NOTICE AS PER ARTICLES 13-14 OF THE GENERAL DATA PROTECTION REGULATION (GDPR) (EU) 2016/679
we would like to inform you that the EU Regulation 2016/679 (General Data Protection Regulation) establishes norms on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
In compliance with Article 13 of the Regulation, we therefore provide the following information:
1. Identity and contact details of the controller
BOARETTO E ASSOCIATI S.r.l.
Registered Office: via Ospedale 9, 30174 Venezia – Mestre
Main Office: via Rampa Cavalcavia 1, 30172 Venezia – Mestre
2. Purposes of and legal basis for the processing for which the personal data are intended
The processing of the personal data provided by you is solely finalised at fulfilling our contractual obligations and your specific requests, as well as the regulatory obligations, in particular those related to accountancy and taxes.
3. Period for which the personal data will be stored
The data will be processed throughout the duration of the contractual relationship, as well as afterwards for the fulfilment of all legal obligations.
4. Modalities for the processing of data
Your data are processed electronically and on paper for the aforementioned purposes. The processing operations are carried out in such a way as to guarantee the logical and physical security and the confidentiality of your personal data.
5. Nature of the personal data
The processed data are your personal data concerning the performance of the service requested.
6. Mandatory or optional nature of data provision
The provision of data is mandatory for all that is required by legal and contractual obligations, and therefore any refusal to supply them in whole or in part may give rise to the impossibility for the Company to execute the contract or to correctly fulfil all the obligations, such as those related to tax, insurance, accountancy or however related to the contractual relationship.
7. Scope of data provision and dissemination
Without prejudice to communications made in compliance with legal and contractual obligations, the data collected and processed can be communicated, exclusively for the purposes specified above, to:
- our authorised collaborators;
- credit institutions, commercial information companies, debt collection companies and credit insurance companies;
- freelance professionals and consultants;
- software houses;
- assistance / maintenance companies.
8. Rights of the data subject
8.1 Article 15 (right of access) of GDPR 2016/679
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
8.2 Article 16 (right to rectification) of GDPR 2016/679
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
8.3 Article 17 (right to erasure) of GDPR 2016/679
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to point a) of Article 6(1), or point a) of Article 9(2), and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
8.4 Article 18 (right to restriction of processing) of GDPR 2016/679
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
8.5 Article 20 (right to data portability) of GDPR 2016/679
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
- the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
8.6 Article 21 (right to object) of GDPR 2016/679
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point e) or f) of Article 6(1), including profiling.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
9. Right to withdraw the consent and to exercise the rights in Paragraph 8
You have the right to withdraw your consent to the processing of your personal data by sending a registered letter to the following address:
via Ospedale 9, 30174 Venezia – Mestre
accompanied by a photocopy of your identity document, with the following text: “withdrawal of consent to the processing of all my personal data”. At the end of this operation your personal data will be removed from the archives as soon as possible.
If you would like more information on the processing of your personal data, or exercise the rights referred to in paragraph 8 above, you can send a registered letter to the following address:
via Ospedale 9, 30174 Venezia – Mestre
Before we can provide you, or amend, any information, we may need to verify your identity and ask you some questions. An answer to your request will then be provided as soon as possible.
Venezia – Mestre, 25 May 2018
Boaretto e Associati s.r.l.