With this document (“Information”) the Data Controller, as further defined, wishes to inform you about the purposes and methods of processing your personal data and about the rights recognised by the Regulation (EU) 2016/679 concerning the protection of individuals, with regard to the processing and free circulation (“GDPR”) of personal data. This Information notice could be integrated by the Data Controller following your request for further services.
Cerri s.r.l. headquartered in Via Balocco, 4 - 13040 Buronzo (Vercelli), Italy Phone: +39 0161 851140 VAT n°/ FC: 00037000023
The processing activities aim at the acquisition of the following personal data:
|Common data||Personal data|
|Economic data||Tax data|
Le attività di trattamento svolte sono rivolte alle seguenti categorie di interessati:
|Natural persons, legal persons, public and private bodies.|
|Processing Legitimacy Condition||Purpose||Description|
|Execution of the Contract - Art. 6, (1) b GDPR||Contractual agreements.||Contractual agreements.|
Nature of data provision: Mandatory
Consequences of refusal to submit data: Your refusal to submit data will lead to failing to fulfill your pre-contractual/contractual requests and to execute the contract.
Personal data storage: Your personal data will be actively processed for the time necessary to manage the existing relationship and/or to execute the contract. In the event of failure to complete the contract, the information collected to assess will be deleted within 10 years.
Minimum data protection measures: IT measures applied, including the use of unique access credentials to assets, the adoption of antivirus software and firewalls guaranteeing a high protection standard. Paper data are stored in closed lockers, accessible only to authorized staff.
Cerri s.r.l. VAT n°/ Fiscal Code: 00037000023 - Via Balocco, 4 13040 Buronzo (Vercelli), Italy - +39 0161 851140
In relation to the processing described in this Information notice, as provided for in Regulation (EU) 679/2016, as data subject you will be able to exercise your rights as stated in articles from 15 to 21, and especially:
right of access – art. 15 GDPR: the right to obtain confirmation whether or not your personal data are being processed, and in that case, to obtain access to your personal data, including a copy of them;
right to rectification – art. 16 GDPR: the right to obtain, with no unjustified delay, the rectification of inaccurate personal data and/or the integration of incomplete personal data;
right to erasure (right to be forgotten) – art. 17 GDPR: the right to obtain, with no unjustified delay, the erasure of your personal data;
right to restriction of processing art. 18 GDPR: the right to obtain the restriction of processing, when:
right to data portability – art. 20 GDPR: the right to receive your personal data in a structured, commonly used and machine-readable format, and the right to require their transmission to another controller without hindrance, whenever the processing is based on consent and is carried out by automated means. In addition, the right to obtain that your personal data are directly transmitted from the Bank to another controller, where technically possible;
right to object – art. 21 GDPR: the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on the lawfulness of the legitimate interest or the performance of a task of public interest or the exercise of official authority, including profiling, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedom or for the establishment, exercise or defense of legal claims; you may object at any time to the processing if the personal data are processed for direct marketing purposes, including profiling, in so far as it is related to such direct marketing;
The above rights may be exercised by addressing the Data Controller through the contact details mentioned above.
The exercise of your rights as a data subject is free of charge under art. 12 GDPR. However, in the case of manifestly unfounded or excessive requests, also for their repetitiveness, the Data Controller may charge you a reasonable fee, to cover the administrative costs incurred in handling your request, or deny the satisfaction of your request.
Withdraw your consent - at any time, it shall be as easy to withdraw as to give consent, without prejudice to the lawfulness of the data processing carried out prior to the withdrawal.
You have the right to complaint to the Italian Data Protection Authority, based in Piazza di Montecitorio n. 121, 00186, Rome (RM).