Pursuant to Article 13 of Regulation (EU) 679/2016 as subsequently amended and supplemented (“GDPR”) and to the Italian and European laws and regulations complementing it, as subsequently amended and supplemented (“Privacy Applicable Law”), and in relation to your personal data (the “Data”), this information notice provides for the following.
1 – DATA CONTROLLER
The Data Controller is A.ST.I.M. Srl, with registered office in Ravenna, Via Comacchio no. 19.
2 – PURPOSE OF DATA PROCESSING
The Data processing:
A) Is aimed at the completion by the Data Controller of the operations to be performed for purposes that are strictly connected with and/or necessary to the fulfillment of the requests submitted, from time to time, by the user through the website http://www.astim.it/en/ (the “Requests” and the “Website”, respectively) and/or by e-mail. In this regard, for restricted area login, you may be requested to enter your Data for registration;
B) May also be aimed at providing commercial information on the services carried out by the Data Controller and/or by its associated companies and/or in collaboration with A.ST.I.M. Srl;
C) May be aimed at compliance with obligations required by law or applicable regulations, as well as by decisions and guidelines issued by the competent supervisory and control authorities/bodies.
3 – MODALITIES OF DATA PROCESSING
A) Will be processed in the manners and according to the procedures that are strictly necessary to meet the Requests and through the operations or set of operations set out in Article 4, paragraph 1, number 2 of the GDPR;
B) Will be also processed by using electronic or automated tools. In this regard, please note that the Data will be stored in paper archives and in electronic archives located both in the Head office in Via Filippo Re 15/A – 48124 Ravenna (Italy);
C) Will be also processed by using fax, e-mail or any other remote communication technique. The Data Controller also uses the same methods when it discloses the Data to third parties for these purposes, as detailed in paragraph 6 below.
4 – PROVISION OF THE REQUESTED DATA AND LEGAL BASIS OF DATA PROCESSING
Without prejudice to the data subject’s rights, the provision of Data may be:
A) Required by Law or Regulation with regard to the purposes referred to in paragraph 2, letters (a) and (c) above;
B) Optional, with regard to the purposes referred to in paragraph 2, letter (b) above. In this case, the Data will be processed with the prior consent of the data subject, required through specific pages of the Website from time to time.
5 – REFUSAL TO PROVIDE DATA
Should you refuse to provide your Data or to give your consent, if required, to their being processed:
A) In the cases referred to in paragraph 4, letters (a) and (c) above, this will make it impossible for the Data Controller to meet the Requests;
B) In the case referred to in paragraph 4, letter (b) above, this will make it impossible to provide you with the commercial information regarding the services provided by the Data Controller and by its associated companies.
6 – TRANSMISSION OF DATA
A) For the purposes referred to in paragraph 2, letters (a) and (c) above, or for the discharge of specific obligations required by law, the Data may be transmitted to other subjects and specifically to advisors that help the Data Controller to meet the Requests (e.g., law and tax firms);
B) For the purposes referred to in paragraph 2, letter (b) above, the Data may also be transmitted to associated companies.
7 – DISSEMINATION OF DATA
The Data will not be disseminated.
8 – TRANSFER OF DATA ABROAD
With reference to the purposes referred to in Article 2 above, the Data will not be transferred to non-EU countries.
9 – DATA SUBJECT’S RIGHTS
9.1 – With regard to the Data in our possession, please be informed that you are entitled to exercise the rights provided for by the Privacy Applicable Law. Specifically, you are entitled:
A) To obtain confirmation from the Data Controller as to whether or not Data relating to you exist; to be informed of their origin, the reasons for and the purposes of the Data processing, of the categories of subjects to whom the Data may be transmitted, as well as of the Data Controller’s and Data Processor’s identification details;
B) To obtain access to Data, change into anonymous form, blocking, amendment, integration or erasure, limitation of Data processing;
C) To object to the processing of Data in the cases provided for by the Privacy Applicable Law;
D) to exercise the right to Data portability, within the limits provided for in Article 20 of the GDPR;
E) To withdraw the consent (where this is the necessary legal basis of the Data processing) at any time without prejudice to the lawfulness of the Data processing based on consent before its withdrawal;
F) To lodge a complaint with the Data Protection Authority, in accordance with the procedures and the decisions and guidelines published on the official website of the Italian Data Protection Authority www.garanteprivacy.it.
9.2 – Any corrections, erasures or limitations of Data processing carried out upon your request – unless this proves impossible or involves a disproportionate effort – will be transmitted by the Data Controller to each of the recipients to whom the Data have been disclosed. If you request it, the Data Controller may inform you of such recipients.
9.3 – In order to exercise the rights indicated in paragraph 9.1 above, as well as for any communications, requests or reports regarding data privacy, you can send an email to the Data Controller of A.ST.I.M. Srl, to the following contact details: firstname.lastname@example.org
If you want to be informed of any changes or amendments to the data protection policies applied by A.ST.I.M. Srl, mainly resulting from regulatory developments, please consult this document on an ongoing basis.