INFORMATION ON THE PROCESSING OF PERSONAL DATA
This information is intended to inform you about the processing of personal data carried out by progettocaffeina di Isella Marzocchi, with registered office in Bologna, Via del Pozzo 29 (tax code MRZSLL71L57A944N – VAT number 02243891203), (hereinafter also referred to as “progettocaffeina” or the “Data Controller,” reachable at the email address info@progettocaffeina.com), as Data Controller, in the context of or in any case in relation to the execution of the Contract, in accordance with the applicable provisions on the protection of personal data.
1. TYPE OF PERSONAL DATA PROCESSED
The Data Controller may process personal identification and contact data relating to the Customer and/or the Customer’s employees or collaborators, such as, for example: name, email address, telephone and fax number, job position, as well as any other personal data relating to the Customer that will be voluntarily provided to progettocaffeina in relation to the execution of the Contract and/or in the course of carrying out its consulting activities.
It is understood that any personal data relating to data subjects other than the Client (and/or the Client’s employees or collaborators) included in texts, press releases, photographs, videos, and/or any other type of content that the Client shares with progettocaffeina in the context of the execution of the agreement will be processed by progettocaffeina as the Data Processor.
2. PURPOSE OF THE PROCESSING
The Data Controller processes personal data to perform the Contract and, more generally, to manage commercial and consulting relationships with the Client. Providing data for all of the aforementioned purposes is not mandatory, but refusal to provide such data may make it impossible to perform the Contract.
3. LEGAL BASIS FOR THE PROCESSING
The Data Controller processes personal data to perform the Contract and/or to take any pre-contractual measures (Article 6, paragraph 1, letter b) of the GDPR). The Data Controller processes personal data based on its legitimate interest in carrying out commercial activities, as well as in the potential protection of the Data Controller’s rights in court and/or before the competent authorities (Article 6, paragraph 1, letter f) of the GDPR). All personal data may also be processed to ensure compliance with legal obligations by the Data Controller (Article 6, paragraph 1, letter c) of the GDPR).
4. METHODS OF PROCESSING AND SCOPE OF CIRCULATION OF PERSONAL DATA
The Data Controller processes personal data also with the aid of electronic means, within the limits of the purposes indicated in this policy and adopting measures to maintain data security and confidentiality. Personal data processed by the Data Controller in the course of its business activities may be transferred outside the EU to entities that have declared they have adopted adequate safeguards regarding the processing of personal data.
5. SUBJECTS WHO HAVE ACCESS TO PERSONAL DATA
The Data Controller limits access to personal data as much as possible, making it available to its duly authorized personnel and/or to third parties who have reason to access it for the performance of their duties. The Data Controller also reserves the right to disclose personal data to third parties, including lawyers and/or consultants, in order to: a) ensure the proper performance of the contract; b) ensure compliance with legal regulations and/or comply with requests from public authorities and bodies for their respective institutional purposes; c) protect the rights of the Data Controller in court and/or before the competent authorities.
6. PERIOD OF RETENTION OF PERSONAL DATA
Personal data processed for the performance of the Contract, including pre-contractual activities, are retained for a maximum of 10 years from the termination of the Contract. Personal data processed in the context of the management and keeping of company accounts are retained for the time necessary to fulfill tax and accounting record retention obligations.
7. RIGHTS OF DATA SUBJECTS
Data subjects (the individuals to whom the personal data refer) are entitled to the rights set forth in Articles 15 to 22 of the GDPR, which may be exercised at any time.