Information on personal data processing
PIGRES S.U.R.L., with registered office in Via dei Balestrari, 15 00186 Rome (RM) Italy, VAT number IT09112231007 (hereinafter, “Holder”), as data controller, hereby informs you pursuant to art. 13 of Legislative Decree no. 196 of 30 June 2003 (hereinafter, “Privacy Code”) and art. 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in accordance with the following terms and for the purposes set out below:
1. Subject-matter of processing
The Data Controller processes personal and identifying data (for example, name, surname, company name, address, telephone, e-mail, bank and payment references – hereinafter, “personal data” or “data”) communicated by you when concluding contracts for the services of the Data Controller.
2. Purpose of processing
Your personal data will be processed without your express consent (Article 24 point a), b), c) Privacy Code and Article 6 point b), e) GDPR), for the following Service Purposes:
to conclude contracts for the services of the Data Controller;
to fulfill pre-contractual, contractual and tax obligations arising from relations with you;
to fulfill obligations required by law, by regulation, by EU legislation or by an Authority (such as in matters of anti-money laundering);
to exercise the rights of the Data Controller, such as the right of defence in legal proceedings.
3. Processing methods
Your personal data processing is carried out by means of the operations specified in Article 4 Privacy Code and Article 4 No. 2) GDPR and specifically by: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.
Your personal data are processed both on paper, electronically and/or by automated processing system.
The Data Controller will process personal data for the time necessary to fulfill the above purposes and in any case not longer than 10 years from the termination of the relationship for the Purposes of Service.
4. Access to data
Your data may be made accessible for the purposes referred to in Article 2:
to employees and collaborators of the Data Controller, as processors and/or internal data processing officers and/or system administrators;
to third party companies or other subjects (e.g. credit institutions, professional studies, consultants, insurance companies for the provision of insurance services, etc.) which as external data processing officers perform outsourcing activities on behalf of the Data Controller.
5. Data communication
Without the need for an express consent (Article 24 point a), b), d) Privacy Code and Article 6 point b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in Article 2 to supervisory bodies (such as IVASS), judicial authorities, insurance companies for the provision of insurance services, as well as to those persons to whom the communication is required by law to carry out the said purposes.
These subjects will process the data as autonomous data controllers.
Your data will not be disclosed.
The data are stored and controlled through the adoption of appropriate preventive security measures, aimed at minimizing the risks of loss and destruction, unauthorized access, unauthorized processing and not in accordance with the purposes for which the processing is carried out.
7. Data transfer
The management and storage of personal data will take place in the territory of the European Union.
8. Rights of the data subject
As a data subject, you have the right according to Article 15 GDPR and especially the rights to:
8.1. obtain the confirmation of the existence or nonexistence of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
8.2. to obtain information on: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out with the aid of electronic instruments; d) the identification data of the Data Controller, the data processing officers and the representative designated in accordance with Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representatives in the territory of the State, officers or processors;
8.3. to obtain: a) their updated, corrected, or if applicable, supplemented data; b) the deletion, anonymisation, or blocking of data processed in violation of law, including those that need not be retained for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, also regarding their content, to those to whom or to which the data were communicated or disclosed, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
8.4. oppose, for legitimate reasons, wholly or in part the collection of their personal data, even if pertinent to the purpose of collection.
Where applicable, you also have the rights under Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to limit processing, right to data portability, right to object), as well as the right to complain to the Guarantor.
9. Methods of exercising rights
You can exercise your rights at any time by sending a notice:
9.1. by e-mail to the following address: email@example.com
9.2. or by mail A.R., a:
PIGRES S.U.R.L., Via dei Balestrari, 15 00186 Rome (RM) Italy
10. Data controller, manager and appointees
The Data Controller is PIGRES S.U.R.L..
The updated list of data processing officers and processors is retained and may be consulted at the offices of the Data Controller.