PIGRES S.U.R.L., with registered office in Via dei Balestrari, 15 00186 Rome (RM) Italy, VAT number IT09112231007 (hereinafter, “Data Controller”), as Data Controller, is to inform that according to the Article 13 Legislative Decree. No. 196 of June 30, 2003 (hereinafter, “Privacy Code”) and of Article 13 EU Regulation No. 2016/679 (hereinafter, “PSR”) that your data will be processed in the following manner and for the following purposes:
- Subject-matter of processing
The Data Controller processes the personal data, identifying data (for example, name, surname, company name, address, telephone, e-mail, bank and payment references – hereinafter, “personal data” or “data”) communicated by you when concluding contracts for the services of the Data Controller.
- Purpose of processing
Your personal data will be processed without your express consent (Article 24 point a), b), c) Privacy Code and Article 6 point b), e) GDPR), for the following Service Purposes:
- to conclude contracts for the services of the Data Controller;
- to fulfill pre-contractual, contractual and tax obligations arising from relations with you;
- to fulfill obligations required by law, by regulation, by EU legislation or by an Authority (such as in anti-money laundering);
- to exercise the rights of the Data Controller, such as the right of defence in legal proceedings.
- Processing methods
Your personal data processing is carried out by means of the operations specified in Article 4 Privacy Code and Article 4 No. 2) GDPR and specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data is processed both on paper, electronically and/or by automated processing system.
The Data Controller will process personal data for the time necessary to fulfill the above purposes and in any case for not more than 10 years from the termination of the relationship for the Purposes of Service.
Access to data
Your data may be made accessible for the purposes referred to in Article 2:
- to employees and collaborators of the Data Controller, as processors and/or internal data processing officers and/or system administrators;
- to third party companies or other subjects (as an indication, credit institutions, professional studies, consultants, insurance companies for the provision of insurance services, etc.) which perform outsourcing activities on behalf of the Data Controller, as external data processing officers.
- Data communication
Without the need for an express consent (Article 24 point a), b), d) Privacy Code and Article 6 point b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in Article 2 a Supervisory bodies (such as IVASS), judicial authorities, insurance companies for the provision of insurance services, as well as to those persons to whom the communication is required by law to carry out the said purposes. These subjects will process the data as autonomous data controllers.
Your data will not be disclosed.
The data are stored and controlled through the adoption of appropriate preventive security measures, aimed at minimizing the risks of loss and destruction, unauthorized access, unauthorized processing and not in accordance with the purposes for which the processing is carried out.
- Data transfer
The management and storage of personal data will take place in the territory of the European Union.
- Rights of the data subject
As a data subject, you have the right according to Article 15 GDPR and especially the rights to:
- obtain the confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
- obtain indication of: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out with the aid of electronic instruments; d) the identification data of the Data Controller, data processing officers and the representative designated according to Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, data processing officers or processors;
- obtain: a) have their data updated, corrected, or if applicable, supplemented; b) the deletion, anonymisation, or blocking of data processed in violation of law, including those that need not be retained for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disclosed this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- oppose, in wholly or in part for legitimate reasons the collection of their personal data, even if pertinent to the purpose of collection. Where applicable, you also have the rights under Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to limit processing, right to data portability, right to object), as well as the right to complain to the Guarantor.
- Methods of exercising rights
You can exercise your rights at any time by sending a notice:
- Data controller, manager and appointees
The Data Controller is PIGRES S.U.R.L..
The updated list of data processing officers and processors is retained and may be consulted at the offices of the Data Controller.