DISCLOSURE REGARDING THE PROCESSING OF PERSONAL DATA pursuant to the provisions of articles 13-14 of EU Regulation 2016/679 (European Data Protection Regulation)

This disclosure is to inform you that EU Regulation 2016/679 (the “European Data Protection Regulation”) guarantees protection to people and other subjects, and respect for the processing of personal data.
In compliance with articles 13 and 14, therefore, we hereby inform you of the following:

Purpose / legal basis for the data processing

The Data Controller processes your personal data in any of the following circumstances:

  • processing is necessary for the performance of a contract and/or the implementation of pre-contractual measures;
  • processing is necessary for compliance with a legal, accounting or tax obligation to which the Data Controller is subject;
  • processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party;
  • with your prior consent, to allow commercial and/or promotional communications regarding its products and services to be sent to you, as well as carrying out market research (“Marketing”).

2. Sources of the personal data

The personal data processed are those provided by the data subject through:

  • interactions on the website;
  • requests for information, including via email or telephone, meetings at the offices, or during events (conventions, fairs, events, etc.);
  • previous commercial transactions or contractual relationships

3. Processing methods

For the stated purposes, your personal data are treated electronically and/or in hard-copy form. Processing activities are carried out in a way that ensures the logical and physical security and confidentiality of your personal data, in conformity with the security measures provided for by article 32 of the GDPR.

Processing is conducted within the European Union, (point (f) of Article 13(1)), no automated profiling activities are carried out (point (f) of Article 13(2)), and the data subject has the right to lodge a complaint with a supervisory authority (point (d) of Article 13(2)).

4. Nature of the Personal Data

The data which undergo processing are your personal data relevant to the performance of the service requested. You must consent to the use of your personal data to fulfil the contract in question, regarding the services requested, and to comply with the obligations which derive from it, including legal obligations.

5. Communication and disclosure of data

Your personal data may be disclosed to:

  • all subjects whose right to access such data is recognised under the regulations (legal obligations);
  • our collaborators and employees, for the purpose of fulfilling their duties, with the legally required confidentiality agreements;
  • all natural and/or legal persons, whether public or private, when such disclosure is necessary and/or an integral part of conducting our operations, in the ways and for the purposes described above;

6. Data Storage Conditions and Duration

The Data Controller shall process personal data exclusively for the length of time necessary to achieve the purposes stated above, and in any case for no longer than 10 years following the termination of the relationship, where this is enforced or made necessary by existing laws, without prejudice to longer limitation periods which may be prescribed.

7. Rights of data subjects

7.1 Articles 15 (Right of access) and 16 (Right to rectification) of EU Reg. 2016/679

The data subject shall have the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

(a) the purposes of the processing;

(b) the categories of personal data concerned;

(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

(d) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(e) the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(f) the right to lodge a complaint with a supervisory authority

(h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

7.2 Rights pursuant to Article 17 of EU Reg. 2016/679 – Right to erasure (‘right to be forgotten’)

The data subject shall have the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay and the data controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;

(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

(d) the personal data have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject;

(f) the personal data have been collected in relation to the offer of information company services referred to in Article 8(1) of EU Reg. 2016/679.

7.3 Rights pursuant to Article 18 – Right to restriction of processingdel trattamento;

The data subject shall have the right to obtain from the data controller the restriction of processing where one of the following applies:

(a) the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

(d) the data subject has objected to processing pursuant to Article 21(1) of EU Reg. 2016/679 pending the verification of whether the legitimate grounds of the data controller override those of the data subject.

7.4 Rights pursuant to Article 20 – Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller.

8. Withdrawal of consent to processing

The data subject has the right to withdraw consent to the processing of their personal data by contacting the Data Controller.

Personal Data Controller

Address Via Magenta, 41/43 – 20010 Bareggio (MI)
Telephone no.  +39 02-84063
e-mail address info@espressocap.com
VAT no. 09614820968