According to the European data protection law (Art. 13, European Regulation 2016/679) the User acknowledges that S.O.G.E.O. srl Impresa Sociale shall undertake to treat the User’s personal data according to the principles of lawfulness, fairness and transparency and protection of confidentiality. Therefore, the User is informed that:
A. DATA CATEGORIES:
The data undergoing the processing may be your personal data such as identification data, personal data and contact data.
B. DATA CONTROLLER:
The Data Controller is S.O.G.E.O. srl Impresa Sociale located in L.go Visconti 4 – 22012 Cernobbio, Como – P.I. 03200630139, contactable by phone at no. 031 3347503 or by email at firstname.lastname@example.org.
C. SOURCE OF PERSONAL DATA:
The personal data held by the Data Controller are collected directly from the data subject.
D. PURPOSE AND LEGAL BASIS FOR PROCESSING DATA:
the processing of your data, collected and stored in relation to the compilation of this form “Contacts”, has as its legal basis your consent (Art. 6, letter A) GDPR) and is carried out to answer to any requests regarding the services we offer.
E. RECIPIENTS AND CATEGORIES OF RECIPIENTS:
within the limits relevant to the processing purposes indicated, your data may be communicated, if necessary, to other subjects related to processing activities, internal and external to the Data Controller, such as employees and assimilated, partners, consulting companies and private companies. Your data will not be spread in any way.
F. TRANSFER OF PERSONAL DATA BETWEEN COUNTRIES:
the data collected may be transferred to third countries outside the European Economic Area, by virtue of an adequacy decision of the Commission or in the presence of appropriate guarantees, to fulfill the aforementioned purposes. Particularly, your data may be communicated to our web hosting located in Switzerland, by virtue of Adequacy Decision 2000/518/EC.
G. DATA RETENTION PERIOD:
in the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it, according to the “storage limitation principle” (Article 5 of GDPR) and, if applicable, as long as required by statutory retention requirements. Checks on the obsolescence of stored data in relation to the purposes for which they were collected are carried out periodically.
H. RIGHTS OF THE DATA SUBJECT:
The data subject has always the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing, as well as the right to data portability, the right to withdraw consent claiming these and other rights provided by the GDPR through a simple communication to the Controller. The data subject shall have the right to lodge a complaint with a supervisory authority.
I. OBLIGATION OF THE DATA SUBJECT TO PROVIDE PERSONAL DATA:
We inform you that the provision of data is optional for some fields and mandatory for others (indicated by an asterisk); failure to provide the data required will cause the non-performance of the requested service.
J. METHODS OF PERSONAL DATA PROCESSING:
The personal data you provided will form the subject of processing operations in compliance with the aforementioned regulations and the confidentiality obligations central to the Controller’s activity. The data will be processed both with IT tools and on paper and any other type of appropriate support, in compliance with the appropriate security measures under the GDPR.
K. AUTOMATED DECISION-MAKING:
we do not use automatic decision-making processes.