INFORMATION ON THE PROCESSING OF PERSONAL DATA
Forme S.r.l., with registered office in Strada Statale 275 Km 14,400, – 73030 Surano (LE), in its capacity as Data Controller in accordance with EU Regulation 679/2016 – General Data Protection Regulation (GDPR), hereinafter also referred to as “GDPR”, acknowledges the importance of the protection of personal data and considers it one of the main objectives of its activity.
We hereby provide the necessary information regarding the processing of personal data provided to customers as natural persons and natural persons acting on behalf of customers as legal persons, associations and entities, pursuant to Article 13 of GDPR. Therefore, Forme S.r.l. invites you to carefully read this Policy as it contains important information on the protection of personal data and the security measures adopted to ensure its confidentiality in full compliance with the regulations in force.
Forme S.r.l. informs you that:
- all data is processed lawfully, correctly and transparently towards the data subject, in compliance with the general principles provided for by the GDPR and the Privacy Code;
- we collect and process your data only for the purposes indicated in this Policy or for the specific purposes already shared with you and/or for which you have given your consent;
- we aim to collect, process and use as little personal data as possible;
- when we have to collect your personal data, we ensure that it is as accurate and up-to-date as possible;
- if the personal data we collect is no longer needed for any purpose and we are not required by law to keep it, we will make every effort to delete, destroy or anonymise it;
- specific security measures are put in place to prevent data loss, unlawful or incorrect use and unauthorised access;
- your personal data will not be shared, sold, made available or communicated to parties other than those indicated in this Notice.
- Full details on each type of collected data are provided in section 2 of this Policy.
“GDPR” (General Data Protection Regulation) means EU Regulation 679/2016 of the European Parliament and of the Council of 27/04/2016, applicable from 25/05/2018, on the protection of natural persons with regard to the processing of personal data.
“Personal data” means any information relating to an identified or identifiable natural persons with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more features of his/her physical, physiological, mental, economic, cultural or social identity.
“Particular data” means personal data revealing racial or ethnic origin, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data, data concerning a person’s health or sex life or sexual orientation.
“Judicial data” means personal data relating to criminal convictions and offences, or any coercive measures related to same
“Processing” shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. Data Controller and Data Protection Officer
Pursuant to the GDPR, the Data Controller is Forme S.r.l., as defined above.
You can contact the Data Protection Officer at the following email address firstname.lastname@example.org or at the address: Strada Statale 275 Km 14,400 – 73030 Surano (LE).
3. The personal data being processed
The Data Controller processes Personal Data that you voluntarily communicate to us (verbally, by business card, by email, by handing over documents, through the Data Controller’s website, etc.), including but not limited to: name, surname, place and date of birth, address of residence and domicile, place of work, company name, VAT number, tax code, landline or mobile telephone number, fax number, email address, PEC address, employer, role and/or company classification, bank details, data of your customers, etc.
With regard to your Personal Data acquired directly through our website: the information notice on the www.formeskin.it website, to which you are referred to, applies.
Forme S.r.l. will process the aforementioned data in compliance with the GDPR, assuming that it refers to you, your company or third parties, including your family members, who have expressly authorised you to provide it on the basis of a suitable legal basis legitimising the processing of the data in question. In respect of such cases, you act as an independent data controller, assuming all obligations and responsibilities under the law. In this regard, you grant Forme S.r.l. the widest possible indemnity in respect of any dispute, claim, request for compensation for damages from processing, etc. that may be received by Forme S.r.l. from third parties whose personal data have been processed at your request and/or in execution of the mandate conferred.
4. Purpose of processing
Your personal data will be processed:
- without your expressed consent (Article 6, letters b, c, f, GDPR), for the following purposes:
- fulfilling pre-contractual and contractual obligations arising from the conferral of any professional assignment to a third party; in particular, carrying out the mandate entrusted to the Data Controller as tax, accounting, corporate and legal advisor; this task involves the preparation of all the acts, documents and declarations required to fulfil the obligations laid down by civil and tax legislation, in relation to the characteristics of the subject and the activity carried out (included but not limited to preparation and transmission of income declarations, preparation and transmission to the Chamber of Commerce, contracts of all kinds, chamber of commerce and land registry visas, keeping of registers and account books, etc.), as well as to satisfy any other request made by the customer;
- administrative and management purposes and for the fulfilment of obligations laid down by law (such as, for example, those of an accounting and tax nature or in relation to anti-money laundering), by a regulation, by EU legislation or by an order of the Authority, to which the Data Controller is subject;
- purposes necessary to ascertain, exercise or defend a right in court, including the protection of credit rights, or whenever judicial authorities require it in the performance of their duties;
- with your consent (Article 7, GDPR), for the following purposes:
- sending newsletters containing promotions, product/service proposals, articles and publications relating to the Data Controller’s business.
5. Legal basis and mandatory or optional nature of processing
The legal basis for the processing of personal data for the purposes referred to in Section I), point a) above is the performance of a contract to which you are a party, or the performance of pre-contractual measures taken at your request, therefore the performance of pre-contractual and contractual obligations related to legal relationships established and/or to be established with you.
