Report on processing personal data
Pursuant to European Regulation 2016/679 of the European Parliament and Council of 27 April 2016
Concerning the protection of natural persons with regard to the processing of personal data (in short “GDPR”)
Amitaly s.r.l (hereinafter “Amitaly”), in the person of its pro-tempore legal representative, provides you with this notice pursuant to Art. 13 of the GDPR (in short “Notice”) in its role of Controller of the personal data directly collected from the interested party.
In any case, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be guaranteed by taking all technical and organisational measures necessary to guarantee their security.
A) Identity and contact information of the Controller
Sede legale in Corso trieste 171 RM 00191
Codice Fiscale e Partita I.v.a. 13913581008
Tel 0689534133– firstname.lastname@example.org
B) Purpose of the processing the personal data will undergo and relevant legal basis
Your personal data will be processed
(ii) with your consent (Art. 7, GDPR) for the following purposes:
- Sending newsletters and sales notifications by email, various kinds of marketing activities.
The granting of data for the purposes explained in foregoing section (ii) is optional, with the consequence that you may decide to not give your consent, or to revoke it at any time.
C) Categories of recipients of the personal data
For the purposes explained in the foregoing paragraph, the personal data you have given may be disclosed or made accessible:
- To employees and collaborators of the Controller in their capacity of staff authorised to process the data (or “data processing operators”);
- To third parties outsourced to perform the activity on behalf of the Controller in their capacity of Data Processors, including:
- Suppliers of services for managing the IT system and the telecommunications networks and the company appointed to manage the e-commerce, suppliers of services to manage the filing of the hard copy and/or electronic documents, suppliers of services to managing customer service activities, also through websites (e.g. call centers, help desks, etc.), suppliers of services to manage sales communication activities;
- To judicial or supervisory authorities, administrations, entities and public bodies (national and foreign);
D) Storage and transfer of personal data abroad
Personal data are managed and stored in the cloud and on servers located inside and outside the European Union owned by and/or available to the Controller and/or owned by and/or available to appointed third parties duly appointed Data Processors.
Your personal data will not be transferred or disclosed.
E) Period of storage of the personal data
The personal data collected for the purposes explained under foregoing paragraph (B) shall be processed and stored for the time necessary to fulfil said purposes and however for a period no longer than 24 months from the date we receive your consent.
After this storage period has elapsed, the data will be destroyed or made anonymous.
F) Exercisable rights
In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights specified by simply sending a request by email to the Controller’s address email@example.com and in particular:
- Right of access – Obtain confirmation that processing of personal data concerning you is or is not in progress and, if so, receive information particularly concerning: purpose of processing, categories of personal data processed and storage period, recipients to whom they might be disclosed (Art. 15, GDPR),
- Right to correction – Obtain, without unjustified delay, correction of the incorrect personal data concerning you and the addition of incomplete personal data (Art. 16, GDPR),
- Right to erasure – Obtain, without unjustified delay, erasure of the incorrect personal data concerning you in those cases provided for by the GDPR (Art. 17, GDPR),
- Right to restriction – Obtain restriction of the processing in those cases provided for by the GDPR (Art. 18, GDPR)
- Right to portability – Receive the personal data concerning you in a structured format of common use readable by an automatic device, and obtain their transfer to another controller without impediments in those cases provided for by the GDPR (Art. 20, GDPR)
- Right to object – Objection to the processing of personal data concerning you, unless there are legitimate reasons for the Controller to continue the processing (Art. 21, GDPR)
Right to make a complaint to the control authority – Make a complaint to the Privacy Guarantor, Piazza di Montecitorio no. 121, 00186 Roma