Privacy Information Notice

 

 

PRIVACY POLICY

ex art.13 EU Regulation n.2016/679 (RGPD / GDPR)

This document provides a set of information to all those who, having business relations with STUDIO CATANIA S.r.l., release their personal data to the latter . In this regard, we wish to inform users that the “EU Regulation n.2016/679 on the protection of individuals with regard to the processing of personal data, as well as on the free movement of such data” (so-called RGPD / GDPR) provides for the protection of individualswith regard to the processing of personal data as a right protected by European law.

The data controller is STUDIO CATANIA S.r.l. (hereinafter also “Studio Catania” or “data controller”), with registered office in Via del Progresso, 18, CAP 20125 Milan (MI) – Tax Code and VAT 06755800965, PEC: info [at] pec.studiocataniasrl.com, in the person of its legal representative pro tempore.

Pursuant to art. 13 of the GDPR, users are informedthat this treatment will be based on principles of correctness, lawfulness and transparency, protecting the confidentiality and rights of the user. The processing of personal data that the owner intends to carry out has the following purposes:

Purposeof the treatment

1) Management of the commercial activity (contact with potential customers and management of all commercial aspects of the relationship with actual customers)

The processing of personal data of potential and actual customers is first of all aimed at populating the customer database of Studio Catania through the creation of the personal data of potential and actual customers. It is also aimed at managing communications with users interested in obtaining informationthrough the contact channels made available by the owner (paper correspondence, email and telephone numbers); it is also aimed at preparing estimates, stipulating contracts, concluding orders by issuing legal participation securities (tickets);  It is also aimed at managing the commercial archive where all the documents relating to the commercial relationship with customers are kept. Finally, the processing of personal data of actual  and potential customers may take place for the performance of marketing and advertising activities to promote the services of the Data Controller.

2) Purchase management (contact with potential suppliers and management of all commercial aspects of the relationshipwith actual suppliers)

The processing of personal data of potential and effective suppliers is first of all aimed at populating the supplier database of Studio Catania through the creation of the personal data of potentialand actual suppliers. It is also aimed at managing communications with users interested in having/giving information through the contact channels made available on the website (paper correspondence, email and telephone numbers); The treatmentis also aimed at receiving estimates, issuing orders and purchase order confirmations, stipulating supply contracts and their subsequent execution and fulfillment. Finally, it is used for the management of the supplier archive where all the documents relating to the commercial relationship with suppliers are kept.

3) Management of administrative activities related to purchases and sales

The treatment concerns the management of invoices and commercial documentsrelating to sales and purchases, relations with banking and insurance institutions, the first cash note and in general assets, insurance, balance sheets, vehicles, fuel cards, treasury, management of the timing of payments tosuppliers and receipts from customers.

The transmission of accounting and tax documents to specialists in the sector such as accountants is organized according to the forms provided for by law.

 

 

 

Legal basis

In compliance with the provisionsof Article 6.1 of the GDPR, the legal basis for the lawful processing of personal data collected by the Data Controller is represented:

  • the execution of the contractual relationship with customers or suppliers [art.6.1 lett. b)];
  • compliance with legal obligations established by the data controller in accounting, tax and insurance matters [art.6.1 letter c)];
  • its legitimate interest in promoting its services and activities to actual customers [art.6.1 lett. f) GDPR / GDPR and art.130.4 D.lgs. n.196 / 2003 as amended by Legislative Decree n.101 / 2018)];
  • the free, express and unequivocal consent expressed by the user expressed with positive action through the use of one of the tools made available by the Data Controller to communicatewith the company such as contact forms, company email and telephone numbers. The same legal basis legitimizes the sending of advertising / promotional communications by e-mail to potential contacts interested in knowing the events organized by the Titolare del trattamento [art.6.1. lett. a)];

 

Processing methods

The owner processes the personal data provided using paper and computer tools with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.

