We GemmeCotti srl, as Controller of the data processing and according to the EU 2016/679 Regulation, provide the necessary information about the collection, the storing and the sharing of personal data and the purpose of data processing we make. With this document we explain what types of data we process, why we collect it, how we use it and where we store it.
Legal basis and purpose
• We process data without asking for consent in that cases in which (art. 6, letters b, c, f GDPR):
– data processing is necessary for the performance of a contract to which de data subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
– data processing is necessary for compliance with a legal obligation to which the Controller is subject;
– processing is necessary for the purpose of the legitimate interests pursued by the Controller, except for the case in which such interests are overridden by the interests and rights of the Data Subject.
• Data is processed with the explicit consent of the Data Subject (art 6, 7 GDPR ):
– for marketing purpose (newsletter).
How we use your data
• The information collected is processing by authorized and specialized personnel only, in paper or electronic form, with every kind of technological support that we consider appropriate. The data is processed lawfully, fairly and in a transparent manner, and always according to the legislation (art. 4, n. GDPR). .
• GemmeCotti Srl implements and maintains appropriate technical, security and organisational measures to protect Personal Data. We assure that all of the software solutions are fully in line with the standards required by GDPR.
Storing and sharing of the data
• All information is stored securely in our office.
• The data will be kept as long as necessary to fulfil the purposes for which it was collected, and longer for the completion of the legal obligations.
• Data Controller informs that, in order to fulfill the purposes for which date is collected, it can be communicated and share with third parties belonging to the following categories: a) subjects who provide services for the information system and the telecommunication network; b) service companies for the acquisition, registration and processing of data imported by documents; c) subjects that run customer-care activities; d) companies that provide consultancy and assistance; e) subjects who have to control, revise and certificate the activities of the Company.
All of these subjects are External Data Processors. A constantly updated list of them is stored and accessible at the Headquarters of the Data Controller.
• Every other sort of sharing or communication is subordinated to the consent of the Data Subject.
The information we collect is stored in servers that are inside the EU. If it will be necessary, Data Controller will be able to move them extra-EU. Data Controller assures by now that an eventual move will be complied to the current legislation.
Data Subjects rights
According to the art. 13, co. 2, lett. B, d, 15, 18, 19 and 21 GDPR, Data Controller informs that the Data Subject:
• Have the right to access its personal data and ask for it to be rectified, integrated, restricted or deleted, when all the related law obligations are completed.
• Have the right to report a complaint to the Data Protection Authority from the website www.garanteprivacy.it
• Have the right to revoke the consent in any time.
Data Subject can exercise its rights with the preferred means. Data Controller is committed to give an answer in writing within 30 days. In any time Data Subject can exercise its rights sending an email to: firstname.lastname@example.org.
Data Controller and Processors
Data Controller is GemmeCotti srl, in the person of the legal representative Dr. Enrico Gemme. The contact details of the Data Controller are the following. Headquarter: Via A. Volta 85/A, 20816, Ceriano Laghetto (MB); Registered office: Piazza De Gasperi 15, 21040, Gerenzano (VA); Tel: +39 02.96460406; Fax: +39 02.96469114.
A constantly updated list of the Internal and External Data Processors is stored and accessible at the Headquarters of the Data Controller.