As provided for in European Union Regulation no. 679/2016 (hereafter "GDPR") and in particular in art. 13, below, we are providing you with the information required by law concerning the processing of your personal data.
What data we process (Article 13, paragraph 1 letter a, Article 15, letter b GDPR)
The C.R.S. SRL firm with headquarters in PONTEVICO (BS), VIA XX SETTEMBRE, N. 97 and operational headquarters in MERATE (LC), VIA MONTE BIANCO N. 40, operates as a Data Controller and collects and / or receives the following information:
Category of Data | Main Types |
Personal data | name, surname, tax code, place and date of birth, physical and telematic address, fixed and / or mobile telephone number and company and / or private e-mail address; ID card or other document number, or a copy of such documents. |
Bank data | IBAN and bank / postal data. |
How we use your data (Article 13, paragraph 1, letter c, d, e, f GDPR)
We use your data to follow up on the management of the activities required of our company and to fulfill legal obligations. In particular, your data will be processed for:
1) management of activities in execution of a contract and treatments for legal obligations
The processing of your personal data and possibly also legal data takes place to carry out the required activities. Such processing includes the fulfillment of legal and contractual obligations, the fulfillment of administrative obligations towards the public administrations concerned, and the fulfillment of legal and tax obligations.
If the processing includes the personal data of third parties, which you have communicated to us, you must in turn have provided this information to these subjects, making sure that they have consented to our company's access of their personal data.
The legal basis of such processing is the fulfillment of the services pertinent to the activities entrusted to our company and compliance with legal obligations.
2) communication to third parties and categories of recipients
The communication of personal data takes place primarily with regard to third parties and / or recipients whose activity is necessary for the performance of activities pertinent to the services/products that have been requested of us, and to meet certain legal obligations, such as:
Categories of recipients | Purposes |
External professionals / consultants and consulting firms | Fulfillments of legal obligations such as corporate actions, exercise of rights |
Bank / postal institutions | Execution of payments |
Public Administrations recipients | Fulfillment of administrative procedures |
Service Companies | Companies that provide IT or other services necessary for the fulfillment of the services of the requested product / service |
Your personal data are transferred abroad to non-EU countries for activities inside the company and are not subject to disclosure.
The legal basis of such processing is the fulfillment of the services pertinent to the activities entrusted to our company and compliance with legal obligations.
3) purposes of commercial communications
Your data are NOT processed to communicate information, news, events or other promotional activities by our company.
What happens if you do not provide your data? (Article 13, paragraph 2, letter e GDPR)
The collection and processing of your data is necessary to carry out the activities required of our company and to manage and fulfill legal obligations. Failure to provide them will make it impossible for us to manage the work relationship.
How long is your data kept? (Article 13, paragraph 2, letter a GDPR)
The personal data are kept for the time necessary to complete the activities related to the management of the requested activity and for the fulfillment of the obligations, including legal obligations that follow from them, and, in any case, with reference to the data necessary for the fulfillment of tax and civil obligations, for a maximum period of 10 years from the termination of the contract, unless the exercise or defense of a right required processing to be done for a longer period. The data pertinent to the purposes of commercial communications are kept for a maximum period of two years from their collection.
How we process your data (Article 13, paragraph 2, letter f GDPR)
The processing of data is done through paper support or IT procedures by expressly authorized and trained individuals. Data processing does NOT call for automated decision-making processes or profiling.
What are your rights? (Article 13, paragraph 1, letter b, and paragraph 2 letter b GDPR)
Basically, at any time and free of charge and without any particular charges and formalities for your request, you can request:
Any requests will be processed at the latest within one month after receipt, subject to the possibility of extending this deadline for two months more, if necessary, taking into account the complexity and the number of requests received by the Data Controller. For any further information and in any case, to send your request, contact the Data Controller at the address indicated in this document.
To whom may you send a complaint? (Article 13, paragraph 2, letter d GDPR)
We remind you that you can lodge a complaint with the Italian Data Protection Authority, except that, for specific legal provisions related to your situation, a supervisory authority of another EU Member State has jurisdiction.