Personal Data Protection Policy under articles 13 and 14 of Gen. Reg. EU no. 679/2016 - “Regulation”
Ing. Claudio Baldi S.r.l. with registered office in Jesi (AN), Viale Cavallotti 13 - 60035, VAT NO. 01523870424, email: firstname.lastname@example.org, acting as Data Controller, hereby provides information on the processing of the personal data supplied by you, which are necessary or functional for the establishment and/or fulfillment of the obligations arising from the contractual relation with the Data Controller.
I. Data Controller - The data controller is Ing. Claudio Baldi S.r.l. with registered office in Jesi (AN), Viale Cavallotti n. 13 - 60035, VAT NO. 01523870424, email.: email@example.com (hereinafter “Controller” or “Studio Baldi”).
I. Data Protection Officer. - Ing. Claudio Baldi S.r.l. has not designated the Data Protection Officer, not being obliged to do so under article 37 of the Gen. Reg. UE 679/2016.
II. Scope of processing, data type and sources.- The processing of the data, which are directly acquired by you, or collected from third parties according to the current provisions of law, may refer to: (a) common or identification data, such as: company name, name and surname, tax identification code, VAT number, registered office, residence, fixed telephone number and mobile telephone number, e-mail address, certified e-mail address, personal details and contact details of the legal representative, accounting data or bank details; (b) If necessary, identification details of the personnel employed by the Customer Company. You shall be directly responsible for providing a suitable disclosure policy and obtain the consent required for the relevant processing, where provided for by the law. Normally, the conferment and processing of special categories of personal data is not provided for (see Article 9 Gen. Reg. EU 679/2016), should this be the case, the data subject shall be allowed to express his or her consent to data processing, if any.
III. Purposes and legal references.- We shall process your data for the purpose of suitably fulfilling the requirements related with the execution of consultancy and assistance services on industrial and/or intellectual property rights according to the following legal basis: fulfillment of preliminary requests prior to entering into a contract – Article 6.1 paragraph b); performance of a contract to which the data subject is a party; compliance of national and European legal obligations, including tax and social security obligations - Article 6.1 paragraph c); execution of orders imposed by the Authorities or other administrative bodies – Article 6.1 paragraph e); pursuing of the legitimate interest of the Controller in order to protect its rights and reasons, including before jurisdictional authorities, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. – Article 6.1 paragraph f).
III.I.- Newsletter. Under Article 6.1 paragraph f), we will process the e-mail address provided by you during the execution of the contractual relationship to send news and newsletters with information on the consultancy and assistance services provided by Studio Baldi. Should you decide to oppose the processing of your personal data for the aforementioned purpose, you shall be able to do so at any time, free of charge, by clicking on the link on the bottom of all communications you have received or by contacting the Controller using the contact details container in this policy without impairing the lawfulness of the previous processing. Moreover, you shall have the right to obtain an immediate reply confirming the interruption of such a processing.
IV. Processing modes and security.- Your personal data shall be processed in electronic and paper form according to the best practices on personal data protection. To that end, adequate technical and organizational measures under article 32 of the Gen. Reg. EU 679/2016 are adopted in order to guarantee the confidentiality, integrity, availability and resilience of the processing systems and services. We follow strict security procedures to store and disseminate the personal data, protecting them against accidental loss, destruction or damage and against the other risks provided for under article 32 of the Regulation. We require all third parties to adopt suitable technical and organizational security measures aimed at protecting your personal data, in line with the legislation in force.
IV.I.- Profiling.- Subject to what is necessary for fulfilling the purposes described in this policy, no profiling operations shall be carried out. No profiling operations shall be made on special categories of personal data.
V. Conferment and consequences in case of lack of conferment- The conferment of personal data for the purposes described in paragraph III is not mandatory. However, the lack of conferment shall result in the impossibility to execute the contract and enjoy the services under paragraph III.I.
VI. Recipients – The personal data can be made accessible, informed or communicated to: 1) employees and collaborators of the Controller, acting as processors and/or and officers designated in compliance with article 29 of the GDPR, processors under article 28 of the Gen. Reg. UE 679/2016, and/or system administrators designed in writing who have received specific instructions; 2) third-party companies or other individuals (for illustrative purposes, credit institutes, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourcing activities for the Controller, acting as processors; 3) Bodies or Public Offices or Public Administrations according to the legal obligations or by order of the Authorities. The updated list of processors and officers is kept at the registered office of the Controller. The names of the System administrators in charge of managing the Information Systems can be provided upon request from the data subject. Your personal data shall not be disseminated.
VII. Transfer outside the European Union.- Your personal data shall not be transferred outside the EU Member States, should this be necessary in order to perform the contract and provide the requested services, if necessary, the Controller shall enter agreements that contain the standard international clauses and shall in any case process the personal data in compliance with the provisions of article 44 and following articles of the Regulation.
VIII. Data storage time.- In compliance with the principles of lawfulness, restriction of purpose and data minimization, your personal data shall be kept for the period of time that is strictly necessary for the fulfillment of the purposes for which they were collected and processed and in any case not beyond the time limits provided for by the Law. For the purposes under subparagraph III.I, in order to send the newsletter, the collected data shall be kept until the data subject decides to oppose said service and in any case no later than 24 months from the last transmission or from his/her last interaction with the Controller of from the request of services to Studio Baldi. When such a period of time has elapsed, the personal data shall be exclusively processed to comply with obligations of law or orders from the Authorities and shall be erased.
IX. Data subject rights - We inform you that you can exercise the following rights:1).- obtain the confirmation about the fact that your personal data is being processed; 2).- should data processing be in progress, obtain the access to your personal data and to the information relative to processing, as well as request a copy of your personal data; 3).- obtain the correction of inexact personal data and the integration of incomplete personal data; 4).- should one of the conditions provided for under article 17 of the Regulation apply, obtain the erasure of your personal data; 5).- in the cases provided for by article 18 of the Regulation, obtain the restriction of processing; 6).- revoke the consent to data processing at any time, for the purposes for which it was requested and granted. Such a revocation shall not impair the lawfulness of the data processing performed based on the previously granted consent; 7).- receive your personal data in a structured format of common use that can be read with an automatic device and request transmission to another Data Controller, if technically feasible; 8).- oppose the processing of your personal data in case of your legitimate interest (or of a third-party interest) and in presence of elements relative to a specific personal situation that cause the opposition to data processing; 9).- submit a complaint to the Personal Data Protection Supervisor should you believe that your rights have been breached, according to the modes indicated on the Supervisor’s Internet site at: www.garanteprivacy.it. Should you intend to exercise one of these rights, you are kindly requested to contact us at the aforementioned addresses.
You shall not have to bear any cost to access your personal data (or exercise one of the other rights). However, should the request for access be clearly unjustified or excessive, we may decide to charge you with a reasonable cost. Alternatively, we may refuse to satisfy your request in such circumstances.
We may need to request specific information to help us confirm your identity and guarantee the right of access to the information (or exercise any one of the other rights). This is an additional security measure to guarantee that the personal information is not disclosed to subjects who are not entitled to receive it.
X. Amendments. This document may be subject to amendments or integrations in the future, following to amendments of the applicable regulations, if any.