Change area
Search Change country/language
Company

Newsletter
Signup

Receiving updates about our products and services is easy: just fill the form below and we will periodically send you the newsletter with the latest news from Gerotto's world.

Signup form

Signup form

Informativa trattamento dati personali

Information Notice Pursuant to Article 13 of European Regulation 2016/679
On the Processing of Personal Data

Information notice directed to interested parties - sending Newsletter-

 

In accordance with the European Regulation 679/16 EU Reg., we hereby provide you with the necessary information regarding the processing of personal data that you have provided.  This information is provided pursuant to Art. 13 of the European Regulation on the protection of personal data.

1.   The "Holder of the Treatment" 

This is the company Gerotto Federico s.r.l., P.I. 003089900281, with registered office in Via Croce n. 26, Campodarsego (PD), e-mail address: privacy@gerotto.it.

The treatment will be carried out with both manual, computerized and telematic tools, in compliance with the rules in force and the principles of correctness, lawfulness, transparency, relevance, completeness and non-excess, accuracy and with organization and processing logics strictly related to the purposes pursued, and in any case in order to ensure the security, integrity and confidentiality of data processed, in compliance with organizational, physical and logical measures provided for by the provisions in force.

For the purposes expressed in this information, only non-special personal data will be processed. In order to use the services offered or to make requests, it may be necessary to register by filling in a special registration form ,or by first contact. 

2.    Purpose of the treatment, legal basis

The personal data provided will be processed, in compliance with the conditions of lawfulness ex art. 6 of Reg. UE 2016/679, for the following purposes: forwarding of newsletters, related to events, exhibitions, promotion of services and promotional communications in general.

The express consent of the Interested party is the legal basis for the treatment, pursuant to art. 7 of Reg. EU 2016/679. The procedures for revoking the consent are very simple and intuitive, it is sufficient to contact the Data Controller by using the contacts provided in this Information notice. 

3.   Data transfer outside the EU and guarantees

Personal data will normally not be transferred to countries outside the European Union If there is a need to transfer them to a country outside the EU, the data will be transferred to third countries and/or international organizations for which the European Commission has intervened with an adequacy decision (art. 45 Reg. EU 2016/679). 

4.   Data storage period or criteria for determining the period

The collected personal data will be stored in a form that allows the identification of the interested party for a period of time not exceeding the achievement of the purposes for which the personal data are processed. In particular, the storage of personal data provided depends on the purpose of processing: for the purpose of  requesting to receive the newsletters via e-mail, the storage period will be twenty-four (24) months.

 

5.   Who will process the Interested party’s personal data and to whom they will be communicated 

No data will be disclosed in any way. Your data may be communicated to specific recipients such as public authorities or public bodies for the fulfilment of legal obligations to which the Data Controller  is subject, and any other public body entitled to request data, in the cases provided for by law or persons authorized to process such data under the authority of the Data Controller, as well as through data controllers linked to the Data Controller by specific contract, for example: companies that provide services for the management of the computer system and telecommunications networks and consultancy to the Data Controller. The updated list with the identification details of the Data Processors may be requested at any time by you from the Data Controller.

6.   Transfer of personal data outside the EU

Your data will be processed by the Data Controller within the territory of the European Union. In the event that for technical and/or operational reasons it becomes necessary to make use of parties located outside the European Union, the transfer of personal data, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulation. All necessary precautions will therefore be taken in order to guarantee the most complete protection of your data by ground such transfer on the basis on: (i) decisions of adequacy of the third country recipient expressed by the European Commission; (ii) adequate guarantees expressed by the third party recipient pursuant to Article 46 of the Regulation; (iii) the adoption of binding corporate rules. 

7.  With respect to the rights of the Interested party: Articles 15, 16, 17, 18, 19, 20, 21 and 77 of the
      GDPR. 

We inform you that you have the right to access your personal data, to rectify, to delate and, if necessary, to be forgotten, to limit the processing of your personal data, to transfer your data and to object at any time to the processing of your personal data. We also inform you that you have the right to revoke your consent to the processing of your data at any time, without prejudice to the lawfulness of the processing based on the consent given prior to revocation (Art. 7 paragraph 3 of the GDPR). Pursuant to Article 77 of the Regulation, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are habitually resident, working or in the place where the alleged breach occurred. In order to exercise your rights or for any request or need relating to this information notice, please contact us at the following e-mail address: privacy@gerotto.it.

