This document provides correct, clear and complete information about the personal data processing Promeia Spa (Data Controller) carries out pursuant to European Regulation no. 679/2016.
Promeia Spa regarding the informed processing of personal data concerning him/her, collected in order to initiate and implement the related business relationship (and of data that will be collected for the legitimate purposes set out below).
- a) The Data Controller is PROMEIA SPA (Tax Code / Vat Number 00216330126), with operational headquarters in Caronno Pertusella (VA), Corso della Vittoria, 1585/1533, I-21042; (e-mail email@example.com).
b) The Data Processor is Ms. Paola Del Ponte (emai:l firstname.lastname@example.org).
d) The legal basis of the processing is connected to inherent legal obligations and to the aforementioned pre-contractual and contractual obligations.
e) Personal data collected may be transmitted (including for storage processing) by Promeia in fulfilment of legal obligations and/or for related contractual obligations to the following subjects or categories of subjects on the basis of relations of co-ownership or co-responsibility : – associates-employees of Promeia; – public entities in the case of legal obligations and/or by contract; – suppliers and/or free-lance professionals (lawyers, notaries, accountants, etc.) in compliance with the aforementioned purposes and the principle of minimization; – corporate bodies and subjects assigned to legally mandatory controls (board of statutory auditors, prevention and safety manager, etc.); company that owns the shares of Promeia.
f) With respect to the latter category (owner company), it should be noted that the owner has a legitimate interest in processing the data (even if only for storage) with another subject (Omeia SA) as part of the same business “group”. Processing also takes place to reinforce internal security measures.
g) Personal data will be processed (processing methods) on paper and, where possible, with the help of computer systems, or only through computer systems, by selected individuals in compliance with confidentiality and security rules. Where possible, data will be processed only by means of a PC connected to a secure server equipped with anti-intrusion and data recovery systems in case of claims.
h) The collected data is transferred (stored) in a country outside the EU (Switzerland).
The Data Controller provides the Data Subject with the following additional information.
- 1. The expected retention period of personal data is ten years, and the period will begin at the end date of the contract and/or of the business relationship between the parties, subject to any extension periods that will subsequently be communicated, and any other specific legal obligations.
2. The Data Subject has the RIGHT, in the terms applicable by law, to ask Promeia to access his/her personal data, to rectify them, to cancel them or limit or to oppose their processing, if this does not conflict with the provisions of law and administrative regulations. The undersigned is also entitled to withdraw his/her consent at any time, but only if the processing is exclusively based on art. 6, paragraph 1, letter a), or on art. 9, paragraph 2, letter a) of the EU Regulation.
3. It should be noted that the processing of personal data in question is mandatory and necessary to pursue and implement the processing purposes mentioned above. Therefore, any refusal or request for cancellation or the subsequent revocation or request for limitation on the processing of personal data will preclude Promeia (in whole or in part) from fulfilling all contractual and/or legal obligations.
4. The data subject has a right to data portability when the processing by the Data Controller takes place in an automated form (for example, through portals made available to Public Bodies). At present, this type of processing of the user’s position is not provided. No provision is made, moreover, of an automated decision-making process in regard to processing, including the profiling referred to in Article 22, paragraphs 1 and 4 of the EU Regulation.
5. Without prejudice to any other possible judicial appeal, the DATA SUBJECT has the right to lodge a complaint with the competent Italian Data Protection Authority in relation to the way in which personal data are processed and protected.
6. Finally, it should be noted that if Promeia should further process personal data for a purpose other than those for which they were collected, it will provide the Data Subject with relevant information before such further processing.