In compliance with the European Regulation (EU) 2016/679 concerning the protection of personal information (“GDPR” patent), the following information is disclosed with regard to the provision and processing of personal data.
- 1. DATA PROCESSING CONTROLLER
Pursuant to articles 4, paragraph 7 and 24 of the GDPR the Data Controller of your personal data is the company ATC (Italia) S.r.l., in the person of the legal representative, VAT number IT06234100961, with registered office in Magnano (Mi), 20020 – Italy, Via A. Manzoni n. 20, (hereinafter, for the sake of brevity, “ATC“), which can be contacted in writing at the email address: firstname.lastname@example.org or by mail at the address indicated above.
- LEGAL BASIS AND PURPOSE OF THE POLICY
ATC will process personal data on a case by case basis:
- a) for purposes connected to the obligations established by laws, regulations, community regulations, as well as by instructions issued by the competent authorities/supervisory and control entities, as well as to exercise the rights of the Data Controller (including, for example, the right of defense in a judgment);
- b) for purposes strictly connected and/or necessary for the fulfillment of pre-contractual, contractual and tax obligations deriving from relations with ATC ;
- c) for promotional and/or marketing purposes, such as transmission via e-mail, mail and/or telephone contacts, commercial communications newsletters and/or advertising material (including any catalogs) on products or services offered by ATC and/or companies belonging to the Group.
- TYPES OF DATA PROCESSED
The data processed by ATC may include: a) personal data; b) contact data; c) as well as any other data strictly connected to the execution in your favor of the services and/or products offered by ATC.
It should be noted that ATC does not request and does not process its own particular client data (that is, personal data suitable for detecting racial and ethnic origin, religious, philosophical or other beliefs, political opinions, parties, unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data suitable for detecting health status and sexual orientation); however, where it is necessary to process such data to execute in your favor the services and/or products of ATC, the latter will ask you expressly and in writing your consent.
- PROVISION OF DATA
The provision of data for the purposes referred to in paragraph 2, letters a) and b), is necessary. Any refusal to communicate the data for such purposes, or in any case the partial or incorrect provision of the same, will make it impossible for ATC to fulfill its obligations.
However, the provision of data for the purposes referred to in paragraph 2, letter c) is optional. The client can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, ATC will not be able to send communications and/or commercial or advertising material, including the catalogs illustrating ATC products and/or those belonging to the Group.
Pursuant to art. 7, par. 3 of the GDPR, [the client] has the possibility to withdraw its consent at any time.
ADDRESSEES AND EVENTUAL CATEGORIES OF ADDRESSEES
Personal data will be made accessible under the responsibility of the Data Controller:
- to the subjects (employees of ATC) authorized by the same pursuant to art. 29 of the GDPR, as well as to the companies of the Group;
- in the case of inspections and/or checks (if requested) to all the inspection bodies responsible for controls and checks regarding the regularity of legal obligations;
- to companies or professional firms that provide assistance, advice and collaboration to the Data Controller in accounting, administrative, fiscal, legal, tax and financial matters; for this purpose appointed as External Managers;
- to third party service providers – appointed, if necessary, External Managers – for whom communication is necessary for the performance of the services by ATC;
- to public administrations for the performance of institutional functions within the limits established by law or various regulations.
The updated list of External Managers can always be requested from the Data Controller and is available at the registered office of ATC.
- TREATMENT METHODS
The processing of personal data will be based on principles of correctness, lawfulness, transparency and will be carried out by means of the operations indicated in art. 4, n. 2, of the GDPR and which, among other things, collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data will be processed both paper and electronic and/or automated.
Data is kept and checked by adopting appropriate preventive security measures aimed at minimizing the risks of loss and destruction, unauthorized access, unauthorized processing and not in accordance with the purposes for which the consent to the collection is given.
- TRANSFER OF INFORMATION
The collected data are stored on servers located in Aruba.it registered office ATC(ITALIA) S.R.L. : Milano 20123 via San Vittore 16, thus within the European Union.
Pursuant to Art. 13 (1) (f) of the GDPR, we inform you that the personal data may be transferred to countries outside the EU. In this regard, the Data Controller will ensure from now that all safeguarding measures will be taken to make this transfer secure and to ensure that the processing of personal data complies with the requirements of the GDPR such as, for example, the consent of the Data Subject, the adoption of Standard Clauses approved by the European Commission, the selection of undertakings adhering to international programmes for the free circulation of data (e.g. the EU-USA Privacy Shield) or operating in countries considered safe by the European Commission. On this point, the Data Controller will, at the request of the Data Subject, issue the necessary information (including, where applicable, a copy of all the relevant documentation).
The Data Controller also reserves the right to use services in the cloud; in this case, the providers of such services will be selected among those providing adequate guarantees.
- RIGHTS OF THE INTERESTED PARTY [THE CLIENT]
In compliance with the provisions of the GDPR, the interested party has the right, where applicable, to ask the Data Controller to access the data (Article 15), the correction (art 16), the cancellation or the wiping of the same (Article 17), the limitation of the processing of personal data concerning the client (Article 18), the right to data portability (Article 20) or to object to their processing (Article 21), in addition to the right to not be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person (Article 22).
Requests may be submitted in writing to the Data Controller at the address of the operational headquarters and at the email address indicated in point 1.
The interested party also has the right to lodge a complaint with the supervisory authority (Article 77 of the Regulations) if he/she considers that the processing performed by the Data Controller is not in compliance. For more information you can consult the website of the Privacy Guarantor www.garante privacy.it.
- DATA CONSERVATION
The Data Controller will keep personal data for the time strictly necessary to fulfill the purposes for which it was collected and provided (as provided for in paragraphs 2 and 4 above).
Personal data may be kept for a longer period in compliance with a legal obligation (also of a fiscal nature) or by order of an authority. Subsequently the data will be deleted or rendered inactive.
ATC (Italia) S.r.l