PURSUANT TO ART. 13 OF EU REGULATION 2016/679 (GDPR)
Supplier Informative Form REV. 00 of 30/06/2020
Dear Data Subject,
with this form STUDIO AMBIENTE SRL makes the information about the processing of personal data acquired, even verbally, directly or through third parties, related to you, necessary for the performance of administrative, accounting, management and contractual services related or resulting from the execution of the contract. This information is provided in accordance with the provisions of art. 13 of EU Reg. 2016/679 (so-called GDPR).
The Data Controller is the company STUDIO AMBIENTE SRL with registered office in via Monte Baldo n. 4 – Dossobuono – 37062 Villafranca di Verona (VR), F.C. and VAT number n. 03427230234, R.E.A. VR-335460, share capital € 10.000,00, tel. +39 045 987304, fax +39 045 8618049, e-mail info@studioambiente.biz, PEC studioambiente@legalmail.it.
Your personal data will be treated for the following purposes:
Given that the processing of data is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject, the legal basis for the treatment is that provided for in Art. 6 par. 1 lett. B) GDPR and therefore the fulfilment of a contract, as well as Art. 6, par. 1 lett. C) GDPR with regard to the fulfilment of legal obligations inherent in or arising from the contract.
The processing will be carried out using electronic, computerised or automated instruments, as well as paper.
The processing is carried out by the Data Controller and by the Data Controller’s collaborators and/or employees in their capacity as authorised data processors, as well as by the data processors specifically identified in writing, within the scope of their respective functions and in compliance with the instructions given by the Data Controller, ensuring the use of suitable measures for the security of the data processed and guaranteeing its confidentiality.
According to the rules of the Regulation, the treatment carried out by the Data Controller will be based on the principles of lawfulness, correctness, transparency, limitation of purposes and storage, data minimisation, accuracy, integrity and confidentiality.
The data will always be processed with the utmost respect for the principle of confidentiality even in the case of management of the same by third parties expressly appointed by the Data Controller.
Your data are not subject to any automated decision-making process.
Your personal data will be kept during the execution of the contract and for a period of ten years after its termination/completion in order to fulfil fiscal and accounting obligations, as well as for judicial protection in case of disputes arising from the contract. The data collected for legal obligations will be kept until the fulfilment of the same and in any case according to the periods/criteria of conservation provided for by the legal obligations to which the Data Controller is subject. The further storage is without prejudice to further preservation if it is necessary for the defence of the Data Controller’s rights.
This information shall also be considered valid for subsequent contracts that you may enter into with the Data Controller.
The personal data provided by you may come to the knowledge of the Data Controller, the persons in charge and/or the data processors. The list of Data Processors, where appointed, is available on request.
Any other categories of recipients who may become aware of your personal data during or after the execution of the contract are:
Unless specifically requested in writing by you, or ordered by A.G./legal obligation, the personal data provided by you are not subject to dissemination.
The data collected will not be transferred to third countries or international organisations.
Some Personal Data of the Data Subject are shared with Recipients that may be found outside the European Economic Area. The Data Controller ensures that the transfer and processing is carried out in compliance with applicable legislation. Indeed, transfers are carried out through adequate guarantees, such as adequacy decisions, standard contractual clauses approved by the European Commission or other legal instruments.
The provision of personal data is not mandatory, however it is necessary for the exact execution of contractual and pre-contractual obligations. The Data Controller specifies that you will only be asked for the data strictly necessary for the conclusion of the contract and for the execution of the obligations or legal obligations deriving from it.
Failure to provide the data from Data Subject makes it impossible to stipulate the contract and to carry out the pre-contractual measures requested by you, and to carry out the exact fulfilment of the contractual obligations, as well as the fulfilments (also legal) deriving from or connected to the contract and, more generally, the impossibility of carrying out the above mentioned activities.
The legislation gives the Data Subject the right to exercise the specific rights listed in art. from 15 to 22 of GDPR, including the right to obtain from the Data Controller confirmation, or not, of the existence of his/her personal data (i.e. access), their availability in an intelligible form, as well as their rectification or cancellation, or to limit in whole or in part the treatment or to oppose for legitimate reasons to the same and/or revoke the consent to the treatment at any time (without prejudice to the consequences indicated), or to request the portability of his/her data as regards the data subject to specific consent, or even the updating.
The Data Subject has the right to know the origin of the data, the purpose and methods of treatment, the logic applied to the treatment, the identification details of the Data Controller and the subjects to whom the data may be communicated.
The Data Subject also has the right to request the transformation into anonymous form, the limitation or blocking of data treated in violation of the law; he or she may also lodge a complaint regarding the unauthorised treatment of data given to the Personal Data Protection Guarantor in the manner published on the site of the said authority (http://www.garanteprivacy.it/).
Requests relating to the exercise of the aforementioned rights may be addressed to the Data Controller, at the addresses indicated above, without formality or, alternatively, using the model provided by the Personal Data Protection Guarantor available on the Website: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.
The exercise of these rights can be exercised by written communication to be sent by PEC or by registered letter addressed to the above mentioned structure.