INFORMATION ABOUT THE PROCESSING OF PERSONAL DATAAccording to the Articles 13 and 14 of the EU General Data Protection Regulation 2016/679 (‘GDPR’ or ‘Regulation’), and in general in accordance with the principle of transparency foreseen in the same Regulation, PENSION GRUBER – GRUBER SAS Gruber Erika & Co. (the ‘Company’) provides the following information regarding processing of personal data.
- DATA CONTROLLER
The data controller (i.e. the person who determines the purpose and means of processing of personal data) is PENSION GRUBER – GRUBER SAS Gruber Erika & Co., based in Antholz Niedertal / Anterselva di Sotto, Aue 11, fiscal code and VAT registration number IT02400720211, tel. +39 0474 492147, firstname.lastname@example.org. For contacts specifically relating to the protection of personal data, including the exercise of the rights referred to in the following paragraph 8, we indicate in particular the telephone number +39 0474 492147 and the e-mail address: email@example.com to which you may address any requests.
- PURPOSE OF PROCESSING
The treatment of personal data may have the following purposes:
- Conclusion of contracts and fulfilment of contractual obligations (borne by and in favour of the Controller), and therefore for purposes strictly related to the management of the contractual relationship with you, including administrative and accounting formalities and fulfilments (for example: acquiring preliminary information at the conclusion of a contract; execution of operations based on the obligations deriving from the contract, which has been concluded; operational and managerial needs; control requirements on the performance implementation; verification of fiscal and contributory regularity; handling of litigations – breach of contracts; warnings; transactions; debt collection; arbitration; legal disputes, etc. –) (contractual purposes)
- TYPES OF PROCESSED DATA
The following categories of data may be processed:
- Surname, name and date of birth, residence;
- Fiscal code and/or VAT registration number;
- Telephone number/e-mail address;
- (where applicable for the case of joint liability etc.) relating to the regularity of fulfilment of the remuneration and social security obligations.
- LEGAL BASIS FOR PROCESSING AND TRANSFER OBLIGATION
There is no obligation to conferring data in a pre-contractual phase, but not conferring them will result in the impossibility of concluding the contract; once the contract has been concluded, the conferral of the further necessary data, or the updating of those already provided, is compulsory for all that is required by the legal and contractual obligations and, therefore, any refusal to supply them in whole or in part may give rise to the impossibility for the company to fulfil the contract and may still configure contractual failure or infringement of law by the supplier.The legal basis of processing consists in the fact that processing is necessary: for the execution of the contract with you or of the pre-contractual measures adopted at your request or for the fulfilment of a legal obligation to which the controller is subject.
- COLLECTION, PROCESSING METHODS AND STORAGE OF DATA
Data are collected from the interested party, that is the data that you will provide us, as well as those resulting from public registers (such as CCIAA) or obtained from the Institutions in charge in relation to the necessary verifications regarding contributory regularity etc.Processing will be carried out:
- Through the use of manual and automated systems;
- by entities or categories of authorized people in order to fulfil their duties,
- with the use of appropriate measures to ensure the confidentiality of data and to avoid access to them by unauthorised third parties.
Your data will be stored for the duration of the contractual relationship, and, after the end of it – limited to the data, which are necessary at that point – for the extinction of the contractual obligations and for the fulfilment of all possible legal requirements and for the need for protection – even contractual – related or resulting therefrom.There are no automated decision-making processes.
- DATA COMMUNICATION
Without prejudice to the communications carried out in fulfilment of statutory and contractual obligations, all data collected and processed may be communicated, exclusively for the purposes specified above, to:
a) All entities to whom the faculty of access to such data is recognised under regulatory measures;
b) employees, collaborators, suppliers of the controller, within the relevant tasks and/or contractual obligations relating to the execution of the contractual relationship with you; among the controller’s suppliers there shall be shown as an example banking and credit institutions, insurance companies, legal advisers, lawyers, tax consultants and accountants, debt collection companies, companies that detect financial risks and carry out fraud prevention activities, companies which print and package the bills, companies which deliver the bills, etc.; if your contractual relationship with us involves contact with our customers or third parties, your personal data – as necessary to the performance of your service – may also be communicated to such entities.
c) where required by law, public authorities (including financial administration), social security agencies, etc..
- LOCATION OF DATA PROCESSING
The activity is carried out on the territory of the European Union and there is no intention of transferring the data outside the territory of the European Union or to an international organisation.
- RIGHTS OF THE INTERESTED PARTY
We remind you that the GDPR gives you the exercise of the following rights:
- Access to personal data (you will therefore have the right to have free information about the personal data held by the controller and about the related processing, and to obtain a copy in an accessible format);
- Rectification of data (we will provide, on your recommendation, the correction or integration of your data – which are not an expression of evaluative elements – incorrect or inaccurate, even if they have become so, because they have not been updated);
- Withdrawal of consent (if processing takes place on the basis of your consent, you may withdraw the consent at any time, without affecting the lawfulness of processing provided before the withdrawal.
- Erasure (right to be forgotten) (for example, data are no longer needed with regard to the purposes for which they were collected or processed; they have been illegally treated; they must be deleted in order to fulfil a legal obligation; you have withdrawn the consent and there is no other legal basis for processing them; you object to processing;
- Right to restrict processing (in certain cases – objecting the accuracy of the data, during the time required for verification; objecting the lawfulness of processing with opposition to the erasure; need of use for your rights of defence, while they are no longer useful for processing; if there is objection to processing, while the necessary verifications are carried out- the data will be stored in such a way in order to be able to be restored, but, in the meantime, they are not available to the controller except in relation to the validity of your restriction request);
- Right to object to processing in full or in part for legitimate reasons (in certain circumstances you may however object to processing of your data, in particular, if your personal data is processed for direct marketing purposes, you have the right to object to processing at any time, including profiling to the extent that it is connected to such direct marketing. If personal data are processed for the purposes of scientific or historical research or for statistical purposes, for reasons related to your particular situation, you have the right to object to processing, unless processing is necessary for the execution of a public interest task);
- Data portability (if processing is based on consent or on a contract and is carried out by automated means, on request, you will receive your personal data in a structured format, in common use and readable by an automatic device, and you may transmit them to another controller, unimpeded by the controller which has provided them and, if technically feasible, you can obtain that such transmission is made directly by the latter).
- Complaint to the supervisory authority (Garante per la protezione dei dati personali – Garante Privacy).