Information notice on data processing pursuant to art. 13 of Regulation (EU) 2016/679
Data Controller
Please be informed that, pursuant to Regulation (EU) 679/2016 (hereinafter: “Regulation“) and to the Swiss Federal Law on data protection, your personal data will be processed by Consulcesi SA as Data Controller (“Data Controller“).
The Data Controller’s contact details are: Consulcesi SA, Via Giuseppe Motta 6, 6828 Balerna (CH); email: privacy@consulcesi.ch. The Data Protection Officer (hereinafter, “DPO”) may be contacted at: Largo Boccioni 1, 21040 Origgio (VA); tel: +39.02.96515401; email: consulcesi.dpo@avvera.it. The Data Controller’s Representative for the European territory is Consulcesi Homnya S.r.l., via G. Peroni 400, 00131 Roma; e-mail: privacy@consulcesihomnya.com.
Types of data being processed
The Data Controller will process your personal data collected by way of the requested services, of the contract and/or for the purpose of concluding the same, and these include, by way of example though not limited to, name, surname, mobile number, email address.
Purpose, legal and optional basis of the processing
Your personal data will be processed for the following purposes:
a) to perform the requested services;
b) to fulfil potential legal obligations.
The legal bases of the processing for purposes a) and b) are, respectively, articles 6.1.b) and 6.1.c) of the Regulation. The provision of your personal data for the above purposesa) and b) is optional, however failure to do so would make it impossible to execute the contract.
It is also possible that processing of personal data, sent by you, relating to third parties can take place and be carried out by the Data Controller. With respect to these instances, you are posing as an independent data controller, taking on all legal obligations and responsibilities. In this respect, you grant the most extensive indemnity with respect to any dispute, claim, request for damage compensation for processing, etc. that the Data Controller should receive from third parties whose personal data have been processed by way of your spontaneous submission in breach of the applicable regulations on personal data protection. In any case, should you provide or otherwise process personal data of third parties, you warrant, as of now, taking on all related responsibilities, that such specific processing case is grounded on an appropriate legal basis which legitimizes the processing of said information.
Recipients and transfer of personal data
Your personal data may be shared with:
individuals authorized by the Data Controller to process personal data pursuant to art. 29 of the Regulation for reason related to the fulfilment of their work duties (e.g. employees, system administrators etc.);
providers of services (such as lawyers, accountants, consultants, credit institutions, etc.) who typically act as data processors pursuant to art. 28 of the Regulation; subjects, body corporates or authorities, to whom communicating your personal data is mandatory pursuant to legal provisions or requests by the authorities.
The complete and updated list of data recipients may be requested from the Data Controller, at the above-indicated addresses.
Transfer of data outside of the EU
As for the potential transfer of Data to Third Countries, the Data Controller informs that the processing will take place in accordance with one of the methods permitted by the applicable law, such as the data subject’s consent, the adoption of Standard Clauses approved by the European Commission, and the selection of subjects, individuals or entities, adhering to international programs for the free circulation of data or operating in countries that the European Commission considers safe. More information is available, upon request, from the Data Controller at the above-indicated contact addresses.
Storage of personal data
Your Personal Data shall only be stored for the time necessary to accomplish the purposes for which they are collected, thus respecting the principles of storage minimization referred to in article 5, paragraph 1, letter c) of the GDPR. In any event, your personal data shall be stored for the time necessary to perform the services stipulated in the contract. In any case, storage for longer periods of time shall occur when required by the applicable law. More information is available from the Data Controller.
Data processing methods
In relation to the purposes indicated, processing of personal data takes place by way of manual, automated, IT and telematic means in a manner and a logic strictly related to said purposes and, in any event, with methods that guarantee the security and confidentiality of the data, in addition to the compliance with specific legal requirements.
Your privacy rights
You have the right, at any time, to ask the Data Controller to access to your Personal Data, to request the rectification or erasure of the same, or to object to their processing, you have the right to request the restriction of processing of personal data for those cases provided for by art. 18 of the Regulation; pursuant to art. 7 of the Regulation you may withdraw your consent at any time; and you have the right to obtain the data concerning yourself in a structured format, in a commonly used form that is readable by an automatic device for those cases provided for by art. 20 of the Regulation; and you also have the right to lodge a complaint with the competent supervisory authority (Data Protection Authority) pursuant to art. 77 of the Regulation if you believe that the processing of your data is contrary to the applicable law.
You may lodge a request whereby you object to the processing of your data pursuant to article 21 of the Regulation, and where you substantiate the reasons and grounds for the objection: the Data Controller reserves the right to assess the application, which would not be accepted should there be compelling legitimate grounds for the processing which override your interests, rights and freedoms.
Requests should be sent in writing to the Data Controller or to the Representative in the territory.