The company RankLab Studio in person of the pro tempore legal representative (VAT number 01395270513) with registered office in Via Mansueto Dotti, 1) (hereinafter, “Owner”), as Data Controller of personal data in accordance with the articles 4 and 28 of the legislative decree 30 June 2003, n. 196 – Privacy Code (hereinafter “Code”) and of articles 4, n. 7) and 24 of EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereafter referred to as the “Rules”) pursuant to art. 13 of the Code and 13 of the Regulations which will proceed to the processing of personal data referred to customers or to those who request information via forms (if they are natural persons).
1. Object of the treatment
The data processed are: personal data; ID card number or passport or driving license, etc .; contact information such as telephone number, e-mail address, etc. (add or change according to requirements).
The personal data mentioned above will be used exclusively for the provision of the service as requested by the customer and for all activities that are instrumental, including the purposes of establishing and managing contractual relationships of any kind, as defined by the sector regulations.
The provision of the requested data is mandatory as necessary to perform the service and any refusal to provide such data could lead to failure to complete or maintain the contractual relationship; the treatment will be carried out both manually and through the use of IT procedures; the data will not be disseminated.
2. Purpose of the processing
The processing of data will be carried out to allow the performance of activities related to the establishment and management of the service requested to the Owner.
The same data will be processed in a lawful manner, according to correctness and with the utmost confidentiality, mainly with electronic and computer tools and stored both on computer media and on paper and on any other suitable support, in compliance with the minimum security measures as well as foreseen by the Code and by the Regulations.
Only if expressly authorized by means of appropriate flag / check the data will be used for sending information.
3. Methods of processing
The processing of personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for:
no later than 10 years from the conclusion of the contract;
no more than 2 years from the request for information.
In case of consent to the processing for sending commercial information, the email that will be inserted in the sending list will be used for the above mentioned purposes until the cancellation by the user and in any case no later than 5 years from the sending of the last email containing commercial information.
4. Access to data
The holder can provide access to personal data to the following subjects (for purposes of fulfillment of obligations related to the relationship established or for purposes of data retention security):
• to employees and collaborators of the Owner in their capacity as authorized persons and / or DPOs and / or system administrators, all formally appointed or appointed;
5. Communication of data
The Data Controller may communicate the data for the purposes referred to in art. 2 to Supervisory Bodies, Judicial Authorities and to all the other subjects to whom the communication is obligatory by law for the accomplishment of the purposes established by law. The aforementioned data will not be disseminated.
6. Storage and Data Transfer
The management and storage of personal data will be carried out on servers located within the European Union of the Owner and / or third-party companies appointed and duly appointed as Data Processors.
Currently the servers are located in Italy.
The data will not be transferred to outside the European Union. In any case it is understood that the Data Controller, if necessary, will have the right to move the server locations to other European Union countries and / or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements guaranteeing an adequate level of protection and / or adopting the provisions standard contractual clauses provided by the European Commission. The data will be transferred only in the case of acquisition or sale of a company or business unit and, in any case, after sending new information to the user.
7. Rights of the interested party
The customer in his capacity as an interested party, has the rights set forth in art. 7 of the Privacy Code and art. 15 of the Rules and precisely:
1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning him / her, even if not yet registered, and their communication in intelligible form.
2. The interested party has the right to obtain the indication:
a) of the origin of personal data;
b) of the purposes and methods of the processing;
c) of the logic applied in case of treatment carried out with the aid of electronic instruments;
d) of the identifying details of the holder, the managers and the representative;
e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.
3. The interested party has the right to obtain:
a) updating, rectification or, when interested, integration of data;
b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right.
4. The interested party has the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him / her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him / her for the pursuit of purposes not contemplated by art. 2.
Where applicable, the interested party also has the rights set forth in articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
8. How to exercise rights
The customer at any time can exercise the rights referred to in the previous article by sending:
□ I consent to the processing of my personal data in the manner and for the purposes set out in this statement.
□ I consent to the sending of commercial information by e-mail