INFORMATION ON THE PROCESSING OF PERSONAL DATA

 

This Notice is made to inform you that the data provided to our Company will be processed pursuant to EU Regulation no. 2016/679 (hereinafter also “GDPR”) and Legislative Decree 101/2018.

We therefore invite you to carefully read the following information.

 

Data Controller and Data Protection.

The Data Controller is Avv. Luca Membretti, with registered office in Milan (MI),Via Carlo Freguglia, n. 10 (20122). The data controller may be contacted by sending a registered letter with return receipt to the above address or by e-mail l.membretti@mmslex.com.

Purpose of the processing.

The personal data provided will be processed in relation to the following purposes i.) Fulfillment of contractual obligations; ii.) fulfillment of accounting and tax obligations; iii.) suppliers  management (suppliers administration, contract administration, orders, deliveries and invoices); iv.) customer management (customer administration, contract administration, orders, shipments and invoices, reliability and solvency control); v.) legal and economic treatment of personnel; vi.) litigation management (contractual defaults, warnings, transactions, debt collection, arbitration, legal disputes); vii.) fulfillment of legal obligations; viii.) legitimate interest of the Data Controller.

 

Field of communication and diffusion.

We inform you that, in order to achieve the aforementioned purposes, the data collected may be communicated to third parties – appropriately designated as Data Controlers and whose references will be communicated to you upon request, such as – financial, social security and welfare institutions insurance companies, IT and telematics service companies, archiving and storage companies, printing and shipping companies, e-mail management companies, judicial or administrative authorities, accountants, lawyers, consultants, medical doctors, subsidiary or associated companies, and the central for risks , auditing companies, foundations and university institutes and others, trade associations.

Outside of the aforementioned hypotheses, your personal data will not be communicated or disclosed without your explicit consent.

 

Processing methods.

The processing will be carried out both in paper and automated form, in compliance with the principles of lawfulness, correctness, non-exceeding and relevance provided for by current legislation.

The Data Controller adopts appropriate security measures, aimed at preventing unauthorized access, disclosure, modification or destruction of the data processed

 

Data retention.

The Data Controller will process the personal data for the time strictly necessary to fulfill the aforementioned purposes or, in any case, for the period provided for the fulfillment of legal obligations, provided that it is not necessary to keep them further to fulfill orders from the Authorities.

 

Place of processing and scope of data circulation.

The management and storage of personal data will take place on the Data Controller server and / or third party companies duly appointed as Data Processors, located both within the European Union and in non-EU countries. The data, therefore, can be transferred both inside and outside the European Union. In relation to the possible transfer of data outside the EU the Data Controller ensures from now on that the same occurs in accordance with the provisions of the law through the stipulation of agreements that guarantee an adequate level of protection and through the adoption of the standard contractual clauses envisaged by the European Commission.

 

Refusal to provide data.

We also consider it a duty to inform you that any refusal to consent to the treatments indicated could prevent the completion of the contractual relationship.

 

Rights of the interested parties.

In relation to the processing of any personal data provided by our Company, we remind you that, as an interested party, you have the right to:

– obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in intelligible form;

– obtain the indication: a) of the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the aid of electronic instruments; d) of the identification data concerning the Data Controller, data processors and the representative designated pursuant to art. 3, paragraph 1, GDPR and Legislative Decree 101/2018; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or appointees;

– obtain: a) updating, rectification or, when interested, integration of data; b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data which does not need to be kept for the purposes for which the data was collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the event that such fulfillment occurs it proves impossible or involves a manifestly disproportionate use of resources with respect to the protected right;

– object, in whole or in part: a) for legitimate reasons to the processing of your personal data, even if pertinent to the purpose of collection; b) to the processing of your personal data for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by phone and / or mail. Please note that the interested party’s right of objection, set out in the previous point b), for direct marketing purposes by automated means, extends to the traditional ones and that the possibility for the interested party to exercise the right of opposition also remains valid only partially. Therefore, the interested party may decide to receive only communications using traditional methods or only automated communications or none of the two types of communication;

– where applicable, you also have the rights pursuant to articles 16-21 GDPR (Right of rectification, right to oblivion, right to limitation of treatment, right to portability of contractual and raw navigation data, right to object), as well as the right to complain to the Guarantor for the Protection of Personal Data.

 

Changes to the Information Notice.

The possible entry into force of new sector regulations, as well as the constant examination and updating of the services reserved to you. may involve the need to change the methods and terms described in this Statement. It is therefore possible that this document may change over time. You are therefore advised to periodically consult the dedicated page on the www.mmslex.com/privacy-policy company website as it will publish any changes to this Information Notice.