INFORMATION FOR PERSONAL DATA PROCESSING (Pursuant to Art. 12 of EU Regulation 2016/679 of the European Parliament and Council)
Dear Customer, Mr. Mauro Mariotti of the company Sara Electronic Instruments S.r.l. with registered office in Via Mercuri, 4 – 06129 Perugia, (PG), VAT 13125191000, in his capacity as Controller of the personal data processing, would like to inform you that EU Regulation 2016/679 of the European Parliament and Council (“General Regulation on Data Protection), establishes regulations on the protection of natural persons as regards processing of personal data, as well as regulations concerning the free circulation of said data. The regulation protects the rights and fundamental freedoms of natural persons, specifically the right to personal data protection. The data controller (natural or legal person who establishes the aims and methods for personal data processing) implements appropriate measures to provide the data subject with all information concerning the processing. According to the indicated regulations, said processing shall be inspired by principles of fairness, lawfulness and transparency and protection of your confidentiality and your rights. Pursuant to article 12 of EU Regulation 2016/679, in case of collection from the data subject of data concerning them, the Data Controller provides the following information to the data subject, when the personal data are obtained:
Object of the Processing The Data Controller handles the personal data, identification of a natural person (data subject) such as name, surname, ID number, company name, address, telephone, email, bank and payment details etc. you have provided upon entering into contracts for the Data Controller’s services.
Data Controller and Representative of the Controller The Data Controller is: Mr. Mauro Mariotti. c/o Sara Electronic Instruments S.r.l. with registered office in Via Mercuri, 4 – 06129 Perugia, (PG), VAT 13125191000, Tel +39 075 5051014 , firstname.lastname@example.org The Representative of the Data Controller (where applicable) is: Not appointed. The updated list of the Data Processors (where applicable) and persons in charge of processing is kept at the registered office of the Data Controller.
Person Responsible for Data Protection (where applicable) The Person Responsible for data protection is: Not appointed.
Aims of data processing The data provided by you shall be processed without your express Consent for the following aims: 3A) execution of pre-contractual measures 4A) legal obligation the data controller is subject to 7A) pursuit of the lawful interest of the Data Controller or third parties. The data provided by you shall be processed with your specific written Consent for the following aims (where applicable): 1B) Marketing activities 2B) Activation and management of the service to send newsletter 3B) Activation and management of the services through the company’s website The data processing is lawful because: 1C) the data subject has expressed their consent to processing their personal data (services from the company’s website and newsletter) 3C) the processing is required to fulfil a legal obligation the Controller of processing is subject to 6C) the processing is required for the pursuit of the lawful interest of the Controller of the processing or of third parties, provided that they do not undermine the data subject’s interests or rights and fundamental freedoms that require personal data protection, in particular if the data subject is a minor. (services from the company’s website and newsletter)
Lawful interests of the data controller (where applicable only if the lawfulness conditions of the processing under point 3 are type 6C) The processing of data is based on the following lawful interests: any right to legal defence.
Methods of data processing The personal data are processed by means of the operations set out in art. 4 par. 2) and more precisely: the collection, recording, organisation, layout, storage, adaptation or modification, extraction, referencing, use, disclosure by sending, disseminating or any other form of disclosure, comparison or interconnection, limitation, deletion or destruction; the data are processed by using appropriate instruments and procedures to assure safety and confidentiality. The personal data shall be processed with the following methods: ■ paper manual ■ computerised manual (without automated decision process)
Data disclosure With no need for express consent (pursuant to art. 6 lett. b) and c)), the Data Controller may disclose your data for the purposes referred to above to Supervisory Bodies, Judicial Authorities, to insurance companies, as well as to entities to whom disclosure is mandatory by law for the accomplishment of said purposes. Said entities shall process the data in their capacity as independent data controllers. □ the data shall not be disclosed to any category of recipients, nor will they be subject to any manner of disclosure □ the data shall not be disclosed to other recipients, nor will they be subject to any manner of disclosure ■ the data may be/shall be disclosed to the following categories of recipients: external managers who take part in company processes solely to fulfil specific legal obligations and in compliance with contractual obligations, public and private bodies for social security, welfare and insurance purposes □ the data may be/shall be disclosed to the following recipients
Disclosure of the data to a third party country or international organisation ■ The personal data shall not be sent to a third party country or international organisation. □ The personal data shall be sent to a third party country or international organisation; □ The third party country/international organisation is________________; Furthermore, please note that: □ There is a decision of adequacy of the Commission; □ There is no decision of adequacy of the Commission.
