Personal data processing policy (article 13 EU regulation 2016/679)
Pursuant to Article 13 of EU Regulation 2016/679 (hereinafter referred to as the GDPR) on personal data protection, NERI S.p.A. hereby informs you that the personal data collected, as regards the contractual relationships established or basic requests for information, will be processed in accordance with the regulation mentioned above.
In relation to the aforementioned processing, NERI S.p.A. also provides you with the following information:
Personal data collected
The personal data collected, following your free and express consent, solely concern:
– identification data (such as: name, surname, address, telephone, fax, email, etc.)
– tax data (if required by law – such as tax code, VAT number, etc.)
Personal data controller and personal data processor (13.1 a, b)
The Personal Data Controller is Isacco Neri. The role of Data Processor has been granted to Paolo Vernocchi, whom the data subject an contact at any time, using one of the methods described on the website (such as, by email firstname.lastname@example.org ), in order to exercise your rights under Article 13.2, sections b, c and d.
Personal data processing purposes and methods (13.1 c)
The purposes of processing personal data are as follows:
1) fulfilling the legal obligations associated with the contractual relationship;
2) providing for the organisational management of the contractual relationship;
3) fulfilling requests received by us;
Personal data will be processed in paper, computer and electronic format and shall be included in the relevant databases that will only be accessible by the Data Controller and its representatives. As regards data processed electronically, it should be emphasised that all appropriate security measures have been taken to protect the data subjects’ rights, freedom and legitimate interests, as per Article 22.3 of the GDPR.
Possible personal data recipients (13.1 e and f)
In relation to the purposes specified in sections 1, 2 and 3 of the preceding paragraph, data may be disclosed to the following parties or categories of parties specified below:
– Recognised accountancy firms relating to the company support profession when disclosure is required by law, or when it is in the interests of the data subject (individual or legal entity);
– Recognised law firms relating to the company support profession when disclosure is required by law, duly responsible for this form of processing, in full compliance with the measures in force, or when disclosure is in the interests of the data subject.
The Data Controller also informs you that it does not intend to transfer your data to a non-EU third-party country or to a non-EU international organisation.
Personal data retention period (13.2 a)
On completion of the service, service provision or response, your personal data shall only be retained for historical or statistical purposes, in accordance with the law, regulations, EU legislation and code of ethics and good code of conduct, signed pursuant to Article 40 of the GDPR, for a period as per the current legislation (usually 10 years), or, if not subject to any law, for a period not exceeding five years. After this period, personal data shall be retained in anonymous form, or shall be destroyed.
Rights of data subjects (13.2 b)
In relation to the aforementioned data processing, the data subject is entitled to request access to their personal data and to rectify or delete them or to limit their processing as regards them or to object to their processing and is also entitled to the right to data portability.
Right of withdrawal of consent (13.2 c)
If the processing is based on consent, the data controller shall inform the data subject that he/she is entitled to withdraw it at any time without prejudice to the lawfulness of the processing based on consent given before said withdrawal.
Right to make a complaint (13.2 d)
The data controller informs the data subject of his/her right to make a complaint to a supervisory authority, in which case, he/she will need to request information using one of the systems specified above in order to contact said authority.
Mandatory of optional nature of the provision of data (13.2 e)
The provision of data and the related processing thereof are mandatory in relation to the purposes relating to tax obligations; it follows that any refusal to provide data for said purposes may result in the impossibility for the data controller to make said professional relations and legal obligations effective. The provision of data and the related processing thereof is to be considered optional in other cases, without any consequence.
Possible existence of an automated decision-making process (13.2 f)
The data controller informs the data subject that this website does not have an automated decision-making process, therefore, specifically, there is no profiling system.
The use of session cookies (which are not stored permanently on the user’s computer and which disappear when the browser is closed) is strictly limited to the transmission of session identifiers (comprising random numbers generated by the server) which are necessary to enable the website to be browsed securely and efficiently. The session cookies used on this website prevent the use of other technologies that could compromise the confidentiality of users’ browsing sessions and do not permit the acquisition of users’ personal identification data.