 

Storage times

All personal data processed by the owner as part of its activities are kept according to the following times or criteria:

Scope of processing Purpose of the processing Storage time from harvest
Commercial management Creation of master data for potential and actual customers 10 years from the last request for information or from the last order
Commercial management Commercial communications via paper correspondence, telephone and email 10 years since the last exchange of information
Commercial management Preparation of estimates; conclusion and execution (including renewal, updating and storage) of supply contracts; issuing orders andorder confirmations; management of all commercial communications and operations necessary for the good governance (execution) of the obligations arising from the documents mentioned. 10 years from the conclusion of the last contract or issuance of the lastorder in a timeline.
Marketing activities management Carrying out advertising and commercial promotion activities Until the moment in which the right of opposition of the interested party is exercised in the case of actual customers; until the revocation ofconsent in the case of potential customers.
Supplier management Creation of potential and actual supplier master data 10 years from the date of the last exchange of information or from the last order
Supplier management Commercial communications via paper correspondence, telephone and email 10 years since the last exchange of information
Supplier management Issuance, execution (including storage) of purchase orders including all commercial communications necessary for the choice and management of the supply. 10 years from the conclusion of the last contract in chronological order
Accounting management Administration of mandatory accounting entries; issuance of customer invoices; supplier invoice registrations; 10 years ex art.2220 c.c., without prejudice to art. 22, paragraph 2, D.P.R. n. 600/1973

If, in these phases, a dispute should arise in court or out of court between the owner and the interested party, the personal data of the latter may be stored beyond these limitsuntil the final conclusion of the dispute.

At the end of these periods, any personal data contained in the documents mentioned or in the business correspondence will be destroyed or deleted.

 

Mandatory nature and consequences ofrefusal to provide

The personal data of customers or suppliers processed by the owner as part of its activity are necessary for the conclusion of the purchase or supply contract as well as for the management of commercial correspondence. The provision of such data is not mandatory but without them it is not possible to manage the commercial relationship with the customer or supplier.

Subjects to whom personal data may be communicated

To comply with certain legal obligations in the field, tax,tax, insurance, social security, banking or for the protection of their rights in court or out of court, the owner, as part of its activities, may communicate any personal data processed to:

  • Professionals/External Consultants in accounting/tax and legal fields;
  • Professionals/external consultants in the field of management systems (eg: Safety at work and Privacy);
  • Providers of IT security and IT security services;
  • Control bodies (e.g. Revenue Agency, Guardia di Finanza, etc.);
  • Insurance, credit, banking and postal institutions.

 

The Data Controller processes the personal data necessary to achieve the purposes indicated through authorized persons of its organization with a formal letter of appointment, trained and committed to an obligation of confidentiality regarding the information processed. Some of the destinationsto which the Data Controller communicates personal data, act on its behalf and are therefore designated pursuant to art.28 RGPD / GDPR “Data Processors” through a formal contract. A list of the main managers is available by contacting the titleat the following email address: press [at] cesarecatania.eu

Moving abroad (outside the EU)

The personal data processed as indicated in this statement are in no way transferred outside the borders of the EU either by paper or electronic means.

Automated decision-making, including profiling

Your personal data are not subject to any fully automated decision-making process, including profiling pursuant toArticle 22.1 and 4 GDPR.

Rights of the interested party

In relation to the processing of personal data by Studio Catania Srl for the purposes described above, each interested party always has the right, within the limits and under the conditions provided for by art. from 15-22 of the RGPD / GDPR, to exercise the following rights:

 

  • Right of access;
  • Right to rectification and erasure;
  • Right to portability;
  • Right to restriction of processing;
  • Right to object for direct marketing purposes on the basis of thelegitimate interest of the owner;
  • Right not to be subject to a decision based solely on automated processing.

 

The Data Controller communicates to all recipients to whom the personal data of the interested parties have been transmitted any corrections, cancellations or limitations of the processing unless this proves impossible or involves a disproportionate effort.

