Consent Supplier and Customer Personal Data Processing
AIDA Srl, Headquarters: Viale Alexandre Gustave Eiffel, 100 – 00148 Roma (ITALY), VAT n. 00883031007 (hereafter referred to as “the Controller”), acting as Controller, informs you that, according to art.13 of the D.Lgs. 30/06/2003 n. 196 (hereafter referred to as the “Privacy Code”) and art. 13 of the EU Regulation n. 2016/679 (hereafter referred to as “GDPR”) your data will be processed with the following modalities and for the following purposes:
AIDA Srl, Headquarters: Via Achille Grandi, 15-20096 Pioltello-Milano (ITALY), VAT n. 03795810963 (hereafter referred to as “the Controller”), acting as Controller, informs you that, according to art.13 of the D.Lgs. 30/06/2003 n. 196 (hereafter referred to as the “Privacy Code”) and art. 13 of the EU Regulation n. 2016/679 (hereafter referred to as “GDPR”) your data will be processed with the following modalities and for the following purposes:
1. Object of the processing
The Controller processes personal and identity data (such as name, surname, society denomination, address, phone number, e-mail, bank and payment reference codes), hereafter referreas “personal data” or just “data”) that you provide when you sign contracts of service with the Controller.
2. Purpose of the processing
You personal data will be treated:
- without your explicit consent (art. 24 letters a), b), for the following Service modalities:
- signature of contracts for services provided by the Controller;
- comply with pre-contractual, contractual and fiscal obligations deriving from existing relationships with you;
- comply with legal obligations or those deriving from regulations, from EU legislation or from Authority prescription (such as anti- money laundering);
- avail the Controller’s rights such as the right to defence in court;
- Only by previous specific and direct consent (art. 23 and 130 of the Privacy Code and art .7 of GDPR) for the following marketing purposes:
- Sending of email/postal/texting/telephone newsletters, commercial communications, advertisements on products or services offered by the Controller and monitoring of satisfaction about the quality of the provided services;
We highlight that if you are already our customers, we may send you commercial communications referring to Controller’s services or products similar to those already provided to you, except you disagree to this (art. 130 par. 4 Privacy Code).
3. Processing modality
The treatment of your personal data is carried out through the operations as specified in art. 4 of the Privacy Code and art. 4 n. 2) of the GDPR, and precisely: reception, recording, organization, storage, recall, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Your personal data are processed both electronically and on paper.
The Controller will process personal data for the time necessary to pursue the above mentioned purposes and in any case not beyond 10 years from the ceasing of the relationship deriving from the service purposes and not beyond 2 years from data gathering for marketing purposes.
4. Access to data
Your data may be disclosed for the purposes mentioned in art. 2.A) and 2.B) to:
- Personnel and collaborators of the Controller as internal processors or recipients or system administrators;
- Third parties (as an example, credit institutions, professional firms, consultants, etc.) carrying out outsourcing activities on behalf of the Controller, as external processors.
5. Communication of data
Without your explicit consent, according to art. 24 letters a), b), d) of the Privacy Code and art. 6 letters b) and c) of the GDPR, the Controller may disclose you data for the purposes mentioned in art. 2.A) to:
- Surveillance Authorities;
- Judicial Authorities;
- Subjects to whom such communication is compulsory by law in relation to the above mentioned purposes.
The above mentioned subjects will process data as autonomous Controllers.
Your data will not be made public.
6. Data transfer
Personal data are stored on servers located within the European Union. No transfer to non-EU nations is foreseen.
7. Data provision and consequences of provision refusal
The provision of data is compulsory for the purposes mentioned in art. 2.A). The refusal to provide data prevents the provision of services mentioned in art. 2.A).
The provision of data for the purposes mentioned in art. 2.B) is optional. You may decide not to provide any data or to withdraw consent to process data that you already provided at a later time: in this case, you will not be enabled to receive newsletters, commercial communications and advertisements regarding the services offered by the Controller. You will still be entitled to the services mentioned in art. 2.A).
8. Rights of the data subject
As a data subject, you have the rights listed in art. 7 of the Privacy Code and art. 15 of the GDPR, and precisely the right to:
- Obtain a confirmation that personal data regarding you are being held or not, even if not yet registered, and their communication in an intelligible way;
- Obtain indications about: a) the origin of personal data; b) the purposes and modalities of the processing; c) the procedures applied in case of electronic processing; d) the identification data of the Controller, of the processors and of the representative according to art. 5, par. 2 of the Privacy Code and Art.13, par. 1, of the GDPR; e) of the subjects and subject categories to whom personal data may be disclosed or that may receive them as representative in the territory of the State, of processors or recipients;
- Obtain: a) the updating, the rectification or, if desired, the integration of data; b) erasure, anonymization or block of data processed in an unlawful way, including those for which filing is not necessary for the stated purposes; c) proof that the operations mentioned in letters a) and b) have been communicated to any third party recipients, except in the case in which it is impossible or disproportionately too complex to perform in relation to the right under consideration;
- Oppose, totally or partially: a) for legitimate reasons to the processing of your personal data, even if related to the purpose of processing; b) to the processing of your personal data for the purpose of sending advertising material, or direct sale, or marketing analysis or communication, by means of automated calling systems without a human operator, email or conventional marketing procedures by telephone or paper mail. We underline that the subject’s right to opposition, as previously stated, to direct marketing purposes by automated means is extended to the conventional ones, and that the subject may always request a partial opposition. Therefore, the subject may decide to receive communication only through conventional modalities or only through automated modalities or none of the above.
Where applicable, the subject has also the rights stated in art. 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability and right to object), in addition to the right to appeal to the Supervisory Authority.
9. Modalities of exercise of rights
You may exercise your rights at any moment by sending:
- Registered mail with acknowledgement of receipt to AIDA Srl, Viale Alexandre Gustave Eiffel, 100 – 00148 Roma (Italy)
- Email: firstname.lastname@example.org
- Registered mail with acknowledgement of receipt to AIDA Srl, Via Achille Grandi, 15 – Pioltello-Milano (Italy)
- Email: email@example.com
10. Lawfulness of processing
In compliance with art. 6 of the Regulation, processing is lawful in that it is necessary for the performance of a contract to which the data subject is party and in order to take steps at the request of the data subject prior to entering into a contract.
The Controller will process data lawfully, fairly and in a transparent manner, in compliance with the principles established in the General Data Protection Regulation, ensuring personal data protection and the fundamental rights and freedom.
11. Controller, processor
The Controller of data processing is
AIDA Srl, Viale Alexandre Gustave Eiffel, 100 – 00148 Roma – Italy
AIDA Srl, Viale Achille Grandi, 15-20096 Pioltello-Milano – Italy
An updated list of processors is kept at the Controller’s headquarters.