To learn more about your rights and the policy on the Protection of Personal Data of the company Gerotto Federico s.r.l. you can access the Privacy section of the company website and consult the Privacy Policy (https://www.gerotto.it/home/Privacy.aspx).

 

The Data Controller 

Gerotto Federico s.r.l.

Privacy policy on Personal data treatment

Gerotto Federico S.r.l.

Following its mission and values, Gerotto Federico S.r.l. undertakes to protect all natural persons data with due regard for identity, human dignity and fundamental freedoms stated by Constitution in line with Regulation EU 679/2016 (hereinafter “GDPR”) regarding the processing of human subject’s personal data and the free move of such data.

 

Who we are

The “Controller” is Gerotto Federico S.r.l., VAT registration number 003089900281 with its registred office in Via Croce n. 26, Campodarsego (PD), email address: privacy@gerotto.it.

 

Our Policy

Data protection is based on principles contained on this document which Gerotto Federico S.r.l. undertakes to spread, respect and make them respect to its employees, associates and recipients or third parties with which it work as part of its activities and mission.

Gerotto Federico S.r.l. ensures, implements and supports privacy policy in relation to its practical reality, its investment opportunities and above all its values.

In particular, Gerotto Federico S.r.l. undertakes:

  • To communicate and spread its policy regarding data protection;
  • To listen to all data subjects, partners, employees, associates, investors, promoters, recipients, suppliers, providers, in line with their instances about personal data protection and getting instant feedback;
  • To process personal data in according with the principles of lawfulness, fairness and transparency in line with constitutional principles applicable, in particular, regarding the new Regulation EU 679/2016 and as long as necessary for the purposes provided, included for the compliance with legal obligations;
  • To collect personal data limited to what is necessary to realize the activities (data minimisation);
  • To process personal data following the principle of transparency and in relation to the purposes stated by the policies;
  • To update and ratify personal data process in order to ensure the accuracy and updating of data;
  • To store and protect personal data collected with the best available techniques by using service contracts with suppliers which guarantee the protection of all data subjects;
  • To ensure the continuous updating of the security measures of data protection. Gerotto Federico S.r.l. will constantly respect this commitment accordingly with principle of accountability, by implementing appropriate technical and organisational measures as well as appropriate privacy policy in order to demonstrate the compliance with the GDPR in accordance with the state of the art, kind of personal data stored and the risks incurred.
  • To clarify the personal data processing and storage in order to ensure an appropriate security;
  • To provide education and give partners information, in relation to the role performed, regarding the principles of lawfulness, fairness with which this privacy policy must comply as well as the safety measures adopted.
  • To promote the development of accountability and awareness of the entire organisation for personal data, as data subjects property;
  • To ensure the respect of law and current regulations concerning personal data protection;
  • To prevent and minimise, compatible with enterprise resource, the impact of potential breaches or unlawful/harmful data processing;
  • Gerotto Federico S.r.l. promotes the inclusion of the privacy policy on the improvement plan the organisation pursues with its management systems.

 

The present privacy policy will bring to all the employees, partners, associates attention through specific outreach meetings.

 

Why this policy and who are the addressee

 

This policy is addressed to www.gerotto.it users (“website”) and to all human data subjects in relation to their business (hereinafter data subject and user).

The access to different website divisions and/or any other requests of information or services by users will be subjected to inclusion of personal data whose processing will be done in compliance with GDPR.

For the use of specific services, specific policies will be provided to the user from time to time as well as specific consents will be asked, if necessary, for the personal data processing. 

The current policy is given specifically for the website and not for other websites consulted by users through links recalled inside the present website.

 

Definition

The term personal data is referred to the definition contained in article 4, par. 1) of GDPR, namely, any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

GDPR statues that, before personal data has been processed (following article 4, par. 2) of GDPR), processing means any operation or set of operation which is performed on personal data or on sets of personal data, whether or not by automated or alternation, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available alignment or combination, restriction, erasure or destruction) it is necessary to inform the subject which required data belongs about purposes, reasons of the data processing and the way  in which they are used. 

