PRIVACY POLICY

INFORMATION NOTICE ON PERSONAL DATA PROCESSING

ACCORDING TO REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (GENERAL DATA

PROTECTION REGULATION – GDPR)

***

Colorobbia Consulting with registered office in Via Pietramarina n.53, Vinci, Vat 03795100480 acting as Data Controller of the personal data concerning natural persons, does hereby inform you, pursuant to art. 13 of the EU Regulation n. 2016/679 (hereinafter also referred to as “General Data Protection Regulation” or “GDPR”) that your personal data (hereinafter referred to as “Personal Data” or “Data”) will be processed (as to the definition of “processing”, please refer to art. 4.2 of the GDPR) in the manner and for the purposes hereinafter specified.

 

  1. – Purpose and Legal Basis of Processing

Personal Data such as, by way of example, contact details exchanged or collected reciprocally by the Parties in the course of stipulation and performance of this agreement, including personal and fiscal data, will be processed (as to the definition of “processing”, please refer to Chapter 4, paragraph 1, No. 2 of the GDPR) for purposes related to compliance with the applicable laws and regulations in civil, fiscal and tax matters as well as provisions issued by the competent authorities, to the activities as to the verification of the requirements provided by the Anti-mafia legislation, to the activities relating to the management of the contractual relationship in compliance with the regulations in force, to the need of bringing judicial proceeding or to defend a right before competent courts as provided for by the laws and regulations in force.

The legal basis of the processing is based (merely by way of example) on the establishment, execution and termination of the agreement stipulated between the Companies and on the obligations under said agreement connected and/or directly and/or indirectly arising from it.

  1. Retention period of your Personal Data

The Data provided to us will be kept for the entire duration of the contract entered into with our Company and, subsequently, for no longer than necessary for the achievement of purposes relating to the fulfilment of regulatory obligations in administrative-accounting, tax, fiscal and civil law matters

 

  1. How we process your Personal Data

 

Data processing will take place through appropriate means intended to ensure security and confidentiality of information in compliance with the provisions set forth in Chapter II (Principles) and Chapter IV (Data Controller and Data Processor) of the GDPR.

Data may also be processed by automated means used to store, manage or transmit the information.

The processing of your Personal Data takes place by means of the operations indicated in art. 4, no. 2) of the GDPR, to which reference is made for any useful purpose.

  1. Framework for the free movement of Personal Data

Your Personal Data may be disclosed to all individuals who need to access your data for the purpose of performing support, instrumental and auxiliary activities to those of provided by our Company concerning the contractual relationship between us, within the limits strictly necessary to perform the aforementioned tasks.

Personal Data may be processed by third-party companies performing activities on behalf of the Data Controller, acting as external data processors (including, but not limited to: credit institutions, professional firms, suppliers/consultants managing and/or participating in the management and/or maintenance of the electronic and/or telematic tools we use) designated for the period strictly necessary for the optimal performance of said.

Pursuant to art. 6 letters b) and c) of the GDPR, the Data Controller may be legally obliged to disclose your Personal Data to supervisory bodies, judicial authorities and any other third party, if required to do so by law, without the Data Subject explicit consent.

  1. Nature of processing

With reference to the purposes herein specified, your Personal Data is strictly necessary. The data collected, subject-

matter of this information notice, are essential for the completion of the contractual relationship and for the subsequent

execution of the contractual relationship deriving from it. Any refusal to provide the requested Data and/or their

inaccuracy could make it impossible for the Data Controller:

  1. to comply with the laws and regulations in force in civil, fiscal and tax matters as well as to abide by the provisions issued by the competent authorities;
  2. to ensure a correct regulatory, technical and economic management of the contractual relationship;
  3. to bring judicial proceedings or to defend a right before a competent court as provided for by the laws and regulations in force.

 

6. Data disclosure

 

Your Data will not be disclosed to undefined individuals.

 

 

  1. Transfers of your Personal Data abroad

 

Your Personal Data will not be transferred outside the European Union. It being understood, however, that the Controller, if necessary, shall be entitled to move server’s location in non-EU third countries. In this case, the Data Controller ensures from now on that the transfer of personal data outside the European Union will take place in accordance with provisions set forth in article 44 et seq. of the GDPR and with other applicable regulations, by stipulating, if required, related agreements for the purpose of ensuring an adequate level of protection.

 

  1. Data Controller. The Data Controller is Colorobbia Consulting with registered office in Via Pietramarina n.53, Vinci, Vat 03795100480.

 Contact of Colorobbia Consulting Srl is: privacy@colorobbiaconsulting.com

 Contact of Data Protection Officer is: dpo@colorobbia.it

 

  1. Rights of the Data Subject

The GDPR gives the Data Subject specific rights that help him/her be in control of his/her personal data, namely:

  1. pursuant to art. 15, the data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to obtain access to the personal data and the following information: i) the purposes of the processing ii) the categories of personal data concerned; iii) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations; iv) where possible, the envisage period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; v) the existence of the right of the Data Subject to request from the Data Controller rectification or erasure of Personal Data or restriction of processing of personal data concerning the data subject or to object to such processing; vi) the right to lodge a complaint with a supervisory authority, pursuant to articles 77 ff. of the GDPR; vii) if the Data is not collected from the Data Subject, all information available on their origin; viii) the existence of automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4 of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisage consequences of such processing for the data subject; ix) where personal data are transferred to a third country or to an international organisation the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer of Personal Data to a third country or an international organisation;

 

  1. the Data Subject shall also have (where applicable) the possibility of exercising the rights pursuant to articles

 

16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to Data portability, right to object).

The Data Controller undertakes to provide information on action taken on a request to the Data Subject within one month of receipt of the request. That period may be extended, where necessary, taking into account the complexity and number of the requests. In any case the Data Controller shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Information on the action taken on a request shall be provided in writing or by hardcopy or by electronic means.

 

  1. How to exercise your rights

 

The Data Subject may at any time exercise the above-mentioned rights and ask for a copy of an updated list of the Data processors by sending an e-mail to the following addresses:

Contact of Colorobbia Consulting Srl is: privacy@colorobbiaconsulting.com

Contact of Data Protection Officer is: dpo@colorobbia.it.