20tab S.r.l., C.F. and P. IVA 11955811002, with registered office in Rome (00185), Via Merulana, 19, registered with the Rome Companies Register under no. RM - 1339533, represented by its legal representative pro tempore as data controller (hereinafter "Data Controller"),
INFORMS YOU
that pursuant to Regulation (EU) 2016/679, concerning the protection of individuals with regard to the processing of personal data (hereinafter, "GDPR"), personal data will be processed in compliance with the aforementioned regulation and in the manner and for the purposes specified below.
1 - PURPOSE AND NATURE OF DATA PROCESSING
The personal data voluntarily communicated or lawfully collected by the Data Controller are processed using manual and/or computerized and telematic tools, as well as organizational and processing logic strictly related to the specified purposes and in any case in a manner that guarantees the security, integrity, availability, and confidentiality of personal data.
In particular, the following personal data may be processed:
- Identification Data: data that allow the data controller to identify the data subject, such as personal details (name, surname, tax code, VAT number, email, phone number, hereinafter "personal data" or also "data").
- Economic and Financial Data: data necessary to manage payments (e.g., IBAN code) or to prove the execution of payments (payment identification details).
- Contact Data: contact information of the data subject (phone numbers, landline and/or mobile, email address) collected by the Data Controller during subscription or throughout the duration of the contract.
2 - PURPOSES OF DATA PROCESSING
The Data Controller processes the personal data described above for the achievement of the following purposes distinguished by legal basis:
2.1 Execution of a contract (art.6 lett. b - GDPR).
Personal data are processed for the following purposes:
a) manage all pre-contractual activities
b) execute the activities subject to the contract and all related operations
c) manage invoicing, payments, and any credit recovery actions arising from the execution of the contract.
2.2 Compliance with a legal obligation (art.6 lett. c - GDPR).
Personal data are processed to comply with obligations provided by law, a regulation, community legislation, or an order of the Public Authority. For example, compliance with tax obligations.
3 - RECIPIENTS OR CATEGORIES OF DATA RECIPIENTS
The personal data described above may be communicated to third-party recipients to execute the contract, to comply with legal obligations, or to perform activities instrumental to the execution of the contract. Therefore, personal data may be communicated for the above-specified purposes to recipients belonging to the following categories:
Employees and collaborators of the Data Controller;
Subjects who carry out commercial activities on behalf of the Data Controller aimed at concluding contracts.
Professionals and consultants in legal and tax matters;
Banking institutions;
Providers of billing, storage, communication management services towards the data subjects, management software.
External subjects who manage/support/assist, even occasionally, the Data Controller in the administration of the information system and telecommunications networks (including email);
Public and private entities and supervisory and control bodies;
The subjects belonging to the above categories will process the data as autonomous data controllers, data processors, or persons authorized to process data. The Data Controller will provide specific instructions to authorized and responsible persons on how to process personal data and ensure their confidentiality, integrity, and availability.
4 - PROVISION OF DATA
The provision of personal data is necessary in all cases where the processing is based on a legal obligation or to execute a contract or to fulfill pre-contractual obligations. In these cases, any refusal by the data subject could result in the Data Controller's inability to conclude the contract. In all other cases, the provision of personal data is voluntary.
5 - TRANSFER OF PERSONAL DATA
Personal data are not transferred outside the European Union.
6 - DURATION OF DATA PROCESSING
Personal data are retained for the entire duration of the contractual relationship and after its conclusion within the terms established by law for the fulfillment of obligations, for example, tax obligations.
For the purposes referred to in point 3.3, the data will be retained until the consent is withdrawn.
7 - DATA SUBJECT'S RIGHTS
The data subject may, at any time, exercise the rights expressed in Articles 15, 16, 17, 18, 19, 20, 21, 22 of Regulation (EU) 2016/679, and in particular:
□ to access personal data; □ to obtain the rectification or erasure of the same or the restriction of processing that concerns them;
□ to object to processing; to data portability;
□ to withdraw consent (the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal); □ to lodge a complaint with the Supervisory Authority (Privacy Guarantor) at the contacts specified on the website www.garanteprivacy.it
You may exercise your rights by sending a request to the Data Controller at the following contacts:
Rome (00185), Via Merulana, 19
Tel: +39 393 869 9454
email: privacy@20tab.com