Personal data shall be communicated to subjects, “recipients”; art. 4 par. 9) of GDPR defines recipients as a natural or legal person, public authority, agency or another body, to which personal data are disclosed, whether a third party or not.

Personal data shall be communicated to specific subjects (authorized subject as laid down in art. 4 par. 10 of GDPR) considered as natural or legal person, public authority, agency or body other than the data subject, controller, processor and person who, under the direct authority of the controller or processor, are authorised to process personal data. 

Inter alia, following art. 4 par. 9 if GDPR, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

In this regard, the aim of current document is to supply, in a simple and intuitive way, all due and useful information in order to ensure the promoter providing, consciously and informed, personal data and requiring/achieving explanation and/or correction at any time.

 

Categories of personal data and processing

Navigation data

Computer systems and programs responsible for this portal functioning get personal data which transfer occurs implicitly in respect of web communication protocol, according to their operations and for as long necessary for the connection.

The information are collected in order to combine them with data subjects but, because of their nature, they would identify visitors (e.g. IP address), domain names of terminals used, requests scheduled, etc. 

Data, immediately erased after their processing, are used limitedly for the purpose of obtaining anonymous statistic information about web usage and to control their proper functioning. Web contacts details are not stored for no longer than 7 days, unless potential cybercrime against websites.

No data of the service will be communicated or spread.

Data subject is invited to read privacy policy contained in the Privacy section of the website in order to get more information about this matter.

 

Contact details given by user

The dispatch, optional, explicit and voluntary of personal data required to have access to services and get requests by email, means the subsequent purchase by the controller of sender’s addressee and any other personal data which will be processed to answer the requests or the service supply as well as for making linked activities and respect legal obligations (e.g. about tax matters). Total, partial or incorrect data transfer will determine not only the impossibility on using required services but also, in some cases, to fulfil legal duties.  

In order to enjoy services presented, it should be necessary to register by filling an appropriate registration or first contact form (“Form”).

Data transfer stated inside the abovementioned form is required in order to complete registration process specifically for data marked with asterisk (*); consequently, total, partial or incorrect data inclusion overturns the registration and therefore doesn’t allow enjoy the services.

Personal data will be processed both with manual, informatics and telematics systems in compliance with current legal obligations and principles of lawfulness, fairness, transparency, completeness and non-exceed, minimisation of data and accuracy with organisation and processing strictly linked with the aims pursued and, however, in accordance with current organisational, physical and logical measures. Such measures will be implemented and increased following technologic development in order to guarantee protection, availability and integrity of data processed.

Purposes of the processing and legal basis 

User navigation data are proceeded limitedly for obtaining statistic information about website usage.

Regarding data given by the user, they are collected with the only aim of enjoying the services accordingly with the privacy policy released in the appropriate sections i.e. requesting by email in order to reflect the requests received.

The processing of data given by filling of the first contact form and subsequent steps in the processing compared to the selection of the project is made following the aim of:

 

  • Giving any kind of support in order to answer user requests; 
  • Choosing the call for tender of service and draw up the related budget;
  • Choosing the provision of a service and asking related budget;
  • Managing the request of the provision of a service in towards all its steps, even contractual;
  • Communicating and updating services, sending newsletter or promotional information, seminar/webinar invitations, related to controller business;

 

Legal basis of processing shall be identified pursuant to art. 6 of GDPR among:

 

  • Precontractual and contractual obligations as part of the implementation of the contract; 
  • Legal obligations that the controller is subjected;
  • Consent in case of activities with information and promotional purposes;
  • Necessity of pursue a legitimate interest (e.g. the right of defence) of the controller; 

 

Automated decision-making

 

The controller states he does not adopt decision likely to affect data subject based only on automated processing of his personal data. All the decision-making process involved with purposes of the abovementioned processing are made by human intervention.

