DIRECTIVE FOR CUSTOMER DATA PROCESSING AS PER ART. 13 REG. EU 679/2016T. 13 REG. UE 679/2016
I have acknowledged the directive and my rights as regards Personal data processing as per art. 9 and art. 13 of the Regulations. E.U. 679/2016 (G.D.P.R.), as regards the process of my personal data carried out by the persons listed in this Directive and for the purposes indicated and within the limits of the same purpose.
a) The processing manager is SILVIA CIRRI – of Podere Conca 196 Società Semplice Agricola Di Cirri Silvia (01822350490) with headquarters in Via Bolgherese196, Castagneto Carducci (LI) – who can be contacted as regards personal data at the above address or at the following email address mail firstname.lastname@example.org.
b) You are the Data Subject and you have the following rights and obligations.
1. Data processing
1.1. The Processing Manager, whose data are listed at Point a, will manage the data in line with principles of lawfulness, fairness, transparency, within the limits of purpose and filing, data minimization, accuracy, integrity, and confidentiality.
2. Purposes, Categories of Data and Legal Basis of Data Processing
2.1. The Manager provides data processing with the following purposes:
a) fulfilling, even before closing a possible deal, if you have required it, agreement or specifications that you have requested (such as, for example, contacting you to deliver the services/products required or telling you that services/products are ready/available);
b) providing the arising obligations due to a possible agreement;
c) providing administrative, accounting, financial, fiscal duties;
d) providing any obligation required by law and/or any order required by public authorities;
e) finally, asserting or safeguarding a right in a court of law.
2.2.The manager will process the following data: name, surname, fiscal data, address, email address, telephone number (or other contact addresses).
2.3. The legal basis of processing are the following, subdivided into data categories:
a) Identification data: consent of the data subject and/or necessity to provide obligations as per points 2.1 a-e;
b) Fiscal data: necessity to provide obligations as per points 2.1 c-e.
3. Data Processing System
3.1. The data must be processed as follows:
a) collected in electronic or paper form;
b) registered in digital form on computer and/or filed in paper and available exclusively to the Manager;
c) protected from changes, destruction, deletion, and unauthorized access by means of logistic, physical, and organisational safety measures.
d) further processed, also in paper form, to the extent of and within the time strictly necessary to provide the above procedures.
4. Communication to Recipients and Disclosure
4.1. The data can be disclosed to third Persons (including PA or Judicial Authority) only if strictly necessary to fulfil the above purposes or only for compliance with law or, in any case, only if required by Authorities.
4.2. The Categories of Recipients are the following:
a) the subjects necessary to provide the related works and the implementation of the Agreement;
b) persons entrusted by the Manager, who are committed in confidentiality or with an appropriate legal obligation to confidentiality (e.g. collaborators and employees of the Manager).
4.3. The Manager may disclose Data either to implement the obligations of law or to perform the orders coming from public authorities, including Judicial Authority.
4.4. The data won’t be disclosed.
- Data Retention Period
5.1. The Manager will file the Data for the time necessary to achieve their purpose as per point 2, but not over fifteen years.
6.1. The Communication of Data is
- a) mandatory as regards the execution of the agreement or the fulfilment of law obligations or orders of Public Authority;
- b) non-mandatory as regards the other services that you can require.
Consequences of Refusal of Data Communication
7.1. The agreement cannot be fulfilled in case of refusal to communicate personal data as per previous point 6.1 a).
7.2. If you should refuse to communicate the personal data necessary as per previous point 6.1 b), the other services that you have required, where appropriate, cannot be performed.
8. Rights of the Data Subject
8.1. The data subject has the right of:
a) accessing to his/her own data in the hands of the Manager;
b) asking for modifications and/or deletion (“oblivion”);
c) asking for Limitation or refuse processing;
d) requiring Data portability;
e) filing a complaint to the Competent Supervisory Authority.
The data subject has the right to lodge a complaint to the Guarantor Authority for the personal data protection.