we inform you that Regulation (EU) 2016/679 (“European General Data Protection Regulation”) provides for the protection of individuals and other data subjects, and requires respect for the processing of Personal Data. In accordance with Articles 13 and 14 we therefore provide you with the following information.
Contact information about Data Controller and Responsible for Data Protection
DAT instruments srl, Via Mestre 12, 21050 Cairate (VA), Italy, firstname.lastname@example.org.
Purpose and legal basis for the data processing
Your Personal Data are collected to enable the Controller to legally supply its own services, and for the following purposes: statistics, displaying the contents of external platforms, interacting with the social networks and external platforms, contacting Users. User’s Personal Data are also used to:
– send newsletters;
– make statistics and market research;
– send editorial material (e-book, white paper, …);
– invite to events and meetings;
– send commercial news;
– send commercial offers and quotations;
– processing of orders for products and services;
– fulfillment of legal and tax obligations.
Source, Type of personal data and Purpose
Data Processing method
The Data Controller will Process the your Personal Data by taking all convenient safety measures aimed at preventing any unauthorized access, diffusion, alteration or destruction of such Personal Data. Data are Processed by means of IT and/or telematic tools, by implementing organizational methods and strategies that are connected to the purposes of the activity.
Scope of disclosure and communication of your data
In some cases, some roles other than the Controller may have access to Personal Data. These roles include the organizers of the website (i.e. staff of administration, marketing, legal services, system administration) and external suppliers (e.g. providers of technical services, mail couriers, hosting providers, IT companies, communication agencies), who will be appointed, if required, as Data Processors by the Data Controller. You are entitled to ask the Data Controller for an updated list of Data Processors at any time.
Your Personal Data will be kept for as long as you are our Client, and also after that period to comply with legal or fiscal obligations. You are entitled to request the interruption or cancellation of the Processing at any time.
Rights of the Data Subject (Reg. UE 2016/679)
Art. 15 (right of access), 16 (right to rectification)
The Data Subject may obtain confirmation from the Data Controller of whether or not his or her Personal Data is currently being Processed, and if so may obtain access to that Data, and to the following information:
a) the purposes of Processing;
b) the categories of Personal Data concerned;
c) the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the Controller rectification or erasure of Personal Data or restriction of Processing of Personal Data concerning the Data Subject or to object to such Processing;
f) the right to lodge a complaint with a Supervisory Authority;
g) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such Processing for the Data Subject.
Art. 17 (right to erasure)
The Data Subject may obtain, from the Data Controller, the erasure of his/her Personal Data, without unjustified delay. The Data Controller must erase the Personal Data without unjustified delay for one of the following reasons:
a) the Personal Data is no longer required for the purpose for which it was obtained or processed;
b) the Data Subject withdraws the consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of Regulation (EU) 2016/679, and where there is no other legal ground for the Processing;
c) the Data Subject objects to the processing pursuant to Article 21(1) of Regulation (EU) 2016/679 and there are no overriding legitimate grounds for the Processing, or the Data Subject objects to the Processing pursuant to Article 21(2) of Regulation (EU) 2016/679;
d) the Personal Data has been unlawfully processed;
e) the Personal Data has to be erased for compliance with a legal obligation under the laws of the European Union or Member State to which the Controller is subject;
f) the Personal Data has been collected in relation to the offer of information society services referred to in Article 8(1) of Regulation (EU) EU 2016/679
Art. 18 (right to restriction of processing)
The Data Subject may obtain a limitation of the Data Processing, from the Data Controller, in one of the following cases:
a) the Data Subject disputes the accuracy of the Personal Data, for the period required by the Data Controller for checking such accuracy;
b) the processing is unlawful and the data subject opposes the erasure of the Personal Data and requests the restriction of its use instead;
c) the Data Controller no longer needs the personal data for the purposes of the Processing, but it is required by the data subject for the establishment, exercise or defence of legal claims;
d) the Data Subject has objected to processing pursuant to Article 21(1) of Regulation (EU) 2016/679, pending verification whether the legitimate grounds of the controller override those of the Data Subject.
Art.20 (right to data portability)
The Data Subject shall have the right to receive the Personal Data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from the Controller to which the Personal Data has been provided.
Revocation of consent to processing
The Data Subject may revoke consent to the Processing of his or her Personal Data, by contacting the Data Controller.