INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to art. 13 and 14 of Regulation (EU) 2016/679 concerning the protection of individuals with regard to the processing of personal data
Garibaldi Architects (hereinafter the “Company” or the “Owner”) as data controller, informs you, pursuant to art. 13 and 14 of the European Regulation 679/2016 concerning the protection of personal data (“GDPR”) that the processing of personal data will be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights.
1. Type of data processed
The Company is the data controller of the personal data communicated at the time of signing the contract and/or providing the service. The personal data processed by the Company may include, by way of example but not limited to, names, denomination, address, telephone numbers, tax code, e-mail address, etc.
2. Purpose of the treatment
Data processing is carried out by the Company in relation to contractual requirements and the consequent fulfillment of legal and fiscal obligations, as well as to allow effective management of contractual, financial and commercial relationships. The data will be processed for the entire duration of the contractual relationship and also subsequently, for the fulfillment of legal obligations, for administrative, accounting, tax, commercial purposes and for the management of any disputes.
The data provided by the interested parties will be processed, using IT and paper tools, for the execution of obligations strictly connected to the activity of services in the sector of construction and construction of properties of all kinds, renovation and building maintenance, property management and design research and consultancy.
The provision of data for these purposes is essential for the use of the services connected to the activity and does not require the consent of the interested party as it is necessary for the execution of a contract of which the interested party is a party according to the provisions of art. 6(1)(b) and (c) of the GDPR.
The data may also be processed for marketing purposes via e-mail and website. The processing of data for these purposes finds its legal basis pursuant to art. 6.1.f of the Regulation, in the legitimate interest of the Data Controller to promote its products or services and it is lawful only with the prior and specific consent of the interested party (art.7 GDPR) which may be revoked at any time.
Furthermore, personal data may be collected to request information and receive a quote on one or more of the activities carried out by the company, through the website, after having read the information available at the address https://www.garibaldiarchitects.com/privacy-policy/.
3. Processing methods
The Data will be processed by the Company with electronic and manual systems according to the principles of correctness, lawfulness and transparency established by the applicable legislation on the protection of personal data and protecting the confidentiality of the interested party through technical and organizational security measures to guarantee a level of adequate security.
As regards the data that we are obliged to know, in order to fulfill the obligations established by laws, regulations and community legislation, or by provisions issued by Authorities legitimated by the law and by supervisory and control bodies, their failure conferment will make it impossible to establish or continue commercial relationships, to the extent that such data are necessary for the execution of the same.
4. Data Retention
The data provided by the interested party will be kept for the period of time necessary to achieve the purposes for which they were collected, without prejudice to any specific legal obligations on the conservation of accounting documents for public safety purposes. The data will be kept until the contractual expiry and for 10 years following its termination, termination or withdrawal, except in cases where retention for a subsequent period is required for any disputes, requests from the competent authorities or pursuant to applicable legislation.
5. Access to Data
Your data may be made accessible for the purposes listed above:
- to collaborators of the Data Controller, in their capacity as persons in charge and/or internal data processors;
- companies, consultants or professionals possibly in charge of the installation, maintenance, updating and, in general, of the management of the hardware and software of the Data Controller or which the Data Controller uses for the provision of its services;
- subjects (including the Public Authorities) who have access to personal data by virtue of regulatory or administrative provisions;
- personnel of third parties who provide services to the Data Controller and carry out Data processing on behalf and on the instruction of the latter as external data processors;
- third parties or Internet providers in charge of sending documentation and/or informative material;
- subjects who need to access data for purposes auxiliary to the relationship existing, within the limits strictly necessary to carry out the auxiliary tasks entrusted to them (for example: credit institutions, etc.);
- subjects of our consultants, to the extent necessary to carry out their duties at our company, subject to our letter of assignment which imposes a duty of confidentiality and security in the processing of data.
The data processors are expressly appointed by the owner on the basis of a written agreement pursuant to article 28 of the European Regulation.
The complete list of data processors is available upon request by sending a written request to the data controller at the address email@example.com.
6. Data communication
Personal data will not be disclosed by the Owner. The communication to third parties, other than the Data Controller, internal managers but also external to the corporate structure and the identified and appointed data processors is envisaged for the pursuit of the indicated purposes and in any case within the limits of the same, to third parties and companies, committed in the correct and regular pursuit of the purposes described, to credit institutions for the management of collections and payments, data processing and IT services companies, companies that provide the mailing service. Your personal data may be communicated to fulfill requests from the Judicial Authority or public safety, for the correct fulfillment of legal obligations. In any case, the processing by third parties must take place correctly and in compliance with the provisions of the law in force.
7. Data Transfer
The management and storage of personal data will take place on servers located within the European Union, of the Data Controller and/or third-party companies appointed and duly appointed as Data Processors. Currently the servers are located in Italy, at the headquarters of the Data Controller and the data will not be transferred to third countries outside the European Union without further express consent from the interested party.
8. What are the rights of the interested party
The interested party may exercise, in relation to the data processing described therein, the rights provided for by the GDPR (articles 15-21), including:
- receive confirmation of the existence of the Data and access their content (access rights);
- update, modify and/or correct the Data (right to rectification);
- request the cancellation or limitation of the processing of Data processed unlawfully including data whose retention is not necessary in relation to the purposes for which the Data were collected or otherwise processed (right to be forgotten and right to limitation);
- oppose the treatment (right of opposition);
- lodge a complaint with the Supervisory Authority (Guarantor for the protection of personal data www.garanteprivacy.it) in the event of a violation of the legislation on the protection of personal data;
- receive an electronic copy of the Data concerning him as an interested party, when these Data have been returned in the context of the contract and request that such Data be transmitted to another data controller (right to data portability).
To exercise these rights, the interested party can contact the Data Controller at any time by sending an e-mail to firstname.lastname@example.org.
This information may be subject to changes.