I.C.A.M. – PANNELLI S.R.L.
ZONA ARTIGIANALE GEROMINA 6 – SACILE (PN) – 33077
Tax ID Code: 00066860933 – VAT No: 00066860933
Telephone 0434-780944 – Telefax 0434-70415
E-Mail: firstname.lastname@example.org – Certified email: email@example.com
HOW WE USE YOUR DATA
(art. 13 of Italian Legislative Decree 196/2003 and subsequent amendments, and arts. 13 and 14 of EU Regulation 679/2016)
We wish to provide you with information about the methods used and purposes for which we process the personal data collected when you enter into contracts with us or contact us from our corporate website.
1. Type of Data and their Provision
Provision of personal data to I.c.a.m. – Pannelli S.r.l. is essential to performing a contract/mandate. Should you refuse to provide the necessary data, the contract/mandate cannot be implemented and will be immediately terminated due to your non-fulfilment.
2. Purpose of Processing
We hereby inform you that your personal data will be used for the following purposes:
- Management and performance of pre-contractual and contractual obligations;
- Invoicing, general accounting and fiscal/corporate compliance;
connected to fulfilling legal, contractual and/or pre-contractual obligations:
- Processing related to performing a contract or supplying a service which involves the data subject, or pre-contractual measures;
- Processing for fulfilling a legal obligation for which the data controller is responsible;
- The data subject has given explicit consent to processing personal data for specific purposes;
- Processing required for fulfilling obligations and exercising the data controller’s rights or those of the data subject regarding labour and social security rights and protection;
- The data controller’s legitimate prevailing interests: to check and assess the results and progress of the relationship, as well as the risks involved (such as the truthfulness of the data provided, solvency, including during the relationship, litigation, computer security and fraud prevention) and for direct marketing aims. If you are already one of our customers, your data may be used to offer you products and/or services similar to those you have previously purchased (art. 130, clause 4 Italian Legislative Decree 196/2003 and subsequent amendments). You may opt out of receiving such communications by refusing to register or by sending a mail to the data controller at firstname.lastname@example.org.
I.c.a.m. – Pannelli S.r.l., the Data Controller, will process your personal data only insofar as they are necessary to fulfil the above-mentioned purposes, observing current regulations regarding personal data protection and in compliance with the instructions of a Supervisory Authority (the Garante) in respect of personal data protection.
3. Processing Methods
Processing of the data subject’s personal data is carried out by means of the following operations: collection, including through a contact form on the website, external platforms/cookies, registration, organisation, conservation, consultation, processing, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, erasure and destruction of data.
- name, Tax ID Code, VAT number, addresses, e-mails, credentials, images and other identifying elements;
- economic and financial data;
- bank details;
will be processed with a suitable degree of security. The protective measures laid down by personal data regulations and applicable provisions, including those established by the data controller, will be implemented. In particular your data will be processed by technological devices and/or on paper, if necessary by authorised subjects, such as: external data processors and/or internal/external appointed processors, whose names will be provided at the data subject’s request.
Only personnel duly authorised by the data controller may have access to the data in the performance of his or her duties.
4. Data Communication and Transfer
Furthermore, data collected by the data controller may also be communicated to, for example:
- categories of subjects for whom communication is strictly necessary, functional and compatible with the legal principle for processing data:
- Tax collectors;
- Banks, financial institutions and the Post Office;
- Chambers of Commerce/Companies House;
- Local authorities;
- Customs agencies;
- Electronic data interchange;
- Credit recovery companies;
- Factoring agencies;
- Information technology companies;
- Credit insurance companies;
- Commercial/credit information providers;
- Professionals outside our organisation (e.g. notaries, tax consultants, labour consultants, surveyors and architects).
In relation to processing, your data could be transferred to a third country (including outside the EU) for: cloud computing for filing and storing data; newsletter management; social networks; Google Analytics (a Google instrument to assist website and app owners in understanding how visitors interact with their contents. This service may use a set of cookies to collect information and generate statistics regarding use of websites, without providing personal information about individual visitors to Google). In such cases your data will be protected by the subjects who carry out processing or provide the service. If strictly necessary for the above-mentioned purposes, processing may involve images of the data subject (photographs, video clips, etc.), in compliance with legal requirements.
5. Automatic individual decision-making, including profiling
Your data are not processed:
- Using automated individual decision-making processes;
- Using profiling techniques.
The email address provided by you when subscribing to the newsletter will be inserted into a list of contacts to whom communications, including advertising, will be sent by I.c.a.m. – Pannelli S.r.l. Said list of contacts is run by the communications service known as Mailchimp.
6. Rights of the Data Subject
The data subject enjoys the rights described in sections 2, 3 and 4 of Chapter 3 of EU Regulation 679/2016 (e.g. to apply to the data controller for: access to personal data and their rectification or erasure; restrictions to processing; objecting to processing). In particular, the data subject has the right to:
- obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to such data and the following information, as per art. 15 of EU Regulation 679/2016;
- obtain from the controller the rectification of inaccurate personal data concerning him or her.
- obtain from the controller erasure of the personal data concerning him or her when they are no longer necessary in relation to the purposes for which they were collected or otherwise processed, that is to say where the conditions in art. 17 of EU Regulation 679/2016 apply and if the conditions in art. 17, point 3, EU Regulation 679/2016 do not apply;
- obtain from the controller restriction of processing when: a) the data subject has queried the accuracy of the personal data, for the period required by the controller to check the accuracy of such personal data; b) processing is unlawful and the data subject opposes erasure and requests the restriction of their use instead or requires the data to exercise or defend legal claims;
- where personal data have not been obtained from the data subject, the controller shall provide the data subject with all the information available about the origin of the data;
- receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided;
- object to processing of personal data concerning him or her if the conditions in Art. 21, point 2, of EU Regulation 679/2016 apply;
- lodge a complaint with the Garante.
The data subject may exercise these rights by sending an email to the following address: email@example.com.
7. Data Storage
The personal data you provide will be stored until the agreed service has been performed and for the time necessary to perform the service, plus ten years. Storage may be:
- filing on paper;
- storing in a hardware/data centre/web hosting system run by the data controller or others appointed by the data controller;
- filing pursuant to the Digital Administration Code; in this case if the data controller does not deal with filing on its own systems, it shall involve only subjects accredited as per art. 29 DAC.
Definition that can assist understanding the activities performed and the relationship between them and the data provided. Pursuant to art. 4 of EU Regulation 679/2016, please be advised of the following definitions:
- personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- special categories of data (i.e. sensitive data): personal data allowing disclosure of racial or ethnic origins, political opinions, religious, philosophical or other beliefs, or social standing, as well as processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
- processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
- pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.