PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679
Creasens S.r.l. with sole shareholder (Tax Code: 02407440037), with registered office in Gattico (NO), via Maggiate n. 22, as Data Controller ex art. 4, par. 1, n. 7) and art. 24 EU Regulation 2016/679 (hereinafter GDPR) on the protection of personal data, in fulfilment of the obligations under art. 13 GDPR, provides this Information that details the purposes and means of processing of your personal data.
Please note that:
– personal data (ex art. 4, par. 1, no. 1) GDPR) means ‘any information concerning an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, with particular reference to an identifier such as name, an identification number, location data, an online identifier or to one or more elements characteristic of his physical, physiological, genetic, mental, economic, cultural or social identity’;
– for the processing of personal data (ex art. 4, par. 1, n. 2) GDPR) means ‘any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, recording, organization, structuring, storage, processing, selection, limitation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction’.
1. Holder of the Treatment and contact data
The Data Controller, pursuant to art. 24 of the GDPR, i.e. the person who determines the purposes and means of the processing is Creasens S.r.l. with sole shareholder (Tax Code: 02407440037) with registered office in Gattico (NO), via Maggiate n. 22, tel. +39 0322 831685, e-mail address: firstname.lastname@example.org.
2. Data processed
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified parties, but by their very nature could, through processing and associations, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters relating to the operating system and computer environment.
These data are used only to obtain anonymous statistical information on the use of the site and to check its proper functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site, as well as the compilation of the contact form or the transmission of data through other sections of the site, involves the subsequent acquisition of the sender’s address, necessary to respond to requests, and any other personal data entered by the user.
3. Purpose of processing and legal basis
3.1 Your personal data, object of the treatment, are used for the following purposes:
a) to respond to your specific requests;
b) to carry out legal and/or regulatory obligations of a fiscal, administrative and accounting nature;
c) to fulfil the pre-contractual, contractual and fiscal obligations relating to the conclusion and/or execution of contracts to which you are a party;
(d) protect the credit.
3.2 The processing of your personal data is based on art. 6, par. 1 letter. b) and c) of the GDPR.
4. Nature of the provision
For the purposes of art. 3.1, letters a), b), c) and d) of this Policy, the provision of data is necessary to respond to your requests and / or to perform the services provided by the Owner and any refusal will make it impossible to provide the same. In order to carry out the processing operations referred to in art. 3.1, letters a), b), c) and d) of this Information Notice, it is not necessary to obtain the consent of the Data Subject.
5. Methods of treatment
Data processing is carried out by paper, computer and telematic means, also with the aid of electronic means, by specifically authorised internal subjects and/or by third parties, according to logics strictly connected to the purposes of this document. The data are stored in electronic files and, residually, on paper, in such a way as to guarantee the security and confidentiality of the data. The processing of personal data is carried out in accordance with the principles underlying the GDPR.
6. Recipients of the data
Recipient of the data means, pursuant to art. 4, par. 1, no. 9) GDPR, ‘the natural or legal person, the service or another body that receives communications of personal data, whether or not it is a third party. However, public authorities that may receive communication of personal data as part of a specific investigation in accordance with EU or Member State law are not considered recipients; the processing of such data by such public authorities is in accordance with applicable data protection rules according to the purposes of the processing’.
It should be noted that, in relation to the purposes indicated above, personal data may be communicated to recipients in collaboration with the Owner or for the performance of legal obligations. These recipients are bound to absolute confidentiality regarding any information that may come to their attention and below, by way of example, we report the categories.
– Authorities, public administrations and supervisory and control bodies for their institutional purposes.
– Associated companies, subjects, consultants, consulting companies, professional firms that collaborate with the Data Controller for the achievement of the purposes indicated above and for the fulfilment of legal obligations.
– Subjects that provide services for the management of the Owner’s computer system.
– Professionals qualified for the purpose of the study and resolution of any legal and contractual problems.
– Banks or similar organisations.
7. Place of data processing and possible transfer of data abroad
The data processing activity is carried out within a Member State of the European Union (EU) or within a Member State of the European Economic Area (EEA).
However, the data processing activity may involve the transfer of data to a non-EU or EEA Member State. In this case, the Data Controller hereby guarantees that the transfer, if necessary, will only be carried out under the specific conditions set out in Articles 44 et seq. of the GDPR.
8. Dissemination and communication of data
Your personal data are not subject to disclosure or transfer.
Communication to third parties other than the Data Controller and the Data Processors – whether internal or external to the Data Controller’s organisational structure – identified and appointed pursuant to articles 24 and 28 of the GDPR is provided for where necessary.
In any case, the treatment by third parties will be in compliance with the principles of fairness, proportionality and necessity, as well as in compliance with applicable laws.
9. Storage times
The data will be kept in accordance with the principle of proportionality and in any case for a period not exceeding 10 fiscal years necessary for the performance of the purposes referred to in art. 3.1. of this Policy.
10. Data security
The Owner adopts the appropriate technical and organizational measures for data protection in order to prevent the loss of data, illicit or incorrect use and unauthorized access.
11. Rights of the interested party
We inform you that, according to art. 13, par. 2, letter b) GDPR, in relation to the processing of personal data in question, in order to ensure proper and transparent processing, the following rights can be exercised:
11.1. Right of information and access (ex art. 15 GDPR): in order to obtain from the Data Controller information on the existence or otherwise of data processing concerning you as well as access to your personal data and information on the purposes of the processing, the recipients or categories of recipients to whom the data are transmitted.
11.2. Right to rectification (ex art. 16 GDPR), deletion (ex art. 17 GDPR) and limitation (ex art. 18 GDPR): in order to request the Data Controller to rectify and delete your personal data and to limit the processing.
11.3. Right to portability (ex art. 20 GDPR): in order to receive in a structured format, commonly used and readable by an automatic device the personal data concerning you provided to the Data Controller and has the right to transmit such data to another holder, provided that this operation is technically feasible.
11.4. Right of opposition (ex art. 21 GDPR): in order to oppose the processing of your data.
For the exercise of the rights referred to in art. 13, par. 2, letters b) and e) GDPR, you may write to Creasens S.r.l. (C.F.: 020407440037) with registered office in Gattico (NO), via Maggiate n. 22, tel. +39 0322 831685, or to the following e-mail address: email@example.com,oppure contact the Data Controller at the following telephone number: +39 0322 831685.
12. Right of complaint or appeal
Pursuant to art. 13, par. 2, letter d) GDPR and art. 140 bis of Legislative Decree no. 196/2003, as amended by Legislative Decree no. 101/2018, it is also represented that if it is considered that the processing of data violates the European Regulation or the Code on the Protection of Personal Data, a complaint may be made to the Privacy Guarantor, pursuant to art. 77 GDPR or, alternatively, appeal to the judicial authority.