For the effective exercise of these privacy rights under the conditions provided for by the GDPR, each interested party cancontact Studio Catania srl at the email address indicated below and request the dedicated form: email: press [at] cesarecatania.eu

  • The interested party also has the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data if he considers that illegitimate use is made of his data and the processing persists despite having asked the owner to interrupt the processing. For the submission of the complaint, it is possible to consult the dedicated web page on the website of the Guarantor Authority.

 

PRIVACY RIGHTS

 

RIGHT OF ACCESS

The right of access implies that the interested party can obtain the following information from the owner :

1) purpose of the processing,

(2) the categories of personal data concerned,

3) recipients or categories of recipients to whom such personal data have been or will be communicated, in particular if recipients of third countries or international organizations

4) existence of the right of the interested party to ask the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their processing

 

RIGHT OF RECTIFICATIONAND ERASURE

The right to rectification implies that the interested party can obtain:

1) the correction of inaccurate personal data concerning you without undue delay,

2) the integration of incomplete personal data, including by providing a supplementary statement

The right to erasure of your personal data may be exercised if:

1) the personal data to be deleted are no longer necessary in relation to the purposes for which they were collected or otherwise processed,

2) a withdrawal of consent is made and there is no other legal basis for the processing,

3) the right to object to the processing is exercised and there is no legitimate overriding reason to proceed with the processing,

4) personal data subjectto request erasure are processed unlawfully;

5) the personal data subject to a request for deletion must be deleted to fulfill a legal obligation,

6) The personal data subject to a request for erasure have been collected in connection withthe provision of information society services.

 

RIGHT TO PORTABILITY

The right to portability implies that, without infringing the rights and freedoms of others:

The interested party has the right to receive in a structured, commonly used and machine-readable format the personal data concerning him and has the right to transmit such data to another data controller without hindrance by this company. This request can be addressed directly to the previous company so that the latter transmits such data directly to another data controller.

This right can be exercised if the legal basis of the processing is:

 

1a) consent given in a free, informed, specific and unambiguous manner,

or

(1b) a contract concluded with the data subject;

and

2) the processing is carried out by automated means.

 

RIGHT TO RESTRICTION OF PROCESSING AND OBJECTION

The right to restriction of processing may be exercised by you:

1) if the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data,

2) when the processing is unlawful; the data subject opposes the erasure of his or her personal data and requests instead that their use be restricted,

3) when the data of the personal data subject are necessary for the assessment, exercise or defense of a right in court, although the owner no longer needs it for the purposes of processing,

4) if the right to object to the processing has been exercised

 

The right to object to the processing of personal data may be exercised by the data subject at any time for any reasonrelated to his or her particular situation and for direct marketing purposes.

The data controller shall refrain from further processing such personal data unless he demonstrates the existence of compelling legitimate reasons to proceed with the processing that prevail over his interests, rights and freedoms or for the assessment, exercise or defense of a right in court.

 

RIGHT NOT TO BE SUBJECT TO A DECISION BASED SOLELY ON AUTOMATED PROCESSING

The data subject has theright not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person.

This self-appointed decision is permitted if it is necessary for the conclusion or execution of a contract between the data subject and adata controller or is permitted by law which, however, must specify the appropriate measures to protect the rights, freedoms and legitimate interests of the data subject or if it is based on the explicit consent of the person subject to such a decision (the interested party).

If the decision is based on a contract or explicit consent, the controller shall takeappropriate measures to protect the data subject’s rights and freedoms and legitimate interests, including:

at least the right to obtain human intervention on the part of the controller,

to express their opinion and

to contest thedecision

 

Automated decisions shall not be based on special categories of personal data unless the exceptions represented by the explicit consent of the data subject or an important public interest established by a national or European standard which must be proportionate to the purpose pursued, respect the essence of the right to data protection and provide for appropriate and specific measures to protect fundamental rights and interests  of the interestedparty.