top of page

Privacy Policy

Information on the processing of personal data

Pursuant to Art. 13 of EUROPEAN REGULATION No. 679/2016

Dear Data Subject,

Crescini Pietro Srl, as Data Controller pursuant to Art. 13 of European Regulation No. 679/2016 "General Data Protection Regulation (GDPR)" (hereinafter EU Regulation), containing provisions on the processing of personal data, wishes to inform you about the processing of your personal data.

The regulation provides that anyone who processes personal data is required to inform the data subject about the data processed and the qualifying elements of the processing, which must in any case be carried out in a lawful, correct and transparent manner, as well as protect confidentiality and guarantee the rights of the data subject.

It is specified that data processing means any operation or set of operations concerning the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, destruction of the data.

1. Data Controller

The Data Controller is Crescini Pietro Srl, with registered office at Via A. Volta, 36 – 46043 Castiglione Delle Stiviere (MN), Tax Code and VAT No. 01368920201, contactable at the following: phone +39 0376 639013, email: info@crescinipietro.it.

2. Nature of Data Processed, Purpose and Legal Basis of Processing

Nature of data processed. In relation to the processing purposes listed below, please note that only "common personal data" will be processed, such as:

· company identification data (name, surname, email, etc.);

 

Purpose of processing. Your personal data will be processed for the following purposes:

A. to respond to your requests: through voluntary completion of the appropriate form found in this contact area;

B. to comply with legal obligations;

 

Legal basis of processing. Personal data, for the purposes referred to in points 2A and 2B, will be lawfully processed to fulfill pre-contractual and contractual obligations between us and the user (Art. 6, par. 1 letter b), to comply with our legal obligations (Art. 6 par. 1 letter c).

3. Data Recipients and Processing Methods. Existence of an Automated Decision-Making Process, Including Profiling

The processing of your personal data will be based on the principles of fairness, lawfulness and transparency and may be carried out using paper and electronic tools both by the staff of the undersigned Company, authorized/appointed to process personal data, and by external parties called upon to carry out specific tasks on behalf of the Data Controller, as Data Processors pursuant to Art. 28 of the EU Regulation, following our letter of appointment imposing on them the duty of confidentiality and security of personal data processing, and the adoption of appropriate security measures to prevent data loss, unlawful and incorrect use, and unauthorized access, in compliance with current provisions on personal data protection.

For brevity, the detailed list of such figures is available at the Data Controller's premises and is at your disposal.

Your personal data will not be disseminated and will not be transferred to third countries or international organizations, and will not be communicated to third parties except for legal or contractual obligations.

With reference to Art. 13 of the EU Regulation par. 2 letter f) and Art. 14 of the EU Regulation par. 2 letter g), it is noted that the Data Controller currently does not use any automated decision-making system or process.

4. Data Retention Period

Your personal data will be retained for a period not exceeding the achievement of the purposes for which they are processed, in compliance with the principle of storage limitation provided by the EU Regulation and/or for the time necessary for legal and contractual obligations or until the specific consent is revoked by the data subject, and therefore:

- with reference to the purposes indicated in points 2A-2B, the data will be retained for a period not exceeding the achievement of the purposes for which they are processed and/or for the time strictly necessary to fulfill legal and contractual obligations;

To guarantee the declared retention periods, an annual periodic review of the processed data and the possibility of deleting them if no longer necessary for the intended purposes is planned.

5. Access to Data (categories of recipients to whom data may be communicated)

We also inform you that the collected data will never be disseminated and will not be communicated without your explicit consent, except for necessary communications that may involve the transfer of data to public bodies, consultants or other parties for the fulfillment of tax and legal obligations or for the fulfillment of purposes (where authorized), following our letter of appointment imposing on them the duty of confidentiality and security of personal data processing.

With reference to Art. 13, par. 1, letter e) of the EU Regulation, the following is a list by category of subjects or categories of subjects (duly identified and instructed) who may become aware of the user's personal data as processors or appointees:

· Partners, employees, collaborators and suppliers of the Data Controller in Italy and abroad, in their capacity as appointees/authorized persons and/or data processors (e.g. offices: commercial, technical, administrative, legal, press; system administrators, external professionals, various service providers, etc.)

