Information pursuant to Art. 13 EU Reg. April 27, 2016 No. 679
According to the European Regulation nr. 2016/679 (“GDPR”) any person who carries out personal data processing is required to inform the data subject (i.e. the person whom data belong to) on some elements qualifying data processing, which must be carried out with fairness, lawfulness and transparency, protecting the confidentiality and rights of the data subject.
General principles of processing
The processing will be carried out by means of collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction and will be carried out by the Data Controller, the persons in charge and the persons authorized to process the data.
Personal data are: processed lawfully, fairly and transparently; collected for specified, explicit and legitimate purposes and thereafter will be processed in a manner that is not incompatible with those purposes; adequate, relevant, limited to what is necessary in relation to the purposes for which they are processed; accurate and up-to-date, committing the Controller to take the necessary measures to delete or rectify the data in relation to the purposes for which they are processed; kept in a form that allows the identification of the data subject for the time strictly necessary to achieve the purposes for which they are processed; processed with the utmost confidentiality, both by computer and by paper means, in compliance with the principles dictated by the European Regulation on the protection of personal data, with the prescriptions issued by the Control Authority and in any case in such a way as to ensure adequate security, including protection, with appropriate technical and organizational measures, from unauthorized or unlawful processing or from loss, even accidental.
Identity and Contact Details of the Data Controller
Data Controller is ARITHMOS S.r.l., a sole shareholder company, with registered office in Verona, Via Germania n. 2, VAT Number 03568990232.
For the purposes of exercising the rights provided for in the GDPR, and for any request relating to your personal data, you may contact the Data Controller by sending a communication to the following e-mail address: firstname.lastname@example.org
Contact Details of the Data Protection Officer
Arithmos S.r.l. has appointed as Data Protection Officer (DPO), Avv. Simone Baggio, whose email address is email@example.com.
Purpose and legal basis of data processing
Personal data are processed by the Data Controller for the following purposes:
- Marketing activities, including but not limited to direct sales, sending of advertising material, market research, commercial communication;
- Handling of requests from users via special form;
- Communication of data to third parties for marketing purposes;
For the same purposes, data of individuals who are employees and/or self-employed workers of current or potential client companies of Arithmos S.r.l. are processed.
The processing of personal data for the purposes indicated in points 1-3 is lawful if and insofar as the data subject has given consent to the processing of his or her personal data, pursuant to Article 6, letter a) of European Regulation 679/2016.
The data subject is also made aware that the personal data that the Data Controller will come into possession of upon the conclusion of the contract with the customer, and in particular the e-mail address, may be used in the future for promotional activities relating to services similar to those covered by the contract. The data subject may always object to the processing, with a simple request to be sent to the Data Controller at the indicated email address. The processing in question is lawful insofar as it is necessary for the pursuit of the legitimate interest of the Data Controller Art. 6 (f) of European Regulation 679/2016).
Possible recipients or categories of recipients of personal data
The personal data that the Controller will come into possession of are not subject to dissemination.
The personal data may be known by the persons in charge and those responsible for processing. In particular, the data may be known by employees authorized to process (e.g. employees with a role in the administration, employees working in the marketing sector) and by collaborators of whom Arithmos S.r.l. makes use for the pursuit of the specified purposes and who are appointed as external data processors (individuals who perform computer, telematic, financial, administrative, filing, printing services, business brokers, etc.). The list of Data processor can be asked by email to the address firstname.lastname@example.org
Data transfer to third countries
The Holder, in pursuit of the corporate purpose, could transfer data of its customers outside the European Union. In that case, the transfer will be performed in compliance with the conditions of lawfulness set forth in Article 44 et seq. of the European Regulation 679/2016 and, in particular, the transfer to The Pharmaceutical Code Company is lawful insofar as the recipient country offers adequate guarantees for the protection of personal data.
Period of storage of personal data
Personal data for the purposes indicated in points 1 – 3 of the paragraph “Purposes and legal basis of processing” will be retained for the duration of 2 years from the time of collection and, in any case, until the data subject has notified the Data Controller of his or her wish to delete his or her personal data from the Data Controller’s archives and/or not to receive promotional communications.
Right to withdraw consent
The data subject always has the right to revoke consent to the processing of personal data for the purposes indicated in points 1 – 3 of the paragraph “Purposes and legal basis of processing”; in any case, revocation of consent to processing does not affect the lawfulness of processing based on the consent given before revocation.
Right to lodge a Complaint
The data subject has the right to propose a complaint to the Control Authority, represented in Italy by the Guarantor for the Protection of Personal Data. The complaint may be submitted by the interested party in the manner deemed most appropriate: by hand, by registered letter with return receipt, by fax or by e-mail. For information, the interested party is invited to consult the Guarantor’s website at www.garanteprivacy.it.
Mandatory or optional nature of data communication
The conferment of personal data that are strictly functional to the negotiation and conclusion of the contract, the fulfilment of contractual obligations, the fulfilment of obligations in accounting, administrative, fiscal and civil law provided by the Law, is not compulsory by law, but any refusal to confer them may result in the objective impossibility for the Data Controller to pursue these purposes.
The provision of personal data for promotional purposes, for communication to third parties for marketing purposes and for profiling is optional.
Data subject’s rights
The Data Subject has the right to obtain access to personal data from the Data Controller.
In particular, the Data Subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her is being processed and, if so, access to the personal data and the following information:
(a) the origin of the personal data, if the data are not collected from the data subject;
(b) the purposes and methods of processing;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organizations;
(d) the expected period of retention of personal data, or, if this is not possible, the criteria adopted to determine this period;
(e) the existence of the data subject’s right to request from the Controller the rectification or erasure of personal data or the restriction of the processing of data concerning him or her or to object to its processing
(f) the right to lodge a complaint with a supervisory authority;
(g) the existence of an automated decision-making process, including profiling, and, at least in such cases, meaningful information about the logic used, as well as the importance and the expected consequences of such processing for the data subject;
(h) if the data is transferred to a third country or international organization, the adequate safeguards under Article 46 of Regulation 679/2016 of such transfer.