1 – Data Controller
GABE s.r.l. Via Piscina Dello Russo 70038 – Terlizzi (Ba) P. Iva 07915910728 (following “Controller”), as Controller , It informs you in accordance with UE Regulation n. 2016/679 “General Data Protection Regulation” (following “Regulation”) that the personal data You provide will be processed in a lawful, correct and transparent manner.
2 – Legal basis of the treatment
The treatment is mandatory for the correct execution of the contract established between You, as the subject providing the data (following “Data subject”), and the Controller.
The provision of data is an essential fulfillment for all that is required by legal obligations, therefore, any refusal to supply them, in whole or in part, could make it impossible to execute the contract and / or to comply adequately with all the legal obligations.
The Controller processes the user’s optional data based on consent, that is by explicitly approving this information and in relation to the methods and purposes described therein.
3 – Contact for the exercise of the rights of Data subject
The Data subject can contact the Controller, for the exercise of his rights, as defined in par.8, to the following address:
The Controller, in the person of the Data Processor pro tempore and / or his designated representative, is required to respond to the requests of the Data subject without undue delay and / or at the latest within one month.
4 – Object of Treatment
The Controller processes personal data (following “data”) provided by the Data subject and communicated on the occasion of the conclusion of contracts for the services of the Controller and / or for the purposes as described in point 5.b of today’s information, such as those identifying as an example and not exhaustive: name, surname, company name, address, telephone number, e-mail address, bank and payment details.
5 – Purpose of the treatment.
Your personal data are processed:
a. Without Your express consent pursuant to art. 6 lett. b), e) of the Regulation, for the following purposes:
I. conclude the contracts for the performance of the Controller;
II. fulfill the pre-contractual, contractual and tax obligations deriving from relations with You;
III. fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering);
IV. exercise the rights of the Controller, for example the right to defense in court.
b. subject to your specific and distinct consent (Article 7 of the Regulations), for the following Marketing Purposes:
I. send You via e-mail, mail and / or sms and / or telephone contacts, commercial communications and / or advertising material on products or services offered by the Controller and detection of the degree of satisfaction on the quality of the same services;
II. send via e-mail, mail and / or sms and / or telephone contacts commercial and / or promotional communications of third parties (for example, business partners, other companies connected to the Controller).
We point out that if you are already our customers, we can send you commercial communications related to services and products of the Controller similar to those of which he has already used, except His express dissent (Article 130 paragraph 4 of Personal Data Protection Code Legislative Decree no.196 of 30 June 2003).
6 – Duration of processing and storage of data
The Controller undertakes to keep the data provided by the Data subject, for the period necessary for the fulfillment of the relevant contractual obligations and / or in accordance with the provisions of current regulations and any clauses contained therein. In relation to the consent given for different purposes (point 5 b of the information) from those concerning the fulfillment of contractual obligations, the retention period is defined in two years.
7 – Processing methods
The processing of data, carried out through procedures in compliance with the Regulations, is established and organized through the collection, registration, organization, consultation, processing, selection, comparison, use, interconnection, communication, cancellation and destruction.
The data are processed both in paper and electronic format by means of suitable and adequate tools to guarantee security and confidentiality.
Data are not subject to profiling.
8 – Data transfer
The Controller processes personal data by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data. Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. Personal data are processed at the registered office of the Owner through the combined use of servers owned by the same and servers made available by third-party providers, located within the European Union. In any case, it is understood that the Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
9 – Data communication
Without the need for express consent (pursuant to Article 24 letter a), b), d) of Personal Data Protection Code Legislative Decree no.196 of 30 June 2003 and art. 6 lett. b) and c) of the Regulations, the Controller may communicate your data for the purposes referred to in Article 2.a Supervisory Bodies, Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of the said purposes. These subjects will treat the data in their capacity as independent data controllers. Your data will not be disseminated.
10- Access to data
Your data may be made accessible for the purposes referred to in art. 5.a) and 5.b):
- to the employees and collaborators of the Controller, appointed, if necessary, in charge of and / or treatment’s responsible and / or system’s administrators;
- to third-party companies or other subjects (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, third party technical service providers, postal carriers, hosting providers, IT companies, communication agencies, etc.) who carry out outsourced activities on behalf of the Controller, appointed, if necessary, treatment’s responsible.
Your data may also be processed, on behalf of the Controller, by professionals and / or companies charged with carrying out technical, development, management and administrative-accounting activities.
11 – Rights of the Data subject
The Data subject who has given the data, by virtue of the principle of transparency, has the right to:
a) Obtain the revocation of the consent given ;
b) obtain, from the Controller, confirmation of the existence or not of personal data concerning him;
c) obtain the communication of data in a clear and intelligible form;
d) obtain the indication:
I. of the origin of personal data;
II. the purpose and methods of the treatment;
III. of the logic applied in case of treatment carried out with the help of electronic means;
IV. of the identity of the Controller, of the person / s responsible for the processing and / or persons in charge;
V. of the subject / s to whom the data may be communicated and / or that they may become aware of as designated representative in the territory of the State, of responsible or appointed
e) Obtain the updating, correction and / or integration, if there is interest, of the data provided;
f) Obtain the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed;
g) Obtain the attestation that the operations of updating, rectification and cancellation of the data, as already defined in the previous points, have been brought to the attention, also as regards their content, of those to whom the data have been communicated, with the exception of the case in which this fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right.
h) Obtain the limitation of the processing of data provided;
i) Propose a complaint to a Supervisory Authority .
The deadline for the reply to the Data subject is, for all rights exercisable, of 1 (one) month which can be extended up to 3 (three) months in cases of particular complexity. The Controller is in any case required to provide feedback to the Data subject in writing, within 1 (one) month, even in the case of refusal, in a concise, transparent and easily accessible manner, with a simple and clear language.
The exercise of the rights may entail the burden of an expense contribution to the Data subject related to the difficulties, for the Controller, to follow up the requests in relation to the available resources.
These rights may be limited by a law or a regulation, community or national, when the exercise of these rights may result in an actual and concrete prejudice.
12 – Right of the Data subject to data portability
The Data subject may obtain from the Controller, upon request and by means of a structured format of common use and legible by an automatic device, the personal data being processed, if processed by automated means. The Data subject may also request the Controller, if technically possible, to transfer the same data to another Controller.
13 – Changes following today’s Notice
The Controller may supplement this information if it takes corrective action or changes from national or community legislation. In these circumstances, the Controller is obliged to inform the Data subject with suitable means and to protect his rights.