Information pursuant to art. 13 of the Regulation (EU) n. 679/2016 ("GDPR")
Customers

As provided for in European Union Regulation no. 679/2016 (hereafter "GDPR") and in particular in art. 13, below, we are providing you with the information required by law concerning the processing of your personal data.


What data we process (Article 13, paragraph 1 letter a, Article 15, letter b GDPR)

The C.R.S. SRL firm with headquarters in PONTEVICO (BS), VIA XX SETTEMBRE, N. 97 and operational headquarters in MERATE (LC), VIA MONTE BIANCO N. 40, operates as a Data Controller and collects and / or receives the following information:


Category of Data Main Types
Personal data name, surname, tax code, place and date of birth, physical and telematic address, fixed and / or mobile telephone number and company and / or private e-mail address; ID card or other document number, or a copy of such documents.
Bank data IBAN and bank / postal data.


How we use your data (Article 13, paragraph 1, letter c, d, e, f GDPR)

We use your data to follow up on the management of the activities required of our company and to fulfill legal obligations.
In particular, your data will be processed for:


1) management of activities in execution of a contract and treatments for legal obligations

The processing of your personal data and possibly also legal data takes place to carry out the required activities. Such processing includes the fulfillment of legal and contractual obligations, the fulfillment of administrative obligations towards the public administrations concerned, and the fulfillment of legal and tax obligations.

If the processing includes the personal data of third parties, which you have communicated to us, you must in turn have provided this information to these subjects, making sure that they have consented to our company's access of their personal data.

The legal basis of such processing is the fulfillment of the services pertinent to the activities entrusted to our company and compliance with legal obligations.


2) communication to third parties and categories of recipients

The communication of personal data takes place primarily with regard to third parties and / or recipients whose activity is necessary for the performance of activities pertinent to the services/products that have been requested of us, and to meet certain legal obligations, such as:

Categories of recipients Purposes
External professionals / consultants and consulting firms Fulfillments of legal obligations such as corporate actions, exercise of rights
Bank / postal institutions Execution of payments
Public Administrations recipients Fulfillment of administrative procedures
Service Companies Companies that provide IT or other services necessary for the fulfillment of the services of the requested product / service

Your personal data are transferred abroad to non-EU countries for activities inside the company and are not subject to disclosure.

The legal basis of such processing is the fulfillment of the services pertinent to the activities entrusted to our company and compliance with legal obligations.


3) purposes of commercial communications

Your data are NOT processed to communicate information, news, events or other promotional activities by our company.


What happens if you do not provide your data? (Article 13, paragraph 2, letter e GDPR)

The collection and processing of your data is necessary to carry out the activities required of our company and to manage and fulfill legal obligations. Failure to provide them will make it impossible for us to manage the work relationship.


How long is your data kept? (Article 13, paragraph 2, letter a GDPR)

The personal data are kept for the time necessary to complete the activities related to the management of the requested activity and for the fulfillment of the obligations, including legal obligations that follow from them, and, in any case, with reference to the data necessary for the fulfillment of tax and civil obligations, for a maximum period of 10 years from the termination of the contract, unless the exercise or defense of a right required processing to be done for a longer period. The data pertinent to the purposes of commercial communications are kept for a maximum period of two years from their collection.


How we process your data (Article 13, paragraph 2, letter f GDPR)

The processing of data is done through paper support or IT procedures by expressly authorized and trained individuals. Data processing does NOT call for automated decision-making processes or profiling.


What are your rights? (Article 13, paragraph 1, letter b, and paragraph 2 letter b GDPR)

Basically, at any time and free of charge and without any particular charges and formalities for your request, you can request:

  • To obtain confirmation of the processing of your personal data;
  • To access your personal data and learn its origin (when the data are not obtained directly from you), the purposes and scope of the processing, the data of the persons to whom it is communicated, the retention period of your data or useful criteria to determine this period;
  • To update or correct your personal data so that it is always accurate;
  • To cancel, in the cases provided for by law, your personal data or request the limitation of the processing;
  • To obtain a copy of your personal data.

Any requests will be processed at the latest within one month after receipt, subject to the possibility of extending this deadline for two months more, if necessary, taking into account the complexity and the number of requests received by the Data Controller.
For any further information and in any case, to send your request, contact the Data Controller at the address indicated in this document.


To whom may you send a complaint? (Article 13, paragraph 2, letter d GDPR)

We remind you that you can lodge a complaint with the Italian Data Protection Authority, except that, for specific legal provisions related to your situation, a supervisory authority of another EU Member State has jurisdiction.