INFORMATION FOR THE PROCESSING OF PERSONAL DATA IN COMPLIANCE WITH ART. 13 GDPR 679/2016
In compliance with the provisions of the GDPR 679/2016, as an “Interested” in the processing and subsequently also identifiable as a “user” and / or “visitor”, we inform you about the purposes of the collection, the methods of treatment and the type of data personal data acquired in order to comply with the agreements in place with you in compliance with current regulations. This information does not include other websites to which the user can access via links or by means of sharing tools (eg: sharing buttons on social networks, video content integrated in pages linked to social networks, etc.) and in general any content not hosted, not managed and not coming directly from www.sfmstudio.com.
IDENTITY AND CONTACT DETAILS OF THE HOLDER
The Data Controller is Paolo Scagnellato based in Padova (PD), via Lando Landucci 53, VAT number 02663410286, e-mail: firstname.lastname@example.org
CATEGORIES OF PERSONAL DATA IN QUESTION
The personal data we process in the event of a collaboration relationship are the following:
- personal data of the interested party;
- contact details of the interested party;
- curriculum vitae of the interested party;
- banking data;
- tax data;
PURPOSE OF THE TREATMENT
The data is collected in compliance and in full compliance with legal obligations and regulations.
These data are then used to fulfill the tasks:
A. acquisition of information necessary for the completion of pre-contractual / contractual agreements or for the fulfillment of obligations expressly provided for in existing contracts.
B. Normal management of customer / supplier relationships understood as administrative and accounting management:
- sending and receiving invoices;
- execution of the required services;
- receipts and payments;
- any credit recovery;
C. eventual archiving of videos for promotional purposes of the owner’s activity.
LEGAL BASIS OF THE PROCESSING
The legal basis of the processing is the fulfillment of pre-contractual and / or contractual and legal obligations.
RECIPIENTS OF PERSONAL DATA
The personal data collected may be communicated by us exclusively to third parties, as independent owners, indicated below:
- accounting consultant;
- tax advisor;
- legal counsel;
- credit recovery company, should this be necessary;
- banking institutions;
- companies that provide accounting / billing management services and softwares;
- any institution, public body, judicial or financial authority in compliance with laws, regulations, community directives.
The personal data may also be known by the personnel expressly appointed by the Data Controller who will be able to manage the data management operations, in relation to the purposes indicated above. The specific identification data of the aforementioned third parties may be known by you / you at any time through the exercise of the right of access recognized to you / you and without prejudice to any legal limitations in this regard.
The personal data collected will not be disseminated in any way.
Place of processing of the personal data collected
The place in charge of processing the user’s data corresponds to the headquarters of the Data Controller, whether in paper or computerized format. Other data can be stored on storage media and / or external software intrastructures. However, the User Data may be transferred to a country that may be based in countries outside the European Union which nevertheless offer an adequate level of data protection, as established by specific decisions of the European Commission (http://www. garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-intenazionale/trasferimento-dei-dati-verso-paesi-terzi#1). The transfer of user data to countries that do not belong to the European Union / EEA and that do not ensure adequate levels of protection will be carried out only after the conclusion between the Data Controller and said subjects of specific agreements, containing safeguard clauses and appropriate guarantees. for the protection of your data so-called “standard contractual clauses”, also approved by the European Commission, or if the transfer is necessary for the conclusion and execution of a contract between the user and the Data Controller or for the management of his requests .
PERIOD OF CONSERVATION OF THE PERSONAL DATA COLLECTED
The collected data will be stored as follows:
- Data necessary for the purpose of the pre-contractual relationship: for the time strictly necessary for the possible completion of the contractual relationship and, in any case, for a period of time not exceeding 1 year from collection.
- Data necessary for the execution / management of the contractual relationship / execution of the services and services requested: for the entire duration of the contractual relationship and for the time strictly necessary for the execution of the services and requests.
- Accounting records, invoices and correspondence: 10 years, as established by law.
- Data necessary for the credit recovery activity: up to the completion of said activity.
- Photo or video material collected for contractual purposes: depends on the contractual agreements.
- Data necessary for the management of any dispute: up to the definition of the dispute itself. Any longer retention periods remain unaffected, in the event that they derive from legal, accounting and / or tax obligations. After the retention period, as described above, the data provided will be completely eliminated.
RIGHTS OF THE INTERESTED PARTY
In compliance with the provisions of the law and with reference to the GDPR 679/2016, the rights he enjoys are communicated to the interested party:
a) right of access to the data collected and processed – art. 15;
b) right to obtain data rectification – art. 16;
c) right to obtain data cancellation and right to be forgotten – art. 17;
d) right to obtain the limitation of treatment – art. 18;
e) right to data portability to another owner – art. 20;
f) right to object to processing – art. 21;
g) right not to be subjected to automated processing – art. 22;
h) right to withdraw the consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation – art. 7;
i) right to lodge a complaint with the Supervisory Authority – art. 77;
j) right to lodge a judicial appeal against the supervisory authority (Article 78) and against the Data Controller or Data Processor (Article 79).
To exercise the rights referred to in points a) to h), it is necessary to contact the Data Controller.
NATURE OF THE PROVISION
The provision of personal data by the interested party is necessary for the achievement of the aforementioned purposes. Failure to provide the data renders the legal relationship at the basis of the processing impossible.
It is the responsibility of the interested party to promptly notify the Data Controller of any changes concerning the personal data provided.
AUTOMATED DECISION-MAKING PROCESSES INCLUDING PROFILING
The data provided will not be processed by automated decision-making processes, including profiling.
METHOD OF TREATMENT
The data provided will be processed by us in accordance with the provisions of the GDPR 679/2016 and in the following ways:
- The data is collected, recorded, processed and archived both through paper and electronic media.
- Access to data and archives is allowed only to those in charge / authorized to process them.
- The data and the physical or computerized places in which they reside are protected by adequate measures, by way of example: areas not physically accessible in the absence of the persons in charge, digital archives protected by passwords and accessible via encrypted connections;
- At the request of the interested party: verification and modification of data.
In order to improve the experience of users who consult it, this website may contain links to other sites or content hosted on other sites not managed directly by the Data Controller. In turn, such contents contain links to advertisers, sponsors or commercial partners. The site www.themadstudio.it and its managers cannot carry out checks on third parties to which the aforementioned links may refer. Access to other sites and adherence to third party initiatives are governed by the privacy policies and conditions they may have prepared. The Data Controller assumes no responsibility for the aforementioned privacy policies and conditions prepared by third parties.
COMPLAINT TO THE SUPERVISORY AUTHORITY
The interested party has the right to lodge a complaint with the Supervisory Authority in the event that he deems that the processing that concerns him violates the GDPR 679/2016.
The reference Authority is the Guarantor for the Protection of Personal Data