Information report pursuant to Art. 13 of the European Regulation 2016/679 concerning the protection of personal data (“GDPR”)
In compliance with and by effects of what stated in Art. 13 of the European Regulation 2016/679 concerning the protection of personal data (“GDPR”) and in the Italian Privacy Regulation, we hereby inform you that your personal data will be processed with electronic media, manual filing, and social networks in Italy and abroad. This information report (hereinafter, “Report”), drawn up on the basis of the principle of transparency and the requirements set out by the GDPR, is divided into single sections, each concerning a specific topic, so that its reading is faster, effortless and clear.
WHO IS THE DATA CONTROLLER?
The Data Controller (hereinafter, “Controller”) is Monolith s.r.l., with premises in Via dell’Artigiano no. 8/F-8/G - 31050 Monastier (Treviso) - Italy.
DATA PROTECTION OFFICER
The Data Controller, in compliance with Art.38, did not appoint a Data Protection Officer (DPO); however, you can contact our Privacy Office for any issue concerning the processing of your data and the exercise of rights provided for in the GDPR at the following e-mail address:
WHAT IS THE LEGAL BASIS FOR DATA PROCESSING?
The legal basis for the processing of your personal data is as follows:
- Contractual obligations and fulfilment;
- Law obligations;
- Consent for commercial activities and to benefit from the service.
WHAT PURPOSES WILL YOUR DATA BE PROCESSED FOR?
a) Your personal data will be processed for service management purposes and to fulfil law obligations:
- Executing the supply contract or the purchase order.
- Invoicing all amounts payable and any possible additional services.
- Fulfilling law obligations, including the accounting, administrative and fiscal ones.
- Managing possible claims and disputes.
- Preventing fraud and managing overdue or failed payments.
- Debt collection prevention, directly or through third parties (Agencies/Debt collection companies, law firms) to whom the personal data necessary to pursue these purposes will be transmitted.
- Debt assignment to authorised Companies.
- Retention and usage of accounting data concerning timely payments aimed at implementing incentive policies and refusing future contractual relationships.
- Reporting and quality-control activities.
- Technical information communication: Communication and/or notification (via e-mail, messages, notices, postal service, telephone, etc.) of technical information and material relating to contract management and the ongoing Service provision.
b) Moreover, your personal data, if you decide to give your optional consent, will be processed for the following purposes:
- to send you information notes on Commercial initiatives: communication and/or notification (via e-mail, newsletter, messages, notices, postal service, telephone, etc.), also through automated means, concerning commercial information and offers, advertising and promotional material about company and/or third-parties services.
- to communicate information notes on Events: communication and/or notification (via e-mail, newsletter, messages, notices, postal service, telephone, etc.), also through automated means, concerning information materials about events, seminars, and conferences organised directly by the company or by third-party companies.
The provision of your personal data is necessary to pursue the purposes stated in letter a).
Failing to provide data or providing partial or inaccurate information may result in the impossibility to start the supply of the requested service or to continue the supply contract in force.
Moreover, the provision of your personal data for the purposes stated in letter b) is optional, however failing to provide such data will make it impossible for Monolith Srl to implement your request and contact you.
In any event and as better specified in the following paragraphs, you can withdraw your consent, even partially, for example by agreeing to receiving only information notes on events and not on commercial initiatives.
WHOM CAN YOUR PERSONAL DATA BE TRANSMITTED TO?
Your personal data will be processed exclusively by authorised persons and persons appointed as Responsible for data processing in compliance with the GDPR to duly carry out all the processing activities necessary for the purposes stated in this Information report. Your Personal Data can be transmitted to Public Authorities or to the competent Judicial Authority if provided for by the law, or to prevent or restrain the commission of an offence, and in any case, it can be transmitted to:
- the rightful recipients of communications as provided for by the law or regulations (such as, for example, Public Authorities and Offices);
- the recipients of the communications necessary to fulfil obligations set forth by the undersigned contract for the provision of the Service;
- third-party companies specialised in the management of commercial and credit-related information (such as, for example, call centres, data processing centres, banks, etc.);
- companies and/or collaborators managing administrative services that the company employs in order to fulfil its legal or contractual obligations;
- other parties (enterprises, companies, natural persons) who work in collaboration with the Data controller in the framework of the services and supplies it offers.
Personal data of customers under the age of 16 cannot be processed, unless the holder of parental responsibility gives consent to processing.
LEGITIMATE INTEREST OF THE CONTROLLER
The Controller holds the legitimate interest in the transfer of personal data to Companies within the shareholding structure for administrative, analytical and reporting internal purposes.
HOW LONG WILL YOUR PERSONAL DATA BE RETAINED?
Your personal data will be retained for the period necessary to pursue the purposes stated in letter a) above. In particular, your Personal Data will be processed for a period equal to the minimum necessary period or until the termination of the contractual relationship existing between you and the Data Controller, unless a further retention period is required by the laws in force.
Moreover, should you decide to give your optional consent pertaining the commercial purposes stated in letter b), your data will be retained until you decide to explicitly withdraw said consent.
Data relative to CVs that were spontaneously forwarded will be retained for no more than two years from the date of receipt.
Your data will be retained for a further period in case of claims and potential disputes.
HOW CAN YOU WITHDRAW THE GIVEN CONSENT?
You have the right to withdraw the consent you have given to the Controller at all times, totally and/or partially, without prejudice to the lawfulness of the Processing based on the consent given prior to the withdrawal.
To withdraw your consent, contact the Controller at the contact details listed in this information report.
WHERE WILL YOUR DATA BE PROCESSED?
Your Personal Data will be processed by the Controller within the European Union territory.
Should technical and/or operational issues arise and should it be necessary for the company to employ third parties based outside of the European Union, we hereby inform you that said parties will be appointed as Responsible for Data Processing in compliance with and by effects of the provisions in Article 28 of the GDPR, and transfer of your Personal Data to said parties, limited to the performance of specific processing activities, will be governed by a special contract of appointment drawn up in compliance with all the protective measures and guarantees set out in the GDPR.
All necessary measures will be implemented in order to ensure full protection of your Personal Data, as data transfer is based on the evaluation of appropriate guarantees, as for example assessment of the adequacy of third-party countries as set out by the European Commission; adequate guarantees put in place by the third-party recipient Country in compliance with Article 26 of the GDPR.
In any case you can request more details from the Data Controller if your Personal Data has been processed outside of the European Union by requesting proof of the specific guarantees put in place.
WHAT ARE YOUR RIGHTS?
We remind you that you can exercise your rights set out in the GDPR and obtain the following:
- confirmation that there is an ongoing processing activity of your Personal data and access to data and the following information: purposes of the processing, personal data categories, recipients and/or categories of recipients to whom data was and/or will be transmitted, retention period;
- the amendment of inaccurate registration of your Personal data and/or completion of incomplete Personal data, also providing a supplementary statement;
- the elimination of Personal data, when so provided for in the GDPR;
- the limitation of Data processing in the circumstances provided for by the Privacy Regulation in force;
- the portability of your personal data, if feasible and relevant to the service provided;
- the opposition to data processing in any moment, for reasons related to your specific situation, to the processing of your personal data in full compliance with the Privacy Regulation in force.
You can exercise your rights by contacting our company via e-mail at the following address firstname.lastname@example.org, enclosing a copy of your identity document.
You also have the right to lodge a complaint with the competent supervisory authority (Personal Data Protection Officer), in compliance with Art. 77 of the GDPR, should you believe the processing of your data does not comply with the Privacy Regulation in force.