PURSUANT TO REGULATION (EU) 2016/679 ('GDPR') ARTICLES 13 AND 14
AND SUBSEQUENT NATIONAL ADAPTATION STANDARDS
This document ("Information Notice") is intended to provide you with guidance regarding the processing of information, as specified below, that will be provided by you or otherwise available at our facility and that will be processed by it and/or other identified parties for the purposes set forth below. The Disclosure, in particular, is made pursuant to EU Regulation No. 679/2016 ("GDPR") and subsequent national adaptation regulations (jointly with the GDPR hereinafter "Applicable Legislation").
- Identity and contact details of the data controller
The data controller, in accordance with Articles 4 and 24 of EU Reg. 2016/679, is KICO SRL, with registered office in Via Dell'industria, c.da Stracca, 64032 - Casoli Di Atri (TE), VAT No. 01672560677, Tel. +39 (085) 9463052, email: firstname.lastname@example.org, in the person of the pro-tempore legal representative.
- Contact details of the Data Protection Officer (DPO)
The Data Controller does not carry out activities requiring the appointment of a Data Protection Officer.
- Purpose and legal basis of processing
The data of a personal nature provided, will be processed in compliance with the conditions of lawfulness ex art. 6 f) (legitimate interest) EU Reg. 2016/679 for the following purposes:
|Purpose||Legal basis of processing|
|collection of data (by filling in forms) for sending newsletters or promotional communications in general by e-mail
Data processing is also based on Article 6(1)(f): (Recital 47) having regard to the reasonable expectations of the data subject ... at the time and in the context of the collection of personal data, when the data subject could reasonably expect processing to take place for that purpose.
- Recipients and categories of recipients
The data of a personal nature provided will be communicated to recipients, who will process the data in their capacity as data controllers (art. 28 of EU Reg. 2016/679) and/or as natural persons acting under the authority of the Data Controller and Data Processor (art. 29 of EU Reg. 2016/679), for the purposes listed above in point 3. Precisely, the data will be communicated to:
- subjects that provide services for the management of the information system and communication networks including e-mail, newsletters and website management;
- firms or companies in the context of assistance and consultancy relationships;
- competent authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request.
The subjects belonging to the above categories act as Data Processors, or operate completely independently as separate Data Controllers. The list of Data Processors is available at the Data Controller's head office.
- Data transfer abroad
Data will not be transferred outside the European Union.
- Period of data retention (criteria for determination)
In accordance with the provisions of Article 5(1)(e) of EU Reg. 2016/679, the Personal Data collected will be stored in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which the Personal Data are processed. Below is a table containing indications of the retention times (i.e. the criteria for determining) of Personal Data:
|collection of data (by filling in forms) for sending newsletters or promotional communications in general by e-mail||2 years from the date of collection, without prejudice to the possibility for the person concerned to change and/or revoke their wishes at any time|
- Methods of data processing
The processing of Personal Data shall be carried out by manual, computerized or telematic means, suitable to guarantee their security and confidentiality and shall be performed by personnel duly trained in compliance with the Applicable Legislation. There is no automated decision-making process.
- Rights to which you are entitled
We inform you that you may exercise the rights recognised by the Applicable Legislation including, without limitation, the right to:
- to access their Personal Data and to know their origin, the purposes and aims of the processing, the data of the persons to whom they are communicated, the period of storage of the data or the criteria for determining it (Art. 15);
- to request its rectification (Article 16);
- deletion ("oblivion"), if no longer necessary, incomplete, incorrect or collected in breach of the law (Art. 17);
- to request that the processing be restricted to part of the information relating to you (Article 18);
- to the extent that it is technically possible, to receive in a structured format or to transmit to you or to third parties indicated by you the information concerning you (so-called "portability") or information that you have voluntarily provided (Art. 20);
- to object to their processing based on legitimate interest (Article 21);
- as well as to revoke his consent at any time, if this constitutes the basis for the processing (revocation of consent, however, shall not affect the lawfulness of the processing based on consent given before revocation).
The aforementioned rights may be exercised by means of a written request addressed without formality to the Data Controller at the contacts indicated in point 1.
The Controller shall do so without delay and, in any event, no later than one month after receipt of the request. The deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Controller. In such cases, the Controller shall inform and inform you of the reasons for the extension within one month of receipt of your request.
You are reminded that where the response to your requests has not been satisfactory in your view, you may apply and file a complaint with the Data Protection Authority(http://www.garanteprivacy.it/) in the manner provided for in the Applicable Regulations.
Revision 22 May 2018