PRIVACY POLICY
Information notice pursuant to and for the purposes of Art. 13-14, EU Reg 2016/679
(European General Data Protection Regulation)
Reg. EU 2016/679 (“European General Data Protection Regulation”) provides for the protection of individuals and other subjects and respect for the processing of personal data.
Pursuant to Articles 13 and 14, therefore, we provide you with the following information:
1. Purpose and legal basis for the processing of data
The processing of the personal data provided by you is aimed solely at fulfilling contractual obligations and meeting your specific requests, as well as complying with regulatory obligations, particularly accounting and tax requirements.
The legal basis for processing refers to the source/origin/justification of the processing in a legal provision, in the performance of a contract, or in the satisfaction of a request from the data subject.
For the purposes of the indicated processing, the controller may become aware of data defined as “sensitive” under EU Reg 2016/679, such as those capable of revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership in parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, health status, and sexual life.
2. Source of personal data
The personal data processed are those provided by the data subject during:
– interactions through the website;
– requests for information, including via email and telephone;
– previous transactions.
3. Processing methods
In relation to the indicated purposes, your data are subject to electronic and paper processing. Processing operations are implemented in a way that ensures the logical and physical security and confidentiality of your personal data.
4. Nature of personal data
Your personal data relating to the performance of the service requested by you are subject to processing.
Consent to the provision of your personal data is mandatory in order to execute the existing contract or the requested services and to fulfill the obligations arising therefrom, including legal requirements.
5. Scope of communication and dissemination of data
Your data may be communicated to:
all subjects whose right of access to such data is recognized by virtue of regulatory provisions;
our collaborators and employees, within the scope of their respective duties;
all those natural and/or legal persons, public and/or private, when communication is necessary or functional for the performance of our activities and in the manners and for the purposes illustrated above;
6. Methods and duration of personal data retention.
The Controller, the processors, and the persons authorized to process the data (persons in charge) will process personal data for the time necessary to fulfill the aforementioned purposes and, in any case, for no more than 10 years from the termination of the relationship where provided for or made necessary by current regulations, unless longer limitation periods apply.
7. Rights of the data subject
7.1 Art. 15 (right of access), 16 (right to rectification) of Reg. EU 2016/679
The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning them are being processed and, if so, to obtain access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
7.2 Right referred to in Art. 17 of Reg. EU 2016/679 – right to erasure (“right to be forgotten”)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning them without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to Article 6(1), point (a), or Article 9(2), point (a), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of Reg. EU 2016/679
7.3 Right referred to in Art. 18 Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) of EU Reg 2016/679 pending the verification whether the legitimate grounds of the controller override those of the data subject.
7.4 Right referred to in Art. 20 Right to data portability
The data subject shall have the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller
Withdrawal of consent to processing
The data subject has the right to withdraw consent to the processing of their personal data by contacting the Data Controller.
Data Controller
PANAMA EDITORE SRL
Via Bernardo Quaranta 52
20139 – Milan
tel. 02 535 811-111
info@panamaeditore.it
VAT and Tax Code 06567431009