Policy of data use
Information on personal data from the data subject pursuant to art. 13 of the General Data Protection Regulation (GDPR)
Pursuant to art. 13 of the GDPR (EU regulation 2016/679), the following information is provided, in line with the principle of transparency, in order to make the user aware of the characteristics and methods of data processing.
1 – Identity and contact data
We inform you that the “owner” of the treatment is: Biozeta s.a.s. Legal representative: Stefano Zenti Office in Italy in via Ponchielli 10, chap: 37131; city: Verona. The following contact details are given: telephone: 0455118266 e-mail address: firstname.lastname@example.org certified e-mail box (Pec): email@example.com
2 – Contact details of the person in charge of personal data protection (DPO) if required or if present
Not falling, the Biozeta s.a.s company, in the cases provided for by art. 37 (1) of the GDPR, the Data Protection Officer has not been designated.
3 – Purposes of processing, legal basis and legitimate interest
The processing of personal data requested by the data subject is made for the following purposes:
• a) connected and instrumental to the activation and operation of the services provided by this company
• b) to send you notifications about your activities to the user
• c) for statistical, study and market research purposes, as well as for the fulfillment of obligations under the law, regulations and / or Community legislation
• d) for marketing purposes
The communication of data is an essential requirement for the fulfillment of contractual obligations. Failure to provide personal data will result in the inability to provide the requested services. The processing of personal data may be carried out on paper and / or with the help of IT tools, connected or not on the network, with logic strictly related to the stated purposes and, in any case, in order to guarantee the security and confidentiality of the data .
The treatment is lawful as, in this case, there are one or more of the following conditions:
1. The data subject has given consent for one or more purposes (Article 6 (1) (a).
2. Processing is necessary for the performance of a contract of which the person concerned is a party or of pre-contractual measures required by him (Article 6 (1) (b)).
3. Processing is necessary to fulfill a legal obligation to which the data controller is subject (Article 6 (1) (c)).
4. Processing is necessary for the pursuit of the legitimate interest of the data controller to comply with the contractual obligations signed between the parties.
4 – Recipients and any categories of recipients of personal data
The data are processed within the institution by authorized data processing subjects under the responsibility of the Data Controller for the purposes set out above. The data may be communicated to the following external processors who have entered into specific agreements, conventions or protocols of agreements, contracts with the data controller. The data may be communicated to the following categories of recipients: External consultants of Biozeta s.a.s. (by way of example and not exhaustive: legal consultants, labor consultants, business studies); companies holding digital platforms for the management, updating and retention of data.
5 – Data transfer to third country (not part of the European Union)
The Owner, in accordance with the provisions of the Community legislation, may transfer the data to subsidiaries with registered offices in a country that is not part of the European Union. The Data Controller will transfer the data to a third country for which there is an adequacy decision of the Commission or, the reference to appropriate or appropriate guarantees and the means to obtain a copy of such data or the place where they were made available (in the case of transfers referred to in Article 46 or 47, or in Article 49, second paragraph of the GDPR).
6 – Data retention period
The duration of data retention is established based on the existence of one or more of the purposes set out in point 3, numbers 1 to 4 of this information note, with particular regard to what is established in the contract.
7 – Data rights
Please note that, with reference to your personal data, you can exercise the following rights:
1. right to access your personal data; right to obtain rectification or cancellation of the same or limitation of the processing that concerns him;
2. right to oppose the treatment;
3. right to data portability (law applicable to data only in electronic format), as governed by art. 20 of the GDPR.
We inform you that if the processing of data is based on Article 6, paragraph 1, letter a) of EU regulation 2016/679, you have the right to withdraw your consent at any time without prejudice to the lawfulness of the treatment based on consent before revocation. With regard to the methods of exercising the aforementioned rights, the interested party may write to: firstname.lastname@example.org
8 – Complaint
The interested party is informed that he has the right to lodge a complaint with the supervisory authority and can contact the Privacy Guarantor. For more information, see v. the institutional website of the Privacy Guarantor www.garanteprivacy.it
9 – Data communications
We inform you that the communication of personal data is a contractual obligation and a necessary requirement for the conclusion of a contract.
10 – Provision of data
The provision of data is mandatory because the communication of data is a contractual obligation and a necessary requirement for the conclusion of the contract. Failure to provide the data will not allow the person concerned to proceed with the completion of the procedure.
11 – Different purposes of treatment
If the data controller intends to further process the personal data for a different purpose than that for which they were collected, before such further processing, the data controller will provide the data subject with information on this different purpose and any other relevant information.
12 – Profiling
The holder uses automated processes aimed at profiling.
For personal data, pursuant to art. 4, first paragraph, lett. a) GDPR means: “any information concerning an identified or identifiable natural person (” concerned “), identifying the natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, a number of identification, location data, an online identifier or one or more characteristic elements of its physical, physiological, genetic, psychological, economic, cultural or social identity “.