 

Disclosure of personal data

 

Personal data shall be disclosed to specific subject considered as recipients or authorized subjects under the authority of the controller. In this sense, in order to carry out the activities necessary to achieve the purposes stated in the current privacy policy, these following recipients should be in a position to process personal data with:

 

  • Third parties who are part of the activity of processing and/or activities linked and open to the same on behalf of the controller such as people, companies, associations, professional firms, based on EU, responsible for carrying out services, assistance activities and/or consulting against the controller. The abovementioned parties are basically included in these categories: (a) subjects linked with the controller by cooperation agreements, (b) subjects of the sector; (c) credit institutions involved in the provision of services; (d) consultants;
  • Employees and/or associates of the controller who carry out functions involved in the activity of the controller and has received appropriate directives concerning security and use of his personal data; 
  • Public authorities or bodies in accordance with the fulfilment by the controller of the legal obligations and any other public subject entitled to require data in the cases provided by law;
  • When required by law or in order to prevent and repress crimes, personal data would be disclosed to public authorities or judicial authorities. Inter alia, following what stated by art. 4 par. 9) of GDPR, public authorities which may receive personal data in the framework of particular inquiry in accordance with Union or Member State law shall not be regarded as recipients;

 

Personal data will be processed only for the achievement of the specific purpose; consequently personal data processed by third parties will be limited to specific aims. Personal data will not be disclosed.

 

International transfer of data

 

Your personal data will be processed inside EU territory. If subjects based outside EU will be necessary for data processing, the transfer of Your data, limited to specific processing activities, will be regulated in compliance with what stated in par. V of GDPR. All the due precautions will be adopted in order to guarantee the maximum protection of Your personal data basing the processing: (i) on adequacy decisions of third countries recipient stated by European Commission; (ii) on appropriate guarantees expressed by third party recipient following art. 46 of GDPR; (iii) on the adoption of binding obligations for the company.

 

Storage period

 

One of the principles provided by the GDPR concerns the limitation of the storage period, regulated by art. 5, par. 1, pt. e) that statues as follow:  personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which the personal data are processed; personal data may be stored for no longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical purposes or statistical purposes in accordance with article 98 (1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject. In the light of this principle, the controller will process Your personal data limited on what it is necessary for the achievement of the purposes stated by this privacy policy. In particular, personal data will be processed for no longer than the end of the current precontractual and contractual relationships, considering the period of limitation and storage obligations provided by tax law and any other obligations stated by laws, regulations, and, consequently, principle of non-exceed (art. 6 of GDPR) will be applied. In this case, personal data will be stored for no longer than 10 years, that is the term provided by civil law.

 

Marketing communication and the withdrawal of consent

 

The controller will process personal data given and referred to promotional purposes in order to send other information linked with their activities and products supplied by the controller himself. Such communication shall be made by email, mobile phone, i.e. advertising products in the homes’ subject. Specific consent may be necessary for this specific purpose (art. 6, par. a) GDPR.

Marketing communication activities will not be processed without specific consent for this purpose. 

Personal data released for the abovementioned purposes will be stored for no longer than 10 years and, anyway, until the withdrawal of Your consent. As GDPR requires, when the subject gives the consent for the personal data processing for one or more of the purpose for which it is required, he will be able to revoke it totally/partially without prejudice for the lawfulness of the processing based on released consent before the withdrawal at any time.  

The procedures for withdrawing the consent are simple and intuitive: it is necessary to contact the controller and/or the joint controllers by using contacts set out in this policy.

In addiction and for simplicity, when You receive emails by the controller that are not of Your concern anymore, You will not receive any other communication by clicking on the button unsubscribe set at the bottom of the same or through the contacts for which the consent has been collected (SMS, mail, email, phone calls, social media). 

 

Rights of the data subjects

 

As stated by art. 15 of GDPR, data subject shall have the right to access his personal data, to obtain the rectification and updating, if incomplete or incorrect, to obtain the erasure when the collecting has been done unlawfully, to object to the processing of any personal data for specific and legal reasons.  

