INFORMATION FOR THE PROCESSING OF PERSONAL DATA EX ART. 13 GDPR

Dear interested person,

pursuant to art. 13 of the GDPR (EU Regulation 2016/679) , the following information is provided, in accordance with the principle of transparency, in order to make the interested party aware of the characteristics and methods of processing of their data.

1. Data controller

The Data Controller is Microgeo Srl with registered office in Via San Quirico n. 306 – 50013 Campi Bisenzio (FI) and can be contacted at the following addresses: e-mail at info@microgeo.nondimenticarti.it and tel. 055-8954766. The Data Controller of your personal data is responsible towards you for the legitimate and correct use of the same.

2. Source and type of data

Your personal data being processed by the Data Controller directly provided by you are: contact details (name, surname, telephone number, e-mail address, etc.), data relating to your profession or your role within the the institution in which he works and, in the event that you stipulate the contract with Microgeo as a natural person, also your personal and tax data which will be used for the purposes described below and based on the following legal bases:


PURPOSE LEGAL BASIS

1.     Correct and complete execution of the contract , as well as execution of pre-contractual measures requested by the interested party.

Necessity of processing by the Data Controller for the execution of obligations deriving from pre-contractual measures requested by the interested party or the existing contract, pursuant to art. 6 co. 1 letter b).

2.     Fulfilment of legal obligations incumbent on the Data Controller (e.g. the conservation of billing data).

Necessity of processing by the Data Controller to fulfil legal obligations deriving from current legislation, pursuant to art. 6 co. 1 letter c).

3.     Establish, exercise or defend a right in court or whenever the jurisdictional authorities exercise their jurisdictional functions.

Necessity of processing by the Data Controller for the legitimate interest of the same, pursuant to art. 6 co. 1 letter f).

3. Treatment methods

The data processing is carried out through IT procedures or in any case telematic means or manually and with paper supports by internal or external subjects specifically appointed and authorized for this purpose and committed to confidentiality. The processing may therefore include collection, recording, organisation, storage and processing operations on paper, automated or electronic media.

The processing is monitored by adequate technical and organizational security measures, such as, among other things, electronic archives protected by authentication credentials, access reserved only for authorized and periodically updated profiles, firewalls, antivirus, antispam, back-up systems and data recovery in case of accidents, maintenance services, limitation of the possibility of access to the paper archive.

4. Recipients and categories of recipients of personal data

The data collected will not be disclosed or disseminated and will be processed within the Company by subjects authorized to process the data under the responsibility of the Data Controller and for the purposes indicated above.

The data may be communicated to external data processors who have stipulated specific agreements, conventions/protocols of understanding or contracts with the data controller (e.g. accountants, lawyers and other consultants who provide functional services for the purposes indicated above) as well as to all subjects whose right to access such data is recognized by virtue of regulatory provisions (e.g. authorities and public bodies).

5. Transfer of data to a third country

The Data Controller will not transfer your data to third countries and international organizations.

6. Data retention period

Your data will be processed and stored for the time necessary for the execution of the contract as well as for the fulfillment of administrative, accounting and tax purposes and for the fulfillment of the related obligations and in any case within the statutory deadlines established by law for the exercise of rights. descending from the contractual relationship even after its definitive termination and those possibly necessary for the settlement of the dispute arising in the meantime , if longer. In any case, the processing of data cannot exceed a duration of 10 years starting from the termination of the contractual relationship.

7. Rights of the interested party

You will be able to exercise the rights recognized to you at any time, including: (a) access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom they can be communicated, of the applicable retention period, of the existence of automated decision-making processes; (b) obtain without delay the rectification of inaccurate personal data concerning you; (c) obtain, in the cases provided for, the cancellation of your data; (d) obtain the limitation of processing, when possible; (e) request the portability of the data provided to third parties specifically indicated by you, or to receive them in a structured, commonly used and machine-readable format, also to transmit such data to another owner, without any impediment, in all the cases in which this is necessary by law; (f) lodge a complaint with the Personal Data Protection Authority.

The exercise of the aforementioned rights is subject to the limits, rules and procedures established by European Regulation 679/16 that the interested party must know and implement. Furthermore, in accordance with the provisions of article 12 paragraph 3, the Data Controller will provide the interested party with information relating to the action taken without unjustified delay and, in any case, at the latest within 30 days of receiving the request. This deadline may be extended by 60 days, if necessary, taking into account the complexity and number of requests.

The Data Controller informs the interested party of this extension, and of the reasons for the delay, within 30 days of receiving the request.

To exercise these rights, simply send a written request to the Data Controller or to the Personal Data Protection Officer at the addresses below using the appropriate forms available at the headquarters or on the institutional website.

8. Failure to provide data and its consequences

The provision of your personal data is necessary for the execution of the existing contract between the parties as well as to fulfill legal obligations incumbent on the Data Controller. Therefore, in the event of failure to provide your personal data, the Data Controller may terminate the contractual or pre-contractual relationship with you.

9. Different purpose of the processing

If the Data Controller intends to process your personal data for a purpose other than that for which they were collected, before such further processing, he will provide you with information regarding this different purpose and any further relevant information.

10. Profiling

The Data Controller does not use automated processes aimed at profiling.


MicroGeo © 2024 powered by Webolik. Tutti i diritti riservati

Seguici sui nostri social

×

Contattaci tramite Whatsapp

× Come possiamo aiutarti?