PERSONAL DATA PROCESSING POLICY
(see Articles 12 and 13 of EU Regulation 2016/679 of the European Parliament and of the Council)
Setik Srl Company with registered office at Via San Carlo, 78/B – 20811 Cesano Maderno (MB) , VAT number 09729650961, In his/her capacity as Data Controller, hereby informs you that Regulation EU 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation") lays down rules on the protection of natural persons with regard to the processing of personal data, as well as rules on the free movement of such data.
The Regulation protects the fundamental rights and freedoms of natural persons, in particular the right to the protection of personal data.
The Data Controller (natural or legal person who determines the purposes and means of processing of personal data) takes appropriate measures to provide the data subject with all the information relating to data treatment.
According to the above-mentioned regulation, data treatment will be based on principles of fairness, lawfulness and transparency and protection of your privacy and your rights.
Pursuant to Article 12 and 13 of EU Regulation 2016/679, in case of collection of data concerning him/her from the data subject, the Data Controller shall provide the data subject, when the personal data are obtained, with the following information:
1.Subject to processing
The Data Controller processes personal data concerning an identified or identifiable natural person (data subject) such as name, surname, identification number, company name, address, telephone number, e-mail, bank and payment details etc. communicated by you when entering into a contract for the services provided by the Data Controller.
2.Data Controller and Representative of the Data Controller
The Data Controller is: Setik Srl
c/o Meta Research Company with registered office Via San Carlo 78/B – 20811 Cesano Maderno (MB)
The representative of the Data Controller (where applicable) is: Not appointed.
The updated list of the DPOs (where applicable) and Data Processors is kept at the registered office of the Data Controller.
3.Data Protection Officer (if applicable)
The Data Protection Officer is: Not appointed.
4.Purpose of data processing
The data you provide will be processed without your explicit consent for the following purposes:
1A) subordinate employment relationship
2A) performance of a contract
3A) execution of pre-contractual measures
5A) Market research, made by personal or telephone interviews, questionnaires
7A) pursuit of the legitimate interests of the Controller or of a third party.
The processing of data is lawful as:
1B) the data subject has given his consent to the processing of his personal data,
2B) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract,
3B) processing is necessary to fulfil a legal obligation to which the controller is subject,
4B processing is necessary for the legitimate interest of the controller or of a third party, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is a child, are not overriding.
The Data Controller, pursuant to Article 13 paragraph 3, undertakes not to use any personal data acquired for purposes other than those for which they were collected, without having provided further information to the data subject on that other purpose and any other relevant information referred to in paragraph 2, or without having requested additional consent (where required).
5.Legitimate interests of the Data Controller (where applicable, i.e. only if the conditions of lawfulness of the data processing referred to in point 4 are addressed in 4B)
Data processing is based on the following legitimate interest: defence of legal claims in court proceedings.
6.Methods of data processing
The processing of personal data is carried out by means of the operations indicated in Article. 4, paragraph 2) and specifically: the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or destruction;
The processing of data takes place through the use of tools and procedures to ensure security and confidentiality.
The processing of personal data will be carried out in the following ways:
- manual entry, on paper
- manual entry, computerised (no automated decision-making)
7.Dissemination of data
Without the need for explicit consent (see Article 6 letter. b) and c)), the Data Controller may communicate your data for the above purposes to supervisory bodies, judicial authorities, insurance companies, as well as to those persons to whom communication is required by law for the above purposes. These subjects will process the data in their capacity as independent data controllers.
- Data may/will be communicated to the following categories of recipients: third-party managers who take part in the business process only to fulfil specific legal obligations and in compliance with contractual obligations, public and private bodies for social security, welfare and insurance purposes
8.Dissemination of data to a third country or international organisation
- Personal data will not be transferred to a third country or international organisation.
9.Nature of data provision and consequences of refusal to respond
The Data Controller shall inform the data subject whether the disclosure of personal data is a legal or contractual obligation or a necessary requirement for the conclusion of a contract, and whether the data subject is obliged to provide personal data, as well as the possible consequences of failure to disclose such data;
The provision of data is:
- mandatory (Point 4, letter A)
In the event that the provision of data for the purposes indicated is mandatory, the reason for the obligation is due to the performance of a contract or pre-contractual measures.
In the event that the provision of data for the purposes indicated is mandatory, any refusal to provide such data:
- may result in non-performance of the contract,
- may result in partial performance of the contract,
- failure to continue the relationship,
- failure to provide services.
The Data Processor will process personal data for the time strictly necessary to fulfil the above purposes and in any case for no longer than 10 years from the termination of the relationship for the purposes of the service.
- The personal data processed will be kept until: 10 years after the withdrawal of the contract.
11.Rights of the data subject
At any time, the data subject may exercise his/her rights with regard to the Data Controller.
Article 13 letter b) of EU Regulation 2016/679, states that when personal data are obtained from the data subject, the data controller provides him/her with information on the following rights necessary to ensure proper and transparent processing of personal data:
- Right of access (Article 15)
- Right to rectification (Article 16)
- Right to erasure (Article 17)
- Right to restriction of processing (Article 18)
- Right to object (Article 21)
- Right to data portability (Article 20).
In addition to the rights set out in Article 13, the EU Regulation provides that the data subject may exercise further rights:
- Right to withdraw consent (Article 7)
- Right to lodge a complaint with a supervisory authority (Article 77).
The articles dealing specifically with the individual rights of the data subject are set out in the Annex.
12.Right to withdraw consent (Article 7)
Article 7, paragraph 3) states that the data subject has the right to withdraw his or her consent at any time in the following cases:
- if the processing is based on the consent given to the processing of their data for one or more specific purposes (Article 6, paragraph 1, letter a)),
- where the processing concerns special categories of personal data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or sex life or sexual orientation) and is based on the consent given to the processing of personal data for one or more specific purposes (Article 9, paragraph 2, letter a)).
Withdrawal of consent shall not affect the lawfulness of processing based on the consent given prior to withdrawal.
Before giving consent, the data subject shall be informed thereof . Consent shall be as easy to withdraw as it is given.
13. Right to complain to a supervisory authority (Article 77)
Article 77 provides that where the data subject, considers that the processing of his/her data is infringes this Regulation, he/she has the right to lodge a complaint with a supervisory authority, in particular in the Member State where he/she has his/her habitual residence, place of work or the place of the alleged infringement. This is without prejudice to any other administrative or judicial remedy.
The data controller shall inform the data subject of the possibility of lodging a complaint with a supervisory authority and of seeking judicial remedy.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the state or outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78.
The data subject shall also have the right to an effective judicial remedy where the supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged. This is without prejudice to any other administrative or judicial remedy.
14. Procedures for exercising the rights of the data subject
The data subject may at any time exercise their rights by sending a registered letter to the Data Controller and/or to the Data Processor (if appointed):
- a registered letter with return receipt to the following address: Meta Research Company with registered office Via San Carlo 78/B – 20811 Cesano Maderno (MB); Tel +39 0362 1855440 Fax +39 02 45503999
- an e-mail to the address: info(@)setik.biz
The Data Controller
Setik may change this statement at any time. Any changes in this statement will become effective when we make the revised statement available on or through the Site.
QUESTIONS, COMPLAINTS OR ADVISES
For any further information or if you want to give an advise or to complain about something, please email us at the following address: info(@)setik.biz