Privacy

Pursuant to Art. 13-14 of the GDPR (General Data Protection Regulation) 2016/679

We inform you that, for the establishment and execution of contractual relationships, our organisation may come into possession of your data, acquired even verbally, directly or through third parties, classified as personal data under European Regulation 2016/679 (GDPR) and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.

In accordance with the aforementioned legislation, such processing will be based on the principles of fairness, lawfulness, transparency and protection of your privacy and rights, as further detailed below.

What types of data are processed?

We process your personal, tax, contact and financial data necessary for the performance of contractual relationships, current or future, communicated by you at the time of conclusion and execution of contracts, or by virtue of pre-contractual relationships and negotiations.

We do not hold any data of yours that could be classified as special categories or judicial data (Art. 9 and 10 of the GDPR), which would in any case be processed in the presence of a specific legitimate legal basis.

Is data of minors processed?

The Controller’s Services are not intended for individuals under 18 years of age, and the Controller does not intentionally collect personal information relating to minors. Where the person providing the data is a minor, such processing is lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility, from whom identifying data and a copy of identity documents are collected. Otherwise, should information about minors be inadvertently recorded or collected, the Controller will delete it promptly.

What are the purposes, duration and legal basis of the processing?

Your data is processed for the entire duration of the contractual relationship and also subsequently, without your express consent pursuant to Art. 6(b) and (f) of the GDPR, solely and exclusively for the following purposes:

• to fulfil pre-contractual, contractual and tax obligations;
• to comply with obligations imposed by law, regulation, EU legislation or an order from an Authority;
• to exercise the Controller’s rights, for example the right of defence in legal proceedings.

For any other types of processing, your specific consent pursuant to Art. 6(a) of the GDPR will be requested.

The Controller will process personal data for the time necessary to fulfil the above purposes and in any case for no longer than 10 years from the termination of the relationship.

Please note that, if you are already a customer, we may send you commercial communications relating to the Controller’s services and products similar to those you have already used, unless you object (Art. 130 of Legislative Decree 196/2003 and Art. 21(2) of the GDPR).

What happens if data is not provided?

With regard to data we are required to know in order to comply with legal obligations, failure to provide such data will make it impossible to establish or continue the relationship, to the extent that such data is necessary for its execution.

Who may access your data?

The following categories of subjects may access your data, as data processors or authorised persons appointed by our organisation, as data controller:

• directors, administrators and auditors;
• internal secretarial offices;
• accounting and invoicing staff;
• commercial services staff;
• third-party subjects (e.g. providers for website management and maintenance, suppliers, credit institutions, professional firms, etc.) performing outsourced activities on behalf of the Controller, in their capacity as external data processors;
• supervisory bodies, judicial authorities, and all other subjects to whom disclosure is required by law for the purposes indicated.

How is your data disclosed?

Your data will not be disclosed to unidentified subjects by making it available or accessible. Your data may be communicated, within their respective and specific competence, to public and private entities where we have an obligation or need to do so by law or regulation, as well as to our consultants, to the extent necessary for them to carry out their assignments, subject to a letter of appointment imposing a duty of confidentiality and security.

Only where necessary, Personal Data may be transferred abroad to non-EU countries whose level of data protection has been deemed adequate by the European Commission pursuant to Art. 45 of the GDPR, or subject to the execution of Standard Contractual Clauses adopted/approved by the European Commission pursuant to Art. 46(2)(c) and (d), or subject to the adoption of other guarantees referred to in Art. 46 and 47 of the GDPR.

What are your rights?

As a data subject, you have the rights set out in Art. 15 of the GDPR, specifically the rights to:

1. obtain confirmation as to whether or not personal data concerning you exists, and to have such data communicated in an intelligible form;
2. obtain information on:
   • the origin of personal data;
   • the purposes and methods of processing;
   • the logic applied in the case of processing carried out with electronic instruments;
   • the identifying details of the controller, processors and the designated representative;
   • the subjects or categories of subjects to whom personal data may be communicated;
3. obtain:
   • the updating, rectification or integration of data;
   • the erasure, anonymisation or blocking of data processed in violation of the law;
   • confirmation that the above operations have been brought to the attention of those to whom the data was communicated;
4. object, in whole or in part:
   • on legitimate grounds, to the processing of personal data concerning you;
   • to the processing for the purposes of sending advertising material, direct selling, market research or commercial communications.

Where applicable, you will also have the rights under Art. 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.

Data Controller

AUGUSTO BELLINVIA SRL
Tax Code and VAT No.: 04915290011
Registered office: Via G. Giacosa, 9 — 10098 Rivoli (TO), Italy
Email: info@augustobellinvia.it