INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO ARTICLE 13 OF THE EU REGULATION 2016/679
STUDIO PROFESSIONALE ASSOCIATO CORTI FUMAGALLI
having its registered office in via Pier Luigi da Palestrina 1 – 20851 – Lissone (MB), phone +39 039 91 57 353 / Fax +39 039 91 57 329 – email@example.com – firstname.lastname@example.org – Fiscal Code and VAT number 08508130963
(hereinafter the “Firm”), in its capacity as Data Controller pursuant to articles 4, paragraph 1, nr. 7) and 24 of the EU Regulation 2016/679 (hereinafter, the GDPR) on the protection of personal data, in compliance with the requirements under art. 13 GDPR, provides this privacy notice which is intended to specify purposes and means of the processing of your personal data.
It is noted that:
– personal data (pursuant to art. 4, paragraph 1, nr. 1 GDPR) means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”;
– processing (pursuant to art. 4, paragraph 1, nr. 2 GDPR) means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”
1. Data controller and contact details
Data controller pursuant to art. 24 GDPR, i.e. the subject determining the purposes and the means of the processing, is
Ramona Corti (C.F.: CRTRMN83M52E063W)
with registered office in Lissone (MB), Via Pier Luigi Da Palestrina 1
Tel. +39 039 91 57 353 – e-mail: email@example.com
2. Processed data
The information systems and the software procedures to operate this website acquire, during ordinary operations, certain personal data the transmission of which is implied in the use of Internet exchange protocols.
Such data is not collected to be associated with specific individuals but, because of their nature, by means of processing and associations, might lead to the identification of the user. This category of data includes IP addresses or the domain names of the machines used by the users accessing the website, URI Addresses (Uniform Resource Identifier) of the requested resources, the time of the request, the method utilized to submit the request to the server, the size of the file obtained in reply, the numerical code identifying the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment.
Such data is only processed in order to draw anonymous statistical information about the use of the website and to verify its correct functioning and is deleted immediately after the processing. Such data may be processed in order to ascertain responsibility in the event of computer crimes against the site.
Data supplied voluntarily by the users
The elective, explicit and voluntary dispatching of emails to the addresses displayed on this site, together with the filling out the contact form or the transmission of data through any other section of the site, entail the subsequent acquisition of the sender’s address, required in order to reply and of any other personal data provided by the user.
3. Purposes of the processing and legal basis
3.1 Your personal data will processed for the following purposes:
a) to answer to any specific request of yours;
b) to comply with any applicable fiscal, administrative and accounting law and regulation;
c) to comply with any pre-contractual, contractual and fiscal obligation related to the conclusion and/or the performance of a contract to which you are a party.
3.2 The processing of your personal data is based on article 6, paragraph 1, letter b) GDPR
4. Nature of conferment
For the purposes under art. 3.1, letters a), b) and c), conferment of the data is necessary for the provision of the services provided by the Data Controller and the refusal to provide such data will prevent the provision thereof. For the processing under art. 3.1 letters a), b) and c), consent of the Data subject is not required.
5. Methods of processing
Data processing is carried out manually (e.g. on paper) and using computer and internet systems, also by means of electronic measures, by specifically appointed internal subjects and/or by means of third parties, following procedures and logics strictly related to the purposes hereof. The data will be stored in electronic archives and, on a residual basis, in paper files, in order to ensure security and confidentiality of such data. Any personal data processing is carried out in compliance with the principles governing the GDPR.
6. Data recipients
Data recipients, pursuant to art. 4, paragraph 1, n. 9) GDPR means “a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of that data by those public authorities shall be in compliance with the applicable data protection rules in compliance with the purposes of the processing”.
It is noticed that, pursuant to the abovementioned purposes, personal data may be communicated to recipients who have working relationships with the Data controller or to fulfill legal obligations. Such recipients shall be bound to absolute confidentiality regarding any information they may become aware of, a list of which includes, but is not limited to, the following:
– Authorities, public administrations and supervisory bodies, in performing their own institutional purposes;
– Subjects cooperating with the Data controller for the achievement of the abovementioned purposes;
– Subjects providing the Data controller with services for the management of its computer system;
– Duly authorized practitioners in order to settle any legal and contractual issues;
– Consultants, consultancy companies and firms (including occupational health physicians, experts in the field of work health and safety, experts in the field of corporate organisation, employment consultants, payroll processing companies, chartered accountants, etc.);
– Banks and any similar subject;
– Health care bodies.
7. Disclosure and dissemination of personal data
Your personal data shall not be subject to dissemination or disclosure.
Disclosure to third parties, other than the Data controller and Data processor – whether internal or external to the Company – specified and appointed pursuant to articles 24 and 28 GDPR, shall be made if necessary.
In any case, any processing by third parties shall be carried out in accordance with the principles of fairness, proportionality and necessity, and with any applicable law provisions.
8. Storage periods
The data shall be stored in accordance with the principles of proportionality and, however, for the time required to achieve the purposes under art. 3.1 hereof and not longer than 10 years after the termination of the relationship.
9. Data security
The Firm implements appropriate technical and organizational measures to ensure the data in order to prevent any loss, illicit or improper use thereof or any unauthorized access thereto.
10. Rights of the data subject
Pursuant to article 13, paragraph 2, letter b) GDPR, in relation to the personal data processing herein, in order to ensure fair and transparent processing, the data subject is entitled to the following rights:
10.1 Right of access (art. 15 GDPR): in order to obtain from the data controller confirmation as to whether or not personal data concerning you is being processed and access to the such data and information regarding the purposes of the processing, the recipients or categories of recipients to whom the personal have been or will disclosed.
10.2 Right to rectification (art. 16 GDPR), right to erasure (art. 17 GDPR) and right to restriction of processing (art. 18 GDPR): in order to ask the Data controller for the rectification or erasure of the data and the restriction of processing.
10.3 Right to data portability (art. 20 GDPR): in order to receive the personal data concerning yourself, which you have provided to the controller, in a structured, commonly used and machine-readable format and you have the right to transmit that data to another controller where technically feasible.
10.4 Right to object (art. 21 GDPR): in order to object to processing of your personal data.
In order to exercise the rights under art. 13, paragraph 2, letter b) and e) GDPR you may write to:
STUDIO PROFESSIONALE ASSOCIATO CORTI FUMAGALLI
registered office: via Pier Luigi da Palestrina, 1 – 20851 – Lissone (MB)
Phone +39 039 91 57 353 / Fax +39 039 91 57 329
firstname.lastname@example.org – email@example.com
11. Right to lodge a complaint
Pursuant to article 13, paragraph 2, letter d) we inform you that you have the right to lodge a complaint with the supervisory authority under art. 77 GDPR, if you consider that the processing of personal data infringes the Regulation.