· Partner companies and/or directly connected with the undersigned, as their activities are essential to the completion/execution of what you have requested.

Your personal data may also be communicated to external recipients of the practices concerning you, in the performance of activities and to external parties interacting with the undersigned, always and exclusively for activities functional to the purposes described above, external parties called upon to carry out specific tasks on behalf of the Data Controller, as Data Processors pursuant to Art. 28 of the EU Regulation.

For brevity, the detailed list of such figures is available at our premises and is at your disposal.

6. and 7. Communication and Transfer of Data

Without the need for express consent (Art. 6 par. 1, letters b), c) and f) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in points 2A to 2B to supervisory bodies, judicial authorities, as well as to those parties to whom communication is mandatory by law for the fulfillment of the purposes indicated above.

Said parties will process the data in their capacity as independent data controllers.

Personal data is stored on devices located at the Data Controller's premises or at providers within the European Union.

Your data will not be disseminated.

To ensure the security of such transfers, we rely only on parties that offer the necessary guarantees to implement adequate technical and organizational measures so that the processing carried out complies with EU Reg. 679/2016.

Both for data on its own devices and for any data held by providers, the Data Controller has implemented adequate technical and organizational measures to ensure an appropriate level of security, in full compliance with the EU Regulation.

8. Consequences of Failure to Provide Data

The personal data referred to in points 2A-2B of this notice are necessary; without such data it would be impossible for us to proceed and fulfill contractual and legal obligations.

9. Rights of the Data Subject

As a data subject, you have the rights set out in Articles 15 to 22 of the EU Regulation, listed below, and specifically the right to:

- obtain confirmation of the existence and processing of personal data concerning you and, in such case, obtain access to your data (right of access);

- obtain information about the purposes of processing, the categories of data in question, the recipients or categories of recipients to whom the data have been or will be communicated, in particular recipients in third countries or international organizations, the expected data retention period or the criteria used to determine such period; and where the data are not collected from the data subject, obtain all available information about their origin;

- obtain rectification of data concerning you (right of rectification);

- obtain erasure of data concerning you (right to be forgotten);

- obtain restriction of processing (right to restriction of processing);

- obtain data portability, i.e. receive them from a data controller in a structured, commonly used and machine-readable format and transmit them to another data controller without hindrance (right to data portability);

- object to processing at any time (right to object). You are specifically informed, as required by Art. 21 of the EU Regulation, that where personal data are processed for direct marketing purposes (including profiling), the data subject has the right to object at any time to the processing of personal data concerning them carried out for such purposes and that where the data subject objects to processing for direct marketing purposes, the personal data may no longer be processed for such purposes;

- be informed (with the possibility of objecting) of the existence of an automated decision-making process relating to natural persons, including profiling;

- withdraw consent at any time without affecting the lawfulness of processing based on consent given before withdrawal;

- lodge a complaint with a supervisory authority (Italian Data Protection Authority).

It is specified that there may be conditions or limitations to the rights of the data subject. It is therefore not certain that, for example, you have the right to data portability in all cases; this depends on the specific circumstances of the processing activity.

Another example: if you decide to object to data processing, the Data Controller has the right to evaluate your request, which may not be accepted if there are compelling legitimate grounds for processing that override your interests, rights and freedoms.

10. How to Exercise Your Rights

Without any formality, you may exercise your rights at any time in a clear and explicit manner by sending:

- a registered letter with return receipt to the undersigned;

- an email to info@crescinipietro.it.

Or by contacting the Data Controller directly at: +39 0376 639013.

11. Minors

What is offered by the Data Controller and the subject of the relationship with you does not involve the intentional acquisition of personal information relating to minors. In the event that information about minors is involuntarily recorded, the Data Controller will promptly delete it upon request or notification by the data subject.

12. Appointees/Authorized Persons – Data Processors

Below we provide you with some information that is necessary to bring to your attention, not only to comply with legal obligations, but also because transparency and fairness towards data subjects is a fundamental part of our activity.

Appointees/Authorized Persons. The updated list of appointees/authorized persons for processing is kept at the Data Controller's premises.

Data Processors. For brevity, the detailed list of such figures is available at our premises.

bottom of page