In particular, the rights you can exercise at any moment against the controller are the following: 

 

  • Right of access (Article 15 GDPR): data subject has the right to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: (a) the purposes of the processing; (b) the categories of personal data; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence for the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a compliant with a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source; (h) the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) and, at least, in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • Right to rectification (Article 16 GDPR): the data subject shall have the right to obtain from the controller the rectification of inaccurate personal data. Taking into account the purposes of the processing, the data subject shall have the right to have the incomplete personal data completed, including by means of providing a supplementary statement. 
  • Right to erasure (Article 17 GDPR): data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which the were collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2), and where there is no other legal ground for the processing; (c) the data subject object to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2); (c) the (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subjected; (e) the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1). Where the controller has made the personal data public ad is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. 
  • Right to restriction of processing (Article 18 GDPR): the data subject shall have the right to obtain from the controller restriction of processing where one of the applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing pursuant to Article 21 (1) pending the verification whether the legitimate grounds of the controller override those of the data subject. Where the processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. 
  • Right to data portability (Article 20 GDPR): the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used  and machine readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided providing written authorisation.
  • Right to object (Article 21 GDPR): data subject shall have the right to object at any time to processing of personal data when the processing is realize in order to achieve the purpose of marketing, included profiling in so far as it is linked to direct marketing
  • Right to lodge a complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation. 

 

The data subject shall exercise the abovementioned right by addressing the controller.

Requests, in accordance with Article 15 of GDPR, shall be addressed to Gerotto Federico S.r.l., Sgr S.p.A. Piazza de Gasperi, 41, Padova or by email as set out in the contact section. Furthermore, You shall consult the “privacy policy section” if the website where you may find all the information concerning our policy about personal data Processing applied by the controller, usage and processing of data, updated information about contacts and communication channels available for the data subject from the controller.

 

Contacts 

You can contact the controller to the mail address: privacy@gerotto.it. For any other request or need the data subject may send a communication to Gerotto Federico S.r.l., via Croce n. 26 (PD), email address privacy@gerotto.it. The updated list of the processors is available upon request. Furthermore, You may consult inside privacy policy section of the website all the information about policy applied by the controller on personal data, updated information about contacts and communication channel available for the data subject from the controller. 

 

The controller

Updated version of the privacy policy to May 2018

 

 

 

 

Terms and conditions

INFORMATION NOTICE PURSUANT TO ARTICLE 13 OF EUROPEAN REGULATION 679/16 (GDPR)

ON THE PROCESSING OF PERSONAL DATA

 

Information notice directed to interested parties - contact form requests-

 

In accordance with the European Regulation 679/16 EU Reg., we hereby provide you with the necessary information regarding the processing of personal data that you have provided. This information is provided pursuant to Art. 13 of the European Regulation on the protection of personal data.

1. The "Holder of the Treatment"

This is the company Gerotto Federico s.r.l., P.I. 003089900281, with registered office in Via Croce n. 26, Campodarsego (PD), e-mail address: privacy@gerotto.it.

The treatment will be carried out with both manual, computerized and telematic tools, in compliance with the rules in force and the principles of correctness, lawfulness, transparency, relevance, completeness and non-excess, accuracy and with organization and processing logics strictly related to the purposes pursued, and in any case in order to ensure the security, integrity and confidentiality of data processed, in compliance with organizational, physical and logical measures provided for by the provisions in force.

For the purposes expressed in this information, only non-special personal data will be processed. In order to use the services offered or to make requests, it may be necessary to register by filling in a special registration form ,or by first contact.

2. Purpose of the treatment, legal basis

The personal data provided will be processed, in compliance with the conditions of lawfulness ex art. 6 of Reg. UE 2016/679, for the following purposes:

A: to respond to your requests for contact and information, to send offers regarding the products and services requested to the Data Controller and to carry out all communication activities always linked to respond to your requests for contact and offer.

B: to send promotional communications, offers and corporate advertising material.

C: to profile, with the express consent of the interested party, his/her behaviour, habits and propensity for additional services offered in order to improve services.

D: legitimate interests of the Data Controller, such as the right of defence in court.

