PRIVACY STATEMENT ON THE PROCESSING OF PERSONAL DATA AND CONSENT
We inform you that, pursuant to Articles 13 – 14 of Regulation (EU) 2016/679, the personal data provided by you, even verbally, or otherwise acquired as part of our activities, may be processed in compliance with the above regulations and the obligations of confidentiality.
The processing of personal data is understood to mean, pursuant to Article 4, paragraph 2 of the GDPR, “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.
The DATA CONTROLLER is EBOX S.r.l. – VAT No. 10333740966 – with registered office in Via Ronzani, 3/9 – 40033 Casalecchio di Reno (BO) – email: firstname.lastname@example.org
PURPOSES OF THE PROCESSING
Personal data may be processed for the following purposes:
- a) The fulfilment of legal, regulatory and EU requirements or those of provisions issued by legally empowered authorities or supervisory authorities;
- b) Purposes strictly connected and instrumental to the service requested.
The processing of data for the purposes set out under letters a) and b) above does not require consent.
DISCLOSURE AND DISSEMINATION OF PERSONAL DATA
We do not “disseminate” the data we collect, by which we mean that personal information will not be transmitted in any way to unknown parties and will not be made available for them to consult. The data may be “disclosed”, by which we mean that we may transmit such details to one or more known parties.
Personal data may be disclosed to:
- a) Public bodies and offices in compliance with legal obligations;
- b) parties providing consultancy services that are strictly connected and instrumental to the provision of the service offered, as well as to the suppliers, including banks and financial institutions, and the employees and collaborators of Ebox Srl;
- c) specialist companies providing services associated with the business activities of Ebox Srl (for e.g. external accounting services, software houses, etc.) and designated as external data processors (as per Art. 28 GDPR).
We point out that, as “external processors”, pursuant to Article 28 of the GDPR, these parties will process the personal data communicated to them by Ebox Srl in an autonomous manner.
A full list of the designated data processors and the third parties to whom personal data are disclosed can be obtained by writing to the Data Controller at: email@example.com.
DATA PROCESSING METHODS
In relation to the purposes indicated above, the processing of personal data is carried out using manual, computerised and telematics tools, including virtual (cloud) platforms, using logics strictly related to the intended purposes and, in any case, in such a way as to ensure the security and confidentiality of the data.
DATA TRANSFERS OUTSIDE THE EU
The personal data are processed solely within the EU, subject to the right to notify of any transfers of data to non-EU countries.
PERIOD OF DATA RETENTION
In accordance with the provisions of Article 13, paragraph 2, point a) of Regulation (EU) 2016/679, the following are the data retention periods according to the different purposes of processing:
• with regards to the purposes set out under points a) and b) the data shall be retained for no longer than is necessary to administer the contract and meet legal obligations.
RIGHTS OF THE DATA SUBJECT
Data subjects have the right, at any time, to obtain confirmation of the existence of personal data concerning them and be informed of their contents and origin, verify their accuracy or request that such data be supplemented, updated or rectified (Articles 15 to 22 Regulation EU 2016/679).
As provided for by the same law, data subjects have the right to withdraw any consents given at any time and to lodge a formal complaint with the Italian Data Protection Authority – Piazza Venezia, 11 – Rome.
Data subjects have the right to object, at any time, to the processing of their personal data. The controller shall refrain from any further processing of the personal data, unless it demonstrates compelling legitimate grounds for the processing which override the interests or rights of the data subject.
All rights indicated herein are exercised by writing to the Controller. The written request may be submitted by any means (registered letter, email) to the Controller’s addresses.