Information on the processing of personal data
according to European Regulation no.679/2016
The Company, as data controller, undertakes to protect the confidentiality and rights of the Data Subject and, according to the principles established by the aforementioned regulations, the processing of the data provided will be based on principles of correctness, lawfulness and transparency.
- PURPOSE OF THE TREATMENT
The personal data of the interested parties will be processed by the Company for the following treatment purposes:
- fulfill the pre-contractual and contractual obligations necessary to offer the sales service to the Interested Party if the latter has made a purchase or to offer any other services requested by the interested party;
- carry out all administrative, accounting and fiscal activities related to the purposes referred to letter a) and comply with the provisions of laws and regulations, national and foreign, or execute an order of the judicial authority or other authorities to which the Owner is subject;
- exercise the rights of the owner including that of defense in court.
The conferment of data is optional, however, failure to provide data and / or any refusal to process will make it impossible for the data controller to process the services requested.
The processing of data is lawful pursuant to art. 6 GDPR letters b) and c) since the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures taken at the request of the same; the processing is necessary to fulfill an obligation to which the data controller is subject.
As the purpose falls within the legal / economic management of the contractual relationship, the consent of the Data Subject is not necessary for data processing.
- PROCESSING METHODS
Data processing is carried out electronically and / or on paper, by recording, processing, archiving and transmission of data, also with the aid of IT tools.
The tools and supports used in the course of the processing activities are suitable to guarantee the security and confidentiality of the data.
In carrying out the processing activities, the Company undertakes to:
a) ensure the accuracy and updating of the processed data and promptly acknowledge any adjustments and / or additions requested by the interested party;
b) adopt appropriate security measures to ensure adequate data protection, considering the potential impacts that the treatment involves on the fundamental rights and freedoms of the interested party;
c) notify the interested party, in the times and in the cases provided for by the binding legislation, of any violation of personal data;
d) ensure compliance of processing operations with applicable legal provisions.
- COMMUNICATION AND DIFFUSION OF DATA
Without prejudice to the communications made in fulfillment of legal obligations, the personal data of the interested party may be known, in addition to the data controller, by:
a) Employees and collaborators of the Owner as authorized data processing personnel;
b) administrative / accounting and company organization consultants;
c) authorities in general, administrations, public bodies and organizations;
d) business partners of the Controller in charge of the management of the services referred to in point 1;
e) Information Technology service providers;
exclusively for the purposes listed above according to any consent granted by the Interested party.
Personal data are not subject to disclosure.
- TRANSFERS ABROAD
Personal data will be stored and processed within the European Union.
In the event of any processing of personal data outside the European Union, the same will only occur after the adoption of adequate guarantees, as required by the binding legislation.
- DATA CONSERVATION POLICY
The Company will process the data of the Interested parties for the time strictly necessary to fulfill the purposes set out in point 1 and in any case for no more than 10 years from the termination of the contract, unless otherwise provided by law. Once the storage terms described above have expired, the data will be destroyed or made anonymous.
- RIGHTS OF THE INTERESTED PARTY
The interested party can assert his rights, recognized by the binding legislation and in particular by the articles. from 15 to 22 of the GDPR, such as:
a) right of access: the right to obtain from the Data Controller confirmation that personal data is being processed and, in this case, to obtain access to personal data and to further information on the origin, purpose, categories of data processed , recipients of communication and / or transfer of data, etc .;
b) right of rectification: right to obtain from the Owner the correction of incorrect personal data without unjustified delay, as well as the integration of incomplete personal data, also by providing an additional declaration;
c) right to cancellation: right to obtain from the Data Controller the cancellation of personal data without unjustified delay in the event that:
– personal data are no longer necessary with respect to the purposes of the processing;
– the consent on which the treatment is based has been revoked and there is no other legal basis for the treatment;
– personal data have been processed unlawfully;
– personal data must be deleted to fulfill a legal obligation.
d) right to object to processing: the right to object at any time to the processing of personal data which have as their legal basis a legitimate interest of the Data Controller;
e) right to limit processing: the right to obtain from the Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the treatment is unlawful and the interested party has opposed the processing, if the personal data are necessary for the interested party to ascertain, exercise or defend a right in court, if as a result of the opposition to the treatment the Interested is awaiting verification of the prevalence or otherwise of the legitimate interest of the owner;
f) the right to data portability: the right to receive personal data in a structured, commonly and automatically readable format, and to transmit this data to another data controller, only for cases where the processing is based on consent or on a contract and only for data processed by electronic means;
g) the right not to be subjected to automated decisions: the right to obtain from the Owner not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects that affect the interested party or that significantly affect his person, except that such decisions are necessary for the conclusion or execution of a contract or are based on the consent given by the interested party;
h) the right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial appeal, the interested party who considers that the treatment concerning him / her is in violation of the GDPR has the right to lodge a complaint with a supervisory authority.
In order to exercise the rights provided by the GDPR, the interested party may at any time exercise the rights by sending:
- by e-mail at: firstname.lastname@example.org
- or by registered mail with REGISTERED RETURN receipt to the Data Controller:
PMR System Group Srl – Via Bertacciola, 41 – 20813 Bovisio Masciago (MB).
- OWNER, MANAGER AND APPOINTED
We inform you that the Data Controller you provide is PMR System Group Srl, Via Bertacciola, 41 – 20813 Bovisio Masciago (MB), C.F./P.IVA 05389560961.
Your personal data will be processed exclusively by personnel appointed by PMR or its external suppliers appointed as data processors.
You can request a complete and updated list of the persons appointed responsible for processing by contacting the Data Controller.