The legal basis for the processing of personal data for the purposes referred to in point b) is the fulfilment of a legal obligation to which the Data Controller is subject, while for the purposes referred to in point c) is the pursuit of the DATA PROCESSING NOTICE. We inform you that, taking into account the purposes of the processing as described above, the provision of your personal data for the purposes referred to in section I) above is mandatory. Failure to provide your data, its partial or inaccurate provision and/or any express refusal to process it will make it impossible for the Data Controller to comply with your requests, to fulfil contractual obligations arising from the mandate conferred or a legal obligation to which the Data Controller is subject or requests by the competent Authorities.
The provision of data for the purposes set out in section II) above is optional, with the consequence that you may decide not to provide your consent or to withdraw it at any time.
In connection with the processing of your data for the purposes described in section I) above, we may also become aware of special categories of personal data, as defined above in the introduction. For these reasons, we ask you to give your explicit consent to the processing of such data in writing, stating that you will have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation.
6. Recipients of personal data
Without prejudice to communications made in fulfilment of legal and contractual obligations, all your collected and processed data may be shared, exclusively for the purposes specified above, with the following categories of recipients:
- employees and collaborators of the Data Controller, in their capacity as persons authorised to process personal data, who have committed themselves to confidentiality or are under an appropriate legal obligation of confidentiality;
- persons, companies, professional firms or other third parties with whom the Data Controller has relations necessary for the performance of its activities for the purposes indicated above or as required by law, to whom a specific mandate has been entrusted and for the time necessary to achieve the purposes for which the data have been collected, who typically act as Data Processors of Forme S.r.l;
- Judicial or supervisory authorities, administrations, public authorities and bodies, in the performance of their duties
The Data Controller ensures that the processing of your personal data by the above mentioned recipients is carried out in accordance with current legislation.
7. Processing methods and storage times
The collection and processing of your personal data by the Data Controller shall be carried out in compliance with the principles of lawfulness, fairness and transparency and in such a way as to guarantee adequate security, including protection, by means of appropriate technical and organisational measures, from unauthorised or unlawful processing and from accidental loss, destruction or damage. The data collected will be processed by means of electronic or in any case automated, computerised and telematic instruments, or by means of paper-based instruments, strictly according to the purposes for which the personal data was collected and, in any case, in such a way as to guarantee its security and for the time strictly necessary to achieve the purposes for which it was collected, without prejudice to the need to retain the data to meet the obligations provided for by current legislation even after the cessation of processing operations or until the time permitted by Italian law to protect the interests of the Data Controller.
Further information, regarding the period of retention of personal data and the criteria used to determine this period, may be requested by writing to the Data Protection Officer at the following email address: email@example.com or at the address: Strada Statale 275 Km 14,400 – 73030 Surano (LE).
The data subject shall have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly, significantly affects him or her.
8. Data communication, storage and transfer
Without the need for your expressed consent (Article 6, letters b, c, f, GDPR), the Data Controller may communicate your data for the purposes listed above to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, banks and credit institutions, consultants and professionals, third parties in general, including platforms that offer data storage and exchange services specifically indicated by you, etc., as well as to those subjects to whom the communication is a legal or contractual obligation or is the fulfilment of your specific request, with the specification that these subjects will process the data in their capacity as autonomous data controllers. In any event, your personal data will not be disseminated.
Your personal data is stored at the registered office of the Data Controller or of third party service providers, within the European Union. It is in any case understood that the Data Controller may also move the data outside the EU if necessary. In this case, the Data Controller assures as of now that the transfer of the data to non-EU countries will take place in compliance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection.
9. Rights of the data subject
In accordance with the GDPR, you have the right to exercise the following rights:
- right of access – To obtain confirmation as to whether or not personal data relating to you is being processed and, if so, to receive information relating, in particular, to: the purposes of the processing, the categories of personal data processed and the period of storage, the recipients to whom the data may be disclosed (Article 15, GDPR);
- right to rectification – To obtain, without undue delay, the rectification of inaccurate personal data concerning you and the integration of incomplete personal data (Article 16, GDPR);
- right to erasure – Obtain, without undue delay, the erasure of personal data concerning you, in the cases provided for by the GDPR (Article 17, GDPR);
- right to restriction – Obtain from the Data Controller the restriction of processing, in the cases provided for by the GDPR (Article 18, GDPR);
- right to portability – To receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Data Controller, as well as to obtain that it is transmitted to another controller without hindrance, in the cases provided for by the GDPR (Article 20, GDPR);
- right to object – Object to the processing of personal data concerning you, unless there are legitimate grounds for the Data Controller to continue the processing (Article 21, GDPR);
- right to withdraw – Withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal;
- right to complain – To lodge a complaint with the Italian Data Protection Authority, based in Piazza di Montecitorio no. 121, 00186, Rome (RM).
You may exercise your rights at any time by writing to the Data Protection Officer at the following email address: firstname.lastname@example.org or at Strada Statale 275 Km 14,400 – 73030 Surano (LE).
10. Amendments to this policy
Forme S.r.l. reserves the right to change the content of this notice also due to changes in applicable law. Forme S.r.l. shall inform you of such changes as soon as they are introduced by means of notices on the website or by sending them to your email address in order to keep you up to date on the data collected and the use made of it by Forme S.r.l.
You can contact the Data Protection Officer at the following email address: email@example.com or at the address: Strada Statale 275 Km 14,400 – 73030 Surano (LE).
73030 Surano (LE).