Statement on the protection of personal data (Privacy Policy)
According to the Legislative Decree no. 196/2003 (Code regarding the protection of personal data) and to the EU Regulation 2016/679
Principles
According to the Article nr. 5 of the EU Regulation 2016/679, personal data are processed in compliance of the following principles:
- lawfulness, fairness and transparency,
- purpose limitation,
- data minimisation,
- accuracy,
- storage limitation,
- integrity and confidentiality,
- accountability of the controller.
Data controller
Data controller is Dott. Andrea Pagnoni (C.F. PGNNDR75S26F704S) as independent contractor (VAT registration number 10282000966).
What personal data and why
A) Personal data in the context of a professional assignment
Following personal data:
- e-mail address, name; surname; location address; telephone number
- designation, address, telephone / fax number of the organisation or institution to which the data subject belongs
- invoice data: social security number, VAT registration number, signature, bank details (IBAN code and relaterd data)
are collected, kept and processed for one or more of the following purposes:
- properly and fully carry out professional services requested by the data subject;
- comply with rights and obligations of those involved in the professional services (e.g. applying rules on tax, welfare, health and safety at work)
The provision of personal data is mandatory, otherwise it is impossible to achieve the specific purpose of the treatment.
B) Personal data outside a professional assignment
Following personal data:
- e-mail address, name; surname; location address; telephone number
- designation, address, telephone / fax number of the organisation or institution to which the data subject belongs
are collected, kept and processed for one or more of the following purposes:
- collect, analyze and respond to the specific request or communication of the data subject;
- submit to the data subject technical-economic offers for professional services;
- provide the data subject with technical-scientific information material;
- send to the data subject promotional communications relating to acoustic products and services.
The provision of personal data is mandatory only if the refusal to make them available compromises the possibility of achieving the specific purpose of the treatment.
Methods of processing personal data
Data processing will be carried out with or without the help of electronic means, concerning the collection, recording, organisation, keeping, interrogation, elaboration, modification, selection, retrieval, comparison, utilization, interconnection, blocking, communication, dissemination, erasure and destruction of data, whether the latter are contained or not in a data bank.
The collected data will be registered:
- in the electronic registration database and in working directories created by the data controller, saved in the PC and on a separate backup hardware support;
- at servers and email clients.
Communication and disclosing of personal data
Communication of personal data can occur to one or more recipients, only if functional to the purposes of the processing specified in this Statement.
The data controller will not share personal data with third parties for direct marketing, unless this is functional to carry out the professional task or to respond to the request of the data subject.
Communication will not occur with regard to personal data that must be erased by order, or else upon expiry of the term specified hereafter.
Personal data will not be disclosed to indeterminate subjects, without prejudice to the right of the data controller to disclose data in general anonymous form, also for informational / promotional purposes.
The communication or dissemination of personal data is reserved as requested, pursuant to law, by police, judicial authorities, intelligence and security agencies and other public bodies, for purposes of defence or relating to State security, or for the prevention, detection or suppression of offences.
How long are personal data kept ?
Personal data are kept for maximum 5 years by the last communication between the data controller and the data subject, and deleted thereafter, unless an enquiry is in progress. Then the data will be kept for the time necessary to the conclusion of the enquiry.
Security measures to protect personal data
The data controller has put in place, and regularly reviews and updates, appropriate physical and electronic procedures to safeguard and help prevent unauthorized access, maintain data security and correctly use the data collected.
Following security measures are adopted in particular:
- Data processing with the help of electronic means: computerised authentication (set of electronic tools and procedures to verify identity also indirectly, so that only the data controller can access the personal data registered, using the personal username and password), protection of electronic tools and data (with respect to illicit data processing, non-permitted accesses and certain computer programs) through dedicated software, procedures for the safekeeping of backup copies and restoration of data availability;
- Data processing without the help of electronic means: procedures for appropriate custody and storage of records and documents in archives.
In case of termination, for any reason, of a treatment, the data are destroyed or stored for the maximum time indicated above for documentary purposes only, not intended for systematic communication or dissemination.
Rights of the data subject
The data subject can exercise the rights foreseen by the art. 7 of Legislative Decree no. 196/2003, including the right to know the origin of the data, the cancellation, transformation into anonymous form and blocking of data processed in violation of the law, as well as the right to object for legitimate reasons to the treatment itself.
In particular, by sending an e-mail to andrea.pagnoni@akustikap.com, the data subject has the right to request a copy of his/her personal details at any time to check the accuracy of the information held and/or to correct or update this information. He/she may also ask his/her personal information to be deleted completely if no enquiry from he/she nor any professional service is in progress.
Furthermore, by sending an e-mail to andrea.pagnoni@akustikap.com, the data subject has the right to make complaints.
To protect the data subject’s privacy and security, reasonable steps will be taken to verify the applicant’s identity before granting access or making corrections.
Consent to the processing of personal data
The spontaneous communication of personal data by paper, telephone or data transmission, including the compilation of the appropriate spaces of the site, is equivalent to the acceptance of this Statement and the express consent of the data subject to the processing of the data, with the purposes and according to the methods specified in this Statement.