Information on the processing of personal data ex art. 13-14 EU Reg. 2016/679
Interested Parties: customers
TIESSE S.P.A. in its capacity as the Data Controller of your personal data, pursuant to and in accordance with EU Reg. 2016/679 hereinafter 'GDPR', hereby informs you that the aforementioned legislation provides for the protection of data subjects with respect to the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of your confidentiality and your rights.
Your personal data, and those of individuals working on behalf of your company as appointees will be processed in accordance with the legislative provisions of the aforementioned legislation and the confidentiality obligations provided therein.
Purposes and legal basis for processing: in particular, your data will be processed for the following purposes related to the implementation of fulfillments related to legislative or contractual obligations:
- Management of the contractual relationship with the customer, including post-contractual activities with regard to the design, production as well as service of physical and virtual network equipment, including management and automation software (b.g. execution of a contract art. 6 par. 1 lett. b)
- Statutory obligations in the field of taxation and accounting (b.g. statutory obligation art. 6 par. 1 lett. c)
- Fulfillment of legal obligations, regulations, national and/or EU regulations (b.g. legal obligation art. 6 par. 1 lett. c)
- Soft marketing activities, sending newsletters and informative communications within the scope of the proposed services (b.g. legitimate interest art. 6 par. 1 lett. f)
- Defensive investigation activities to ascertain, exercise or defend a right in court (b.g legitimate interest of the Owner art. 6 par. 2 lett. f.)
The processing of functional data for the fulfillment of these obligations is necessary for the proper management of the relationship and their provision is mandatory to implement the above-mentioned purposes. The Data Controller also makes it known that any failure to communicate, or incorrect communication, of any of the mandatory information, may cause the inability of the Data Controller to ensure the appropriateness of the processing itself.
The Holder makes it known that at any time, even at the same time as the collection of the data necessary for billing, the interested party may object to the use of his personal data (specifically contact data) for sending communications, newsletters and marketing activities within the scope of the proposed services. Such processing does not require the consent of the data subject, since according to art. 6 par. 1 letter f and recital 47 of the Gdpr, as well as art. 130 paragraph 4 of the revised Privacy Code Legislative Decree 196/2003, the legitimate interest of the Data Controller is the applicable legal basis.
Method of processing: your personal data may be processed in the following ways:
- processing by means of electronic calculators
- manual processing by means of paper archives
All processing is carried out in accordance with the methods set out in Articles 6, 32 of the GDPR and through the adoption of the appropriate security measures provided.
Communication: your data may be communicated exclusively to the public bodies and offices to which the tax data must be communicated (e.g. Agenzie delle Entrate,) as well as banks and credit institutions; in case of necessity for the performance of the services requested, to competent and duly appointed parties for the performance of the services necessary for the proper management of the relationship, such as consultants and service providers, with guaranteed protection of the rights of the data subject.
Your data will be processed only by personnel expressly authorized by the Data Controller.
Disclosure: Your personal data will not be disclosed in any way.
Retention Period: We would like to inform you that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to Article 5 of the GDPR, the retention period of your personal data is:
- accounting and tax data: 10 years in compliance with the obligations related to the preservation of accounting and tax records (art. 2220 Civil Code, which provides for the preservation of accounting records for 10 years; art. 22 of Presidential Decree September 29, 1973, no. 600 )
- other data: 10 years from the time of the termination of the effectiveness of the contract or, in case of disputes, for the prescriptive term provided by the legislation for the protection of related rights
- soft marketing: data will be kept until consent is revoked or until the right of cancellation and/or opposition is exercised, however, for a period not exceeding 3 years from the contractual term
Rights of the Interested Party
1. The interested party has the right to obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet registered, and their communication in an intelligible form.
2. The data subject has the right to obtain indication:
a. the origin of the personal data;
b. of the purposes and methods of processing;
c. the logic applied in case of processing carried out with the aid of electronic instruments;
d. of the identification details of the data controller, data processors and the representative designated pursuant to Article 5, paragraph 2;
e. of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or appointees.
3. The interested party has the right to obtain:
a. the updating, rectification or, when interested, the integration of data;
b. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed;
c. certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves a manifestly disproportionate to the protected right;
d. the portability of the data.
4. The data subject has the right to object, in whole or in part:
a. for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of collection;
5. The data subject has the right to request the restriction of processing.
He/she may exercise his/her rights by sending an email to privacy@tiesse.com or by sending a written request to the contact details specified above.
In addition, the data subject in case he/she believes that the processing of his/her data is contrary to the legislation in force may lodge a complaint with the Supervisory Authority for the Protection of Personal Data pursuant to Article 77 of Regulation 2016/679 or file a report pursuant to Article 144 of Legislative Decree 101/2018.