Personal Data Processing Policy pursuant to Arts. 13-14 of EU Regulation 2016/679
Data subjects: Customers
SEFO srl in its capacity as Data Controller of your personal data, pursuant to and by effect of EU Regulation 2016/679, hereinafter 'GDPR’, hereby informs you that the aforementioned regulation provides for the protection of data subjects regarding the processing of personal data and that such processing shall be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights.
Your personal data will be processed in accordance with the legislative provisions of the aforementioned regulation and the confidentiality obligations envisaged therein.
Purpose and legal basis of processing: in particular, your data will be processed for the following purposes related to the implementation of obligations related to legislative or contractual obligations:
- mandatory legal obligations in the tax and accounting field;
- consulting activity;
- litigation management;
- customer management;
- customer satisfaction survey;
- services to protect consumers and users;
- internal control services;
- brokerage services;
- customer invoicing log.
Processing methods. Your personal data may be processed in the following ways:
- assignment of processing operations to third parties;
- processing using electronic computers;
- manual processing by means of paper archives.
All processing takes place in compliance with the methods set out in Arts. 6 and 32 of the GDPR and through the adoption of the appropriate security measures.
Your data will be processed only by personnel expressly authorised by the Controller and, in particular, by the following category of operators.
- Administration Department.
Communication: Your data may be disclosed to external parties for proper management of the relationship and, in particular, to the following categories of Recipients, including all duly appointed Data Processors:
- banks and credit institutions;
- communications required by law concerning anti-money laundering legislation (Law No. 197 of 5 July 1991, as amended; Legislative Decree No. 56 of 20 February 2004; Law No. 29 of 25 January 2006; Ministerial Decrees Nos. 141, 142 and 143 of 3 February 2006; UIC (Italian Exchange Office) Provision of 24 February 2006);
- consultants and freelance professionals, also in associated form;
- within the contest of public and/or private parties for which communication of data is mandatory or necessary in compliance with legal obligations or is in any case instrumental to administration of the relationship;
- insurance companies;
- constitutional bodies or those of constitutional significance.
Dissemination: Your personal data will not be disseminated in any way whatsoever.
Retention Period. Please note that, in compliance with the principles of lawfulness, limitation of purposes and data minimisation, pursuant to Art. 5 of the GDPR, the retention period of your personal data is:
- established for a period of time not exceeding the achievement of the purposes for which it was collected and processed and in compliance with the mandatory periods prescribed by law.
Controller: the Data Controller, pursuant to the Law, is
- SEFO SRL, in the person of the legal representative pro tempore (VAT No. 01475680516) with registered office in Arezzo 52100 (Italy) Loc. Ponte alla Chiassa 141 - Tel. +39 0575 342010 email: firstname.lastname@example.org
You have the right to obtain from the Controller the deletion (right to be forgotten), limitation, updating, rectification or portability of data and to object to processing of personal data concerning you and, in general, may exercise all the rights foreseen by Articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.
Regulation EU 2016/679 Arts. 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the data subject
1. Data Subjects have the right to obtain confirmation of the existence of personal data concerning them, even if not yet recorded, and communication of the same in an intelligible form, as well as the right to lodge a complaint with the Supervisory Authority.
2. Data Subjects have the right to obtain information on:
- the origin of the personal data;
- the processing purpose and methods;
- the rationale applied in the case of processing with the aid of electronic tools;
- the identification details of the data controller, the data processor and the designated representative pursuant to Article 5, paragraph 2;
- the persons or categories of persons to whom the data may be disclosed or who may become aware of the same in their capacity as designated representative in the State territory, data processors or persons in charge of processing.
3. Data Subjects have the right to obtain:
- updating, rectification or, where interested, integration of the data;
- cancellation, anonymization or blocking of data processed unlawfully, including data that is not required to be kept for the purposes for which the data was collected or subsequently processed;
- certification that the operations described in points have a) and b) above been notified, also as regards their content, to those to whom the data has been disclosed or disseminated, unless this requirement proves impossible or involves the use of means clearly disproportionate to the right protected.
- data portability.
4. Data Subjects have the right to object, in whole or in part:
- a. for legitimate reasons to the processing of personal data regarding them, even if pertinent to the collection purposes;
- b. to the processing of personal data regarding them for the purposes of sending advertising or direct sales materials or for carrying out market research or commercial communications.