EMILGRIP S.r.l. headquartered at Via della Pace No. 4 – 43019 Soragna (Parma, Italy), tax ID code and VAT number: 00731200341 (the “Data Controller”), as the controller of the data processing, hereby informs you, as required by Article 13 of Italian Legislative Decree No. 196 of 30.6.2003 (the “Privacy Code”) and Art. 13 of EU Regulation No. 2016/679 (the “GDPR”) that your data will be processed for the following purposes, by the following methods:
Object of the data processing
The Data Controller will process your personal identification details (for example: name, surname, company name, address, telephone number, email address, bank details and payment details – the “Personal Data” or also “Data”) provided by you during meetings relating to the fulfilment of services requested by you from EMILGRIP S.r.l..
Purpose of the data processing
Your personal data will be processed:
- without your express authorisation (Art. 24 (a), (b), (c) of the Privacy Code and Art. 6 (b), (e) of the GDPR), for the following Purposes:
- to conclude contracts for services delivered by the Data Controller;
- to fulfil pre-contractual, contractual and tax obligations deriving from our relations with you;
- to fulfil obligations imposed by laws, regulations, EU legislation or orders of the authorities (for example, with regard to anti-money laundering rules);
- to exercise the rights of the Data Controller, for example the right of defence in legal proceedings.
Your data will be processed by means of the operations indicated in Art. 4 of the Privacy Code and Art. 4 (2) of the GDPR, specifically: collection, recording, organisation, storage, consultation, processing, amendment, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of the data.
Your personal data will be processed on paper and also using electronic and/or automated means. The Data Controller will process your personal data for the time necessary to fulfil the above purposes but in any case, for no longer than 10 years from termination of the contract relating to the Purposes.
Access to Data
Your data may be made accessible for the purposes referred to in Art. 2.A) and 2.B):
- to employees and collaborators of the Data Controller, in their capacity as persons authorised internally within the organisation to process the data, and/or to system administrators;
- to third-party companies or other persons (including banks, professional firms, consultants, insurance companies regarding the provision of insurance services etc.), who perform outsourced services on the Data Controller’s behalf in their capacity as external data processors.
Communication of Data
Without the need for express consent (Art. 24 (a), (b), (d) of the Privacy Code and Art. 6 (b) and (c) of the GDPR), the Data Controller may communicate your data for the purposes of Art. 2.A) to supervisory or judicial authorities, insurance companies for the provision of insurance services, and to anyone who is legally required to receive the data in order to fulfil the stated purposes. The above persons will process the data as independent data controllers. Your data will not be circulated.
Your personal data will be kept within the European Community.
Nature of provision of data and consequences of refusal to provide it
Provision of the data for the purposes indicated in Art. 2.A) is obligatory. If the data is not provided, we cannot guarantee the Services referred to in Art. 2.A). Provision of the data for the purposes indicated in Art. 2.B) is optional. You may decide not to provide any data or to revoke consent for the processing of data already provided: in such a case you will not receive any newsletters, sales communications or advertising material relating to the Data Controller’s Services. You will still have the right to the Services referred to in Article 2.A).
Rights of the data subject
As the data subject, you have the rights set out in Art. 7 of the Privacy Code and Art. 15 of the GDPR and namely:
- to obtain confirmation as to whether or not personal data concerning you is being processed even if not yet recorded, and its communication in an intelligible form;
- to obtain details of:
- the origin of the personal data;
- the purposes and methods of the processing;
- the logic applied in the case of processing by electronic instruments;
- the identification data of the Data Controller, the data processors and the representative designated in accordance with Article 5 (2) of the Privacy Code and Article 3 (1) of the GDPR;
- the persons or categories of person to whom the personal data may be disclosed or who may receive that information in their capacity as the designated representative on State territory or as data processor or authorised person;
- to obtain:
- the updating, rectification or, where there is an interest, the integration of the data;
- the erasure, anonymisation, restriction or blocking of data that has been processed unlawfully, including data that is no longer required for the purpose for which it was collected or subsequently processed;
- confirmation that the above operations and their content have been brought to the attention of the persons to whom the data was disclosed or circulated, apart from cases where this is impossible or results in the use of resources that are manifestly disproportionate to the right being protected;
- portability of your data.
Where applicable, you also have the rights referred to in Articles 16-21 of the GDPR (right of rectification, right to be forgotten, right to the restriction of processing, right to portability of the data, right of objection) and the right to make a complaint with the data protection authority.
Exercising your rights
You may exercise your rights at any time by sending a certified email to email@example.com.
Data controller, data processor and authorised persons
The Data Controller is EMILGRIP S.r.l. headquartered at Via della Pace no. 4 – 43019 Soragna (Parma, Italy).
The updated list of the data processors and authorised persons can be obtained from the head office of the Data Controller.