Regulation (EU) 679/2016

PROCESSING OF PERSONAL DATA

 

INFORMATION FOR CUSTOMERS AND SUPPLIERS

 

Pursuant to Article 13 of Regulation (EU) 2016/679 on the protection for natural persons with regard to the processing of personal data (hereinafter for brevity referred to as the "Regulation" or "EU-REG")

 

P.RE.ST Ltd. (hereinafter referred to as the "Data Controller") hereby informs you about the processing of your personal data pursuant to Article 13 of Regulation (EU) No. 679/2016.

 

1.       Purpose of the processing for which the personal data are intended and legal basis of the processing

The Data Controller processes personal identification data (e.g. first name, surname, company name, address, telephone number, e-mail address, bank and payment details), hereinafter referred to as "personal data" or also "data", which you provide when concluding contracts for services provided or to be provided in the future for the following purposes:

a)       for the performance of contracted services or for the performance of pre-contractual processes related or connected to these services and/or for the performance of specific requests.

In these cases, the legal basis of the processing is the fulfilment of contractual or pre-contractual obligations by the Data Controller;

b)      for the proper performance of obligations provided for by law, regulation or EU legislation, as well as for the fulfilment of measures adopted by public authorities empowered to do so or by supervisory and control bodies to which the Data Controller is subject (e.g. tax audits, etc.). In these cases, the legal basis of the processing is compliance with a legal obligation pursuant to Article 6(1)(c) of the GDPR;

c)       with your express consent or pursuant to art. 130, par. 4 of the Legislative Decree 196/03, if applicable, for commercial or marketing purposes, such as the forwarding of commercial and marketing communications relating to the real estate sector, the newsletter with information on the activity of the Data Controller or company brochures, for surveys on the quality of service or statistical surveys. In these cases, the legal basis of the processing is the explicit consent pursuant to Art. 6.1, letter a) of the Regulation (EU) or Art. 130, para. 4 of the Legislative Decree 196/03. In any case, you can object to the processing by unsubscribing from the mailing list or the service.

 

2.       Data provision and consequences of non-provision of data

The provision of data for purposes a) and b) is necessary for the performance of the contractual relationship and for the fulfilment of the legal obligations. The refusal to provide the personal data or the lack of consent to their processing makes it impossible for the Data Controller to provide the requested services and fulfil the purposes stated in point 1, letters a) and b) of this information letter.

On the other hand, the provision of data for the purposes mentioned in point 1, letter c) of this information letter is on a voluntary basis. The data subject is free to give or refuse consent. Even after consent has been given, the data subject is free to revoke it at any time.

 

3.       Data processing methods

The processing of your personal data will be performed in accordance with the principles of lawfulness, accuracy and transparency, while respecting your confidentiality and the one of your family members in accordance with the principles of Article 5 of the Regulation (EU). The processing may be carried out manually, by paper means and also by electronic or otherwise automated means.

The data is collected and processed on the premises of the Data Controller in specific document archives/servers.

Your personal data will be processed using appropriate technical and organisational security measures in accordance with Article 32 of the Regulation (EU), in order to ensure a level of security appropriate to the risk, by minimising the risks of destruction or loss, unauthorised access or processing not in compliance with the purpose of the collection.

Your personal data will not be used for automated decision-making or profiling.

 

4.       Data transmission and transfer to third countries

Your personal data will not be forwarded.

In order to fulfil the purposes mentioned in point 1) of this information letter, it may be necessary for the Data Controller to disclose your personal data to external, trusted third parties, namely:

a)       to companies belonging to the Group;

b)      to credit institutions for banking and payment services, to companies providing computerised postal services, to companies archiving and storing documents and to other providers of outsourced functional services;

c)       to the Data Controller's legal and tax advisers;

d)      to insurance or reinsurance companies or directly to liable third parties if the banks, insurance or financing companies exercise their right of recourse.

The aforementioned legal entities process the data, , as the case my be, as independent Data Controllers or as data processors duly mandated to do so by contractual agreements pursuant to Article 28 of the Regulation (EU).

Your personal data will generally not be transferred to a third country outside the EU or to international organisations. However, should this be necessary, the data transfer will be performed in compliance with the provisions of the EU-REG.

 

5.       Storage period for personal data

Your personal data will be stored throughout the duration of the contractual relationship and also after its termination for a period as long as necessary to comply with all applicable legal (e.g. tax) and/or administrative obligations related to or arising from the relationship (10 years). Your consent to data processing for marketing activities will be stored as long as it is required by legal obligations and in any case until you withdraw it.

 

6.       Identity and contact details of the Data Controller, the privacy contact person and the data protection officer

The Data Controller is P.RE.ST Ltd., with registered office at Via Galileo Galilei 10, 39100 Bolzano (BZ), e-mail privacy@prestsrl.it, phone secretariat/PR +39-0471-533.690, certified e-mail address prestsrl-poh@pec.it.

The privacy contact person, to refer to in order to exercise the rights foreseen in the Regulation (EU), listed in the following clause, can be addressed as follows: P.RE.ST Ltd., with registered office at Via Galileo Galilei 10, 39100 Bolzano (BZ), e-mail privacy@prestsrl.it, telephone secretariat/URP +39-0471-533.690, certified e-mail address prestsrl-poh@pec.it.

Please also note that no data protection officer has been appointed.

 

7.       Rights of the person(s) concerned

The following rights are granted to you at any time, provided that you are able to exercise them in accordance with Articles 15 to 22 of Regulation (EU) 679/2016:

a)       to obtain confirmation as to whether or not personal data relating to you exist;

b)      to obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, where possible, the duration of the storage;

c)       to request the rectification and erasure of data;

d)      to obtain the restriction of processing;

e)      (where applicable) to obtain data portability, i.e. to receive the data from the Data Controller in a structured, commonly used and machine-readable format and to transmit it without hindrance to another Data Controller;

f)        to oppose processing at any time, including in the case of processing for direct marketing purposes;

g)       to oppose automated decision-making concerning data subjects, including profiling;.

h)      to obtain from the Data Controller access to and rectification or erasure of personal data concerning you, or to object to processing, in addition to the right to data portability;

i)        to revoke the consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation;

j)        to lodge a complaint with the Italian Data Protection Authority, located in Rome, Piazza Venezia n. 11, official website of the Authority: www.garanteprivacy.it.

The rights can be exercised by contacting the Data Controller, the privacy contact person or the data protection officer (if any) at the addresses mentioned in the previous paragraph.

 

The Data Controller reserves the right to change, update, supplement or remove parts of this privacy policy if relevant legislation changes. Data subjects are obliged to check the company's website regularly for changes.