Legislative Decree n. 196 of 30 June 2003 (Personal Data Protection Code) and Regulation (EC) 2016/679 of the European Parliament and of the Council dated 27 April 2016 protect natural persons and other entities with respect to personal data processing. In compliance with the abovementioned regulations, personal data processing follows the principles of fairness, lawfulness, transparency, and protection of your privacy and rights. In order for STS SRL to meet its own obligations, you will be requested to provide all the personal information necessary to enforce any agreement you may have entered into with us.
1.Purpose of the Processing
Your personal data — which we hold on record and which you have given to us on your own initiative — will be processed fairly and for the sole purpose of providing the products and services required by the User.
Your data will be processed for the purpose of meeting such contractual obligations as accounting, invoicing, creditor management and any other legislative provision.
2.Methods of Processing
The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the data. The data processing may be carried out using computers and/or IT enabled tools as well as organisational procedures and modes strictly related to the purposes indicated.
3.Third-Party Data Collection and Use
Your data will be processed by the appointed Data Controller, Data Processors as well as staff members in charge of the processing. These members will be specifically appointed by our Company and will be bound to professional confidentiality and discretion.
Your data may be disclosed to third parties exclusively for technical and operational reasons connected to the abovementioned purposes. Notably, they may be disclosed to the following categories:
- Legal entities, professionals, companies and other institutions appointed as Data Processors by our Company for the fulfilment of administrative, accounting and management obligations related to the ordinary course of business of our Company, including debt collection;
- Companies, corporate entities or consortia and professionals collaborating with our Company as third-party technical service providers, notably our attorneys and consultants.
- Public authorities and administrations for the purpose of meeting legal obligations;
- Public and private social security agencies entrusted with carrying out work on behalf of our Company and to which the disclosure of your personal data proves necessary to fulfil our contractual and / or commercial obligations towards you;
- Banks, financial institutions and other entities which may need your personal data in order to carry out activities on our Company's behalf, thus enabling us to fulfil the contractual and/or commercial obligations towards you;
- Persons entitled to access your personal data by law, secondary or community legislation, as well as by specific contracts and agreements;
- Persons or legal entities to which your personal data are strictly necessary to meet the contractual obligations in place.
4.Data Retention and Destruction
Your data will be processed throughout the whole duration of the contract and, in any case, for as long as the purpose for which the information was collected continues. They will be retained for Live (5) years subsequent to our last processing for purposes related to the fulfilment of obligations on the part of our Company, notably with regard to accounting entries. They will be retained for ten (10) years solely for tax-related purposes, and not for personal purposes or for any other use which may result in harm or damage to the User.
Your data may be transferred to other European Union member countries in compliance with current legislation in those cases where it enables our Company to fulfil contractual or commercial obligations.
Furthermore, if necessary, your data may possibly be exported, in accordance with current legislation, to a third country. In this case, the third country will still be a country for which an adequacy decision of the Commission exists.
6.Mandatory or Optional Nature of the Information Provided by the User and Consequences of Data Provision Failure
Pursuant to article 13 of Legislative Decree n.196/2003, as well as to articles 13 and 14 of Regulation (EC) 2016/679 of the European Parliament and the Council of 27 April 2016, failure to provide requested personal may make it impossible for our Company to meet our contractual obligations. Accordingly, failure to provide requested personal data may compromise the validity of the terms of an agreement entered into with our Company.
7.Data Subject Access Request and Further Rights [article 7 of Legislative Decree n.196/2003 — articles 15-22 Regulation (EC) 2016/679 of the European Parliament and the Council of 27 April 2016]
The abovementioned regulations give Users the right to access their own personal data held by the Data Controller even prior to data entrance Accordingly, you have a right to clear information about the potential existence of data that might concern you, even when they haven't been entered yet.
You also have the right to access information about: the source of the personal data held, their intended purpose and processing method, their destruction, the logics behind their possible processing through digital devices: the personal details of the Data Controller, Data Processor, and of other staff members or contractors who may be in charge of processing your personal data; the individuals and categories of individuals with whom your personal data may be shared or those who may access them in their capacity as legal representatives within the state's territory.
You have the right to access information about: updates, amendments (that is, integration of new data), destruction, anonymous modification or blocking of data that have been unlawfully disclosed or processed, including those failing to serve the purposes for which they have been collected and processed. You also have the right to request that any of the abovementioned actions taken will be notified to anyone who may have subsequently accessed your personal data, except when such a notification proves impossible or entails the use of means that are manifestly disproportionate to the right safeguarded thereby.
You have the right to (partially or completely) object to, on legitimate grounds: the processing of your personal data, albeit relevant to the purpose of their collection; as well the processing of personal data for the purpose of direct marketing.
&Consent and User's Rights
In case of multiple contracts entered into with us, please note that the consent given on one occasion remains valid on subsequent occasions. You have the right to amend or revoke your consent at any time through the same procedure as you originally followed to give your own consent.
Revoking your consent does not retroactively invalidate any lawful personal data processing prior to revocation.
9.Data Protection Authority
Should you believe that a data breach has occurred, you can notify it to the Data Protection Authority. Written reports can be sent:
- via regular mail addressed to 'Garante per la protezione dei dati personali', Piazza di Monte Citorio, 121 00186 Roma;
- via e-mail to firstname.lastname@example.org, or email@example.com
- a) via fax to 06/69677.3785.
For further details about the notification procedure and / or administrative fees, please check out the following website: www.qaranteprivacy.it
10.Data Controller and Processor
Data Controller: STS SRL, registered office: Via Caporalino, 13/A - 25060 Cellatica (Brescia) - Tel. +39.030.2522106 / +39.030.2527777 - Fax. +39.030.2522636— e-mail: infosts-qroup.it — VAT Number: 03156290177.
Data Processor: Mr. Vittorio Maraglio. Should you need to contact the Data Processor, please turn to the Data Controller so that they can forward your request.
Further details on staff members in charge of data processing are available on our website, www.sts-oroup.it, where you will also find the updated list of the staff members and external contractors in charge of data processing.