Nature of the provision of data and consequences of the refusal to answer The Data Controller is obliged to inform the data subject if the disclosure of the personal data is a legal or contractual obligation or a necessary requirement for entering into a contract, and whether the data subject is obliged to provide their personal data as well as the possible consequences of failure to provide said data; The provision of the data is: ■ mandatory (Point 4, letter A) ■ optional (Point 4, letter B) (services from the company’s website and newsletter) In the case where the data provision for the indicated purposes is mandatory, the reason of the obligation is due to execution of precontract measures. In the case where the data provision for the indicated purposes is mandatory, any refusal to provide said data: □ has no consequence, □ might entail failed execution of the contract, □ might entail partial execution of the contract, □ failed continuation of the contract, ■ failure to provide the services; □ other. In the case where the data provision for the indicated purposes is not mandatory, any refusal to provide said data: □ has no consequence, □ failed continuation of the contract, ■ failure to provide the services (services from the company’s website and newsletter) □ other.
Data Storage The Data Controller shall process the personal data for the time strictly required to fulfil the above purposes. ■ The processed personal data shall be stored for the activation period of the service and for a maximum time of 5 years from its discontinuation.
Rights of the data subject The data subject may exercise their rights with the data controller at any time. Art. 13 letter b) of EU Regulation 2016/679, states that when the personal data are obtained, the data controller provides the data subject with the existence of the following rights required to assure correct and transparent processing of the personal data: – access to the data (Art. 15) – rectification of data processing (art. 16) – cancellation of the data (Art. 17) – limitation of data processing (Art. 18) – objection to data processing (Art. 21) – portability of the data (Art. 20). In addition to the rights under article 13, the EU Regulation set forth additional rights that may be exercised by the data subject: – revocation of consent (Art. 7) – complain with an oversight authority (Art. 77). The articles that specifically deal with the individual rights of the Data Subject are attached.
Right to revocation of consent (Art. 7) Art. 7 paragraph 3, states that the data subject has the right to revoke their consent at any time in the following cases: – where the processing is based on consent given to processing of one’s data for one or more specific purposes (article 6, paragraph 1, letter a), – where the processing concerns the particular categories of personal data (personal data that reveal race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data regarding health or sexual life or sexual orientation) and is based on consent given to processing of one’s data for one or more specific purposes (article 9, paragraph 2, letter a). Revocation of consent does not prejudice the lawfulness of the processing based on consent given before the revocation. The data subject is informed on that prior to giving their consent. The consent is revoked with the same ease with which it is granted.
Right to complain with an oversight authority (Art. 77) Art. 77 states that the data subject, should they believe that the processing concerning them infringes this regulation, has the right to complain with an oversight authority, specifically in the member State where they normally reside or work or where the alleged infringement took place. Without prejudice to bringing any other administrative or judicial proceedings. The Data Controller informs the data subject of the option of complaining with an oversight authority and to bring judicial proceedings. The oversight authority the complaint has been filed with, informs the complainant of the status or outcome of the complaint, including the option of bringing judicial proceedings pursuant to article 78. The data subject also has the right to bring actual judicial proceedings, should the oversight authority fail to handle the complaint or fail to inform them within three months of the status or outcome of the complaint filed. Without prejudice to bringing any other administrative or judicial proceedings.
Methods to exercise the data subject’s rights The data subject may exercise the rights at any time by sending to the Data Controller and/or the Data Processor (where appointed): – a registered letter with return receipt sent to: SARA ELECTRONIC INSTRUMENTS S.R.L. with registered office in Via Mercuri, 4 – 06129 Perugia, (PG), VAT 13125191000 ; – an email to: email@example.com