Information on personal data processing for Clients
Pursuant to articles 13 and 14 of EU Regulation 2016/679/UE (hereinafter “GDPR”) PEIMAR S.R.L. (hereinafter “Controller”) with legal offices in Brescia (BS), Via Cefalonia 70 – 25124, in its capacity as “Data Controller”, hereby informs you that your personal data, collected for the purposes of concluding the Client contract and/or to implement and/or stipulate the same, will be processed in compliance with the aforementioned regulations, to guarantee the rights, basic freedom, as well as the dignity of individuals, with particular reference to confidentiality and personal identity. We hereby inform you that whenever the services provided for you require the processing of the personal data of any third parties controlled by you, it will be your responsibility to ensure that you have fulfilled all the requirements of the regulation regarding these data subjects so that processing of their data by us is legitimate.
Source, purposes, legal basis and nature of the data processed
Processing of your personal data, provided directly by you, is carried out by PEIMAR S.R.L.. for the purposes of concluding the Client contract and/or to implement and/or stipulate the same.
Furthermore, it may be necessary to process the third party personal data that have been disclosed by the Client to this Company. With regard to this possibility, the Client acts as autonomous data controller and takes on the consequent obligations and legal responsibilities, thus relieving this Company from any objection, claim and/or request for compensation for damage, caused by processing, that may be made against the Company by the third parties concerned.
In compliance with current laws on personal data protection, the Data will be archived, collected and processed by this Company for the following purposes:
- to fulfil contractual obligations, to implement and/or stipulate the contract with the Client and/or manage any pre-contractual measures;
- to fulfil any legal obligations and tax requirements resulting from business activities and any obligations linked to administrative and accounting activities;
- to send, either directly or through third party providers of marketing and communication services, newsletters and communications for direct marketing purposes – via email, text, MMS, push notification, fax, ordinary post, telephone with operator – regarding products supplied by other companies pursuant to art. 130 c. 1 and 2 of Leg. Dec. 196/03 (hereinafter “Code”);
- to communicate data to third party companies for sending newsletters and communications for the purposes of marketing via email, text, MMS, push notifications, fax, ordinary post, telephone with operator pursuant to art. 130 c. 1 and 2 of the Code;
The legal basis of processing for purposes a) and b) indicated above, are articles 6.1.b) and 6.1.c) of the Regulation.
Providing Data for the aforementioned purposes is voluntary, but failure to provide the Data, or refusal to provide them, means that this Company would not be able to implement and/or stipulate the contract and supply the services requested within it.
The legal basis of processing your personal data for purposes c), d) is art. 6.1.a) of the GDPR since processing is based on consent; it should be noted that the Controller can collect consent just once for all the marketing purposes described here, pursuant to the General Provision of the Guarantor for personal data protection “Guidelines on promotional activities and fighting spam” of 4th July 2013. Providing consent for the use of data for marketing and promotional purposes is voluntary and if ever the data subject should wish to object to processing of their Data for marketing and promotional purposes, carried out using the means indicated herein, or withdraw the consent already given; they may at any time do so without any consequences (if not for the fact that they will no longer receive marketing communications and their image will not be published) by following the indications given in the section on “Rights of the Data Subject” of this Information.
Lastly, it should be noted that for processing carried out for the purposes of directly sending its own advertising material or direct sales information or to carry out its own market research or for commercial communications regarding products or services similar to those used by the Client, the Company may use the email and office addresses pursuant to, and within the limits permitted by, art. 130, comma 4 of the Code and the provision of the Guarantor for Personal Data Protection of 19 June 2008 even in the absence of express consent. The legal basis for processing data for these purposes is art. 6, comma 1, letter f) of the GDPR, with the possibility of objecting to this processing at any time, by following the indications in the section on “Rights of the Data Subject” of this Information.
The Data may be disclosed to third parties that are appointed to carry out processing pursuant to article 28 of the GDPR and in particular to banks, insurance firms, to suppliers of services that are strictly necessary for carrying out business, or corporate consultants, where this may be necessary for fiscal, administrative or contractual reasons or for requirements that are protected by current legislation.
Your personal data, or the personal data of third parties that you control, may also be disclosed to external companies, duly identified, to which PEIMAR S.R.L. entrusts the fulfilment of obligations resulting from the assignment received and to which will be communicated only the data needed for the activities requested. All the employees, consultants, temporary staff and/or any other “individual” who, authorised to process the data, carry out their activities based on the instructions received from PEIMAR S.R.L., pursuant to art. 29 of the GDPR, are appointed “data processors” (hereinafter “Processors”). The Processors, or those appointed to be Responsible for processing, are given adequate operating instructions by PEIMAR S.R.L., with particular reference to the adoption and observance of safety measures, to guarantee the confidentiality and the safety of the data. Specifically in reference to the aspects of personal data protection, the Client is invited, pursuant to art. 33 of the GDPR, to inform PEIMAR S.R.L. of any circumstances or events that may lead to a potential data breach to allow for immediate assessment and adoption of any measures aimed to counteract the event, by sending a communication to PEIMAR S.R.L. at the contacts provided below.
The Data will not be disclosed.
Except in the event of a specific request where PEIMAR S.R.L. is obliged to disclose data to the Public Authorities.
Transfer of data abroad
Your personal data may be transferred abroad if necessary to carry out the assignment received. For processing of the information and data that may be disclosed to these subjects, levels of protection equivalent to those adopted for the processing of employees personal data will be requested. In any case, only the data needed to pursue the required purposes will be disclosed and the regulatory tools required by Section V of the GDPR will be applied.
Processing logic, methods and retention times
Your data are collected and registered in a lawful and correct manner for the purposes described above and in compliance with the principles and requirements of art. 5 c 1 of the GDPR.
Data processing is carried out using manual, IT and telematic means with logic that is strictly related to the actual purposes and, in any case, will guarantee their safety and confidentiality.
Your personal data will be processed by PEIMAR S.R.L for the entire duration of the assignment and also subsequently to assert or protect its rights or for administrative purposes and/or to fulfil any obligations resulting from the applicable pro tempore regulatory and legal framework and in compliance with the specific requirements of the law on data retention.
Rights of the Data Subject
In compliance with, within the limits of, and under the conditions described in the regulation on personal data protection regarding the exercising of rights of data subjects as far as the processing covered by this information is concerned, as the data subject, you have the right to ask for confirmation of whether your data are undergoing processing or not, to access the personal data that concern you and in relation to them, you have the right to ask for modification or cancellation, to ask that any parties to which your data have been disclosed by this Organisation be notified of their modification or cancellation, ask for limitation of processing in the cases foreseen by the regulation, the portability of the personal data – provided by you – in the cases specified by the regulation, to oppose processing of your data and, specifically, you have the right to oppose decisions that concern processing if it is based solely on automated data processing, including profiling. In the event that you believe that processing regarding your data breaches the regulations of the GDPR, you have the right to lodge a complaint with the Guarantor pursuant to art. 77 of the GDPR.
If you intend to request further information about the processing of your personal data or exercise any of your rights, you can write to Marco Casale (email@example.com).
The Data Controller
The Data Controller, pursuant to art. 4 of the GDPR, is PEIMAR S.R.L., Via Cefalonia 70 – 25124 Brescia (BS)
P.IVA: 03416340986 – CF: 03416340986
Data Protection Officer
The DPO (Data Protection Officer) appointed by the Data Controller pursuant to art.37 and GDPR is Kruzer Srl and may be contacted at the email address firstname.lastname@example.org or calling at 030 300083.
The Data Controller