through statistical analyses aggregated on an anonymous basis; to allow you to download, use, and maintain the ZCS apps on your devices.
- pursue the legitimate interests of the Data Controller to manage complaints and disputes, to recover debts, prevent fraudulent and illegal activities, to exercise the rights and protect the legitimate interests of the Data Controller or third parties such as the right of defence in court, to send commercial communications to the email address provided relating to ZCS services and products, all emails sent must contain an appropriate link to allow the recipient to opt-out of receiving future emails.
- comply with legal obligations such as fulfilling the obligations provided by laws, regulations, community standards, orders and provisions of the competent authorities.
2) Only after you have given your consent, for other non-contractual purposes, and specifically for
d) marketing purposes, i.e. to inform you by ordinary letters, telephone calls and email notifications on apps and in newsletters of ZCS initiatives and offers, and to propose questionnaires and market research surveys
e) profiling purposes, i.e. to analyse, also automatically, your preferences and interests and to propose personalised services, contents, initiatives and offers (by ordinary letters, telephone calls, email notifications on apps and in newsletters )
4. Processing method
The personal data collected will be recorded, processed and stored in our files, using both paper and electronic tools, in compliance with the appropriate technical and organisational measures referred to in article 32 of the Regulation.
The personal data will be processed in compliance with the principles of fairness, lawfulness and transparency, using methods that are compatible with the purposes for which they were collected.
The processing may be carried out using paper and/or electronic tools, in any case suitable to ensure the security and confidentiality and with the use of appropriate procedures that prevent the risk of loss, destruction, accidental damage, theft, unauthorised access or processing, unlawful use, unwanted changes and dissemination.
5. Mandatory or optional nature of data provision and consequences of refusal to provide data.
The provision of data is optional, although the failure to provide data may, in fact, make it impossible to fulfil the contractual obligations.
6. Disclosure of data to third parties.
Your data will be processed by the Data Controller, Data Processors and persons strictly authorised to process data, in any case through the adoption of technical-organisational measures suitable to comply with the privacy laws.
In particular, your data may be communicated or disclosed to:
- companies/professional firms that provide assistance, advice or collaboration to the Data Controller in accounting, administrative, tax, legal and financial matters;
- public administrations, so that they can perform the institutional functions within the limits established by law;
- third-party service providers to whom the communication is necessary in order to provide the contractual services.
Your data may be communicated following audits or inspections to supervisory bodies, legal authorities and to other parties to whom the communication is required by law.
It should be noted that the role of Data Processors is held by external companies that have entered into a contract with our company, and that require your personal data in order to fulfil the obligations under this contract.
In order to know the Data Processors, if appointed, and to know the people who will be appointed in the future for this function, data subjects may send a request to the Data Controller at the above-mentioned address.
It should be noted that the Data Processors mentioned above do not deal with requests to exercise the rights of data subjects under articles 15 et seq. of the Regulation. This activity is carried out exclusively by this company in its capacity as Data Controller.
7. Intention of the Data Controller
Within the limits strictly necessary to execute the contractual relationship, your personal data may be communicated to third parties, such as suppliers of products and/or services, located both inside and outside the European Union. Any transfer to non-EU countries (and in any case to countries recognised as “adequate” by the EU according to the regulation) are designated by specific instruments designed to ensure that the recipient complies with the appropriate guarantees provided for by the laws in force.
8. Period of data retention.
The data collected will be stored in a form that allows identification of data subjects for the entire duration of the relationship between you and our company, as well as for 10 years after the date of termination of the relationship. If data not relating to the contractual administrative and accounting obligations are processed, said data will be kept for the time necessary to achieve the purpose for which they were collected. You will be informed of the retention times of these data at the time of collection by means of specific information notices.
9. Rights of data subject.
a) For the purposes of article 15 of the Regulation, you have the right to obtain confirmation as to whether or not your data is being processed and, where that is the case, to obtain access to such data and, in particular to the following information:
- purpose of the processing;
- categories of personal data concerned;
- recipients or categories of recipients to whom the personal data have been or will be disclosed;
- where possible, the envisaged period for which the personal data will be stored, or if not possible, the criteria used to determine that period;
- the existence of the right of the data subject to request the Data Controller to rectify or erase personal data or restrict the processing of personal data concerning him or her or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of an automated decision-making process, including profiling.
b) You have the right to withdraw your consent at any time without this affecting the lawfulness of the processing based on the consent before its withdrawal.
c) Where applicable, based on articles 16, 17, 18 and 20 of the Regulation, you have the right to the erasure (art. 16) and rectification of your data (art. 17), as well as the right to restrict their processing (art. 18) and to receive the above personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller (art. 20).
You also have the right to lodge a complaint with a supervisory authority.
d) You have the right to object to the processing of personal data that concerns you at any time, including profiling, pursuant to and within the limits of article 21 of the Regulation;
e) Pursuant to article 22 of the Regulation, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you personally;
f) If you consider that the processing of your personal data is unlawful, you have the right to lodge a complaint with a supervisory authority.
10. Modalities for the exercise of rights
The above rights can be exercised at any time by sending:
a) a registered letter to Zucchetti Centro Sistemi SpA, Via Lungarno n. 305/A, 52028, Terranuova B.ni (AR);
b) Certified email to: firstname.lastname@example.org
c) email to email@example.com
11. Sale or rental of personal data.
The Data Controller does not sell or rent personal data.
12. Existence of an automated decision-making process.
There is no automated decision-making process.
13. Amendment of these terms