Regulation pursuant to and for the purposes of art. Reg 2016/679 13-14, EU
(EU General Data Protection Regulation)
PA.RO. Srl takes the user’s privacy seriously and is committed to compliance with the same.
We would like to inform you that EU reg. 2016/679 (“The European General Data Protection Regulation”) lays down rules relating to the protection of natural persons and other subjects with regard to the processing of personal data.
In accordance with the Articles 13 and 14, we hereby provide the following information:
1. Purposes, legal basis of personal data processing
The processing of the personal data you supply is aimed solely at fulfilling the contractual obligations or at carrying out your specific requests, as well as at fulfilling regulatory obligations, in particular those regarding accounting or taxation.
By legal basis of the processing we means the source /the origin / the justification of the processing according to the law, in the fulfillment of a contract, in the satisfaction of a data subject’s r equest from.
- Fulfillment of the task / service required
- Taxes or duties
- Management of information systems
- Bank tasks
- Legal services
- Possible update on regulatory and / or services news through appropriate analogue or digital channels
2. Source from which the data come from
The data referred to in the processing come from the following sources:
- Directly communicated by the data subject (or his representative) , by phone, by fax or email
- Posted on the Site by the data subject (or his representative)
- Found on paper lists
- Found on web sites (eg: White pages, business directories, or anywhere in the domain)
- Public registers
- Sent by consultants of the data subject,previously authorized by the same
For the purposes indicated above, the data controller can learn about the data defined as “sensitive” in accordance with the EU Reg. 2016/679 , such as the judicial, economic / bank ones.
3. Processing method
In relation to the above-mentioned purposes, your data will be processed electronically and on paper. The processing operations are fulfilled in such a way as to guarantee logical or physical security and the privacy of your personal data.
4. Legitimate interests of controller or third parties.
The purposes of the processing depend on the nature of the assignment entrusted to the Company, on the sending of updating newsletters or newsletters promoting services of potential interest by the Company, by sister companies or subsidiary companies.
5. Nature of personal data
The processing regards your personal, sensitive, judicial data related to the performance of the service you requested.
During the performance of the service it may be necessary to acquire and carry out processing operations on your sensitive and judicial personal data. You will be asked to express your consent in writing.
6. Compulsory or optional nature of the provision
The provision of your personal and sensitive data is not obligatory, but any refusal could make the provision of the services requested impossible or extremely difficult.
7. Scope of communication and circulation of data
Your data may be transferred to:
- all those whose access to such data is recognized by virtue of regulatory provisions;
- our collaborators, employees, as part of their duties;
- our external consultants as part of their duties (Fiscal, Safety or Legal Advice)
- all those natural and / or legal people, public and / or private when the transfer is necessary or functional to the performance of our activity and in the ways and for the purposes mentioned above;
- to our sister or subsidiary companies for the publicity of services potentially interesting for the data subject.
8. Transfer of personal data to a third country
9. Procedure and duration of personal data retention
PA.RO. Srl undertakes to protect the security of the user’s personal data and complies with the provisions on security provided for by the law so as to avoid data loss, illegitimate or illegal use of data and unauthorized access to the same, with particular reference to the Technical Guideline for minimum security measures. Furthermore, the information systems and computer programs used by PA.RO. Srl are configured so as to minimize the use of personal and identification data; these data are processed only for the achievement of the specific purposes pursued from time to time.
PA.RO. Srl makes use of multiple advanced security technologies and procedures in order to promote the protection of the user’s personal data; for example, personal data are stored on safe servers located in protected and controlled places. The user can help PA.RO. Srl to update and check his /her personal data communicating any changes regarding his/her address, qualification, contact details, etc.
Personal data are processed both in paper and electronic form and enter the company information system in the full compliance with EU Reg. 2016/679, including security and confidentiality profiles and based on the principles of correctness and lawfulness of processing. In accordance with EU Reg. 2016/679, data are kept and stored from one year, minimum duration of the service required, to a maximum of 10 years for tax purposes.
10. Data controller
The data Controller is PA. RO. Srl – Via Verdi, 15 – 46019 VIADANA (MN) tel. +39 0375 780414 fax +39 0375 781494 email email@example.com
11. Rights of the data subject
11.1 Article 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679
The data subject shall have the right to obtain from the data controller confirmation as to whether or not personal data
concerning him or her are being processed, and, where that is the case, access to the personal data and the following
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing.
f) the right to lodge a complaint with a supervisory authority;
g) the existence of an automated decision-making, including profiling and, at least in those cases, meaningful information about the logic used, as well as the significance and the envisaged consequences of such processing for the data subject.
11.2 Right provided for by art. 17 of the EU Reg. 2016/679 – Right to erasure («right to be forgotten»)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point a) of Article 6(1), or point
a) of Article 9(2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of EU Reg. 2016/679
11.3 Right provided for by art.18 “Right to restriction of processing”
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) EU Reg. pending the verification whether the legitimate grounds of the controller override those of the data subject.
11.4 Right provided for by art.20 “Right to data portability”
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
12. Revocation of consent to processing
The data subject may revoke his/her consent to the processing of his/her personal data by sending a registered letter to the following address: PA.RO. Srl – Via Soragna, 38 – 46019 Viadana MN or by e-mail to the following address: firstname.lastname@example.org enclosing a photocopy of an identity document and using the form “Privacy_Exercise Rights” on the website or by asking for it to the Company.
At the end of this operation your personal data will be removed from the processing files in the shortest possible time keeping them usable exclusively for legal purposes.
If you want more information on the processing of your personal data, or exercise the rights referred to in the previous point, you can send a registered letter to the following address: PA.RO. Srl – Via Soragna, 38 – 46019 Viadana MN or an email to the following address: email@example.com enclosing a photocopy of your identity document and using the form “Privacy_Exercise Rights” on the website or by asking for it to the Company.
Before we can provide, or change any information, we may need to check your identity and you may be requested to answer some questions. A reply will be provided as soon as possible.