Report on personal data processing, according to article 13, D. Lgs. June 30, 2003, No.196
In compliance with what expressed by PERSONAL DATA PROTECTION CODE Legislative Decree no. 196 dated 30 June 2003, we hereby supply you all due information concerning the purposes and methods for your personal data processing, that will be processed on the basis of the principles of fairness, lawfulness and clarity to safeguard your privacy and rights.
Purposes of data processing
For applying the provisions concerning the protection of personal data, a processing operation performed for administrative and accounting purposes shall by any processing operation that is related to the performance of organizational, administrative, financial and accounting activities irrespective of the nature of the processed data. The said purposes apply, in particular, to in-house organizational activities, the activities aimed at fulfilling contractual and precontractual obligations, managing employer-employee relationships, keeping accounting records, and implementing the legislation on taxation, trade unions, social security and welfare, and occupational health and safety.
Methods of data processing – Data retention
The data processing will be carried out automatically and / or manually, by authorized personnel, with means and methods that will guarantee maximum security and confidentiality. The data will be kept for a period not exceeding the purposes for which the data were collected and subsequently processed.
Ambit of communication and diffusion
Your processed data will not be diffused. They could instead be conveyed to societies related and / or associated to FEMA Srl or Vrv Spa, abroad and within legal boundaries to third parties belonging to the following categories:
- Suppliers of services related to the management of the informative system used by FEMA Srl, and networks (including email);
- Suppliers of services related to the acquisition, registration and processing of data taken from documents, or supports supplied and created by the clients with the object of massive operations related to payments, effects, cheques and other titles;
- Suppliers of services related to the transmission, enveloping, transport and delivery of communications for the clients;
- Suppliers of services related to the customer care (e.g. call center, help desk etc.);
- Studies and societies in the ambit of assistance and consultancy;
- Subjects that carry out operations of control, revision and certification of the activities performed by Fema Srl, even in the customers’ interests.
The subjects belonging to the above categories are to be considered Data processor for the data processing, or as acting independently as distinct Data Controllers for the data processing. The list related to these subjects, constantly updated, is available at Fema Srl. Any further communication and diffusion will be subject to your previous approval.
Nature of underwriting
Your data underwriting is optional, in absence of which Fema Srl, might find it impossible to supply the services, necessary to contractual, accounting and fiscal obligations. The Data Controller also notifies that, any missing or incorrect communication of the obligatory information might mainly cause the following consequences:
- The impossibility for the Data Controller to guarantee the respect of the contractual agreements related to the data processing;
- The possible incompatibility of the data processing results with the fiscal and administrative regulations or with the operations for which the data is required;
You can claim your rights according to art. 7,8,9 and 10 of D.Lgs. June 30 2003 No.196, applying to the Data Controller (or to the Data processor subject, if mentioned) of the data processing. Lastly, we inform that art.13, of the here referred-to law, provides the interested persons with the possibility to claim specific rights. Moreover, the interested person can obtain from the data processing Data Controller:
- The acknowledgment of the existence or non-existence of data pertaining to him, even if not yet registered, and the request that the data be made available to him in an intelligible form;
- To be informed about the data source, as well as the processing logic and purposes;
- The cancellation, the transformation in anonymous form or the amount of data being processed in violation of the law, as well as the data updating, correction or implementation.
For legitimate reasons, the interested person can also object to the processing of his own data, especially in those cases where data is conveyed for business reasons or advertising material despatch, direct sales or marketing research.
Section 7 (Right to Access Personal Data and Other Rights)
1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.
2. A data subject shall have the right to be informed a) of the source of the personal data;
b) of the purposes and methods of the processing;
c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2);
e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3. A data subject shall have the right to obtain:
a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4. A data subject shall have the right to object, in whole or in part, a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
Data Controller is: FEMA Srl, legal representative Pierangelo Scaglia.
Via Tibet, 5 – 21052 Busto Arsizio (Varese) Italy
Date 14th July 2014.