For the purposes of letter A, the legal bases are the contractual or legal obligations to which the Data Controller is subject or the legitimate interest of the latter. The Personal Data provided are necessary to supply the services and all the activities related to the execution of the contract, as well as to comply with the applicable laws, failure to provide them, even partially or incorrectly, could make it impossible to fulfill the contractual obligations and the law. The legal basis for the purposes referred to in letters B, C is the prior express consent of the interested party. These communications may be made by sending e-mails, by telephone, or by sending advertising material, by message or even through social networks. Failure to give consent for these specific purposes has the sole consequence of not being able to carry out the activities of commercial communication, sending newsletters or profiling. Failure to give consent for these specific

purposes has the sole consequence of not being able to carry out the activities of commercial communication. The data provided for the above purposes will be stored for the period necessary for each purpose and, in any case, until the consent of the interested party is revoked. In fact, as provided for by the EU Regulation, if the Interested Party has given his consent to the Treatment of Personal Data for one or more purposes for which it was requested, he may, at any time, revoke it in whole and/or in part without prejudice to the lawfulness of the Processing based on the consent given before revocation.

The procedures for revoking the consent are very simple and intuitive, just contact the Data Controller using the contact channels provided in this information notice.

The legal basis for the purpose referred to in letter D is the protection of the legitimate interests of the Holder including the defense in court. Also in this case, the principle of non excess will be applied, in relation to the timing of the judicial defense.

In summary, it should be noted that:

For purposes A and D, the consent of the interested party is not required, while for purposes B, C consent will be required, which remains revocable at any time.

 

3. Data transfer outside the EU and guarantees

Personal data will normally not be transferred to countries outside the European Union. If there is a need to transfer them to a country outside the EU, the data will be transferred to third countries and/or international organizations for which the European Commission has intervened with an adequacy decision (art. 45 Reg. EU 2016/679).

4. Data storage period or criteria for determining the period

Personal Data will be processed for a period of time equal to the minimum necessary, i.e. until the termination of any pre-contractual and contractual relations in place with the Data Controller, taking into account the terms of legal prescription, the data will be stored for no more than 10 years from the end of the relationship that coincide with the civil terms, except for the time necessary for the protection of the legitimate interests of the Data Controller. In any case, the principles of necessity, proportionality and not excess will be applied.

5. Who will process the Interested party’s personal data and to whom they will be communicated

No data will be disclosed in any way. Your data may be communicated to specific recipients such as public authorities or public bodies for the fulfilment of legal obligations to which the Data Controller is subject, and any other public body entitled to request data, in the cases provided for by law or persons authorized to process such data under the authority of the Data Controller, as well as through data controllers linked to the Data Controller by specific contract, for example: companies that provide services for the management of the computer system and telecommunications networks and consultancy to the Data Controller. The updated list with the identification details of the Data Processors may be requested at any time by you from the Data Controller.

6. Transfer of personal data outside the EU

Your data will be processed by the Data Controller within the territory of the European Union. In the event that for technical and/or operational reasons it becomes necessary to make use of parties located outside the

European Union, the transfer of personal data, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulation. All necessary precautions will therefore be taken in order to guarantee the most complete protection of your data by ground such transfer on the basis on: (i) decisions of adequacy of the third country recipient expressed by the European Commission; (ii) adequate guarantees expressed by the third party recipient pursuant to Article 46 of the Regulation; (iii) the adoption of binding corporate rules.

7. With respect to the rights of the Interested party: Articles 15, 16, 17, 18, 19, 20, 21 and 77 of the GDPR.

We inform you that you have the right to access your personal data, to rectify, to delate and, if necessary, to be forgotten, to limit the processing of your personal data, to transfer your data and to object at any time to the processing of your personal data. We also inform you that you have the right to revoke your consent to the processing of your data at any time, without prejudice to the lawfulness of the processing based on the consent given prior to revocation (Art. 7 paragraph 3 of the GDPR). Pursuant to Article 77 of the Regulation, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are habitually resident, working or in the place where the alleged breach occurred. In order to exercise your rights or for any request or need relating to this information notice, please contact us at the following e-mail address: privacy@gerotto.it.

To learn more about your rights and the policy on the Protection of Personal Data of the company Gerotto Federico s.r.l. you can access the Privacy section of the company website and consult the Privacy Policy (https://www.gerotto.it/home/Privacy.aspx).

 

The Data Controller

Gerotto Federico s.r.l.