INFORMATION ON THE PROCESSING OF PERSONAL DATA
PURSUANT TO ARTICLES 13 AND 14 OF THE GDPR 2016/679
In compliance with the provisions of the GDPR 2016/679, hereby we inform you, as the "Data Subject", about the purposes of data collection and about the processing of personal data relating to your person, which have been obtained directly and/or indirectly from you, to enable us to carry out our activity according to the current provisions.
We hereby provide you with the correct information on the processing of personal data, as specified below, even with reference to the management of this website. This information is not provided for other websites visited by the user by links or other sharing tools, such as widget and applications which allow to connect and to share contents on social networks or platforms not related to https://videolook-srl.business.site/?utm_source=gmb&utm_medium=referral
- IDENTITY AND CONTACT DETAILS OF THE CONTROLLER
The Controller is VIDEOLOOK S.R.L., with its registered office in Padova, via Rialto n. 3, VAT n. 02103100281, e-mail: firstname.lastname@example.org, pec: email@example.com
- CATEGORIES OF PERSONAL DATA CONCERNED
Personal data processed are the following:
- common personal data (personal, contact, banking and payment data).
- PURPOSES OF THE PROCESSING
As part of the economic activity of the Data Controller, in which the organization and management of events and courses is to be considered, the collected data will be processed by us for the following activities:
- fulfillment of pre-contractual and contractual obligations or execution of pre-contractual measures adopted at the request of the Data Subject;
- fulfillment of the obligations established by laws, regulations and European provisions, requests from the judicial authorities, including administrative and accounting obligations;
- exercise of the rights of the Data Controller including, e.g., the right to recover credits or the right of action and defense in court;
- just in case of specific consent, promotion of products or services offered by the Data Controller by sending material and/or advertising and promotional communications, including e-mail, sms, newsletter or through similar means (so-called direct marketing);
- just in case of specific consent, insertion in homogeneous groups for the application of commercial benefits (e.g. discounts).
- LEGAL BASIS OF THE PROCESSING
For the purposes referred to in point a) of the previous art. 3, the legal basis of the processing is constituted by art. 6 par.1 lett. b) GDPR 679/2016 performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract).
For the purposes referred to in point b) of the previous art. 3, the legal basis of the processing is constituted by art. 6 par.1 lett. c) GDPR 679/2016 (compliance with a legal obligation to which the Controller is subject).
For the purposes referred to in point c) of the previous art. 3, the legal basis of the processing is constituted by art. 6 par. 1 letter f) GDPR 679/2016 (legitimate interests pursued by the Controller to the credit recovery or to take legal actions).
For the purposes referred to in points d) and e) of the previous art. 3, the legal basis of the processing is constituted by art. 6 par. 1 letter a) GDPR 679/2016 (consent to processing of personal data given by the Data Subject).
- RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA
Personal data may be communicated by us exclusively to the third parties indicated below in relation to the above mentioned purposes:
- accounting, tax, legal advisors;
- computer technician for IT assistance and for the maintenance of the website;
- banking institutions;
- shipping and transportation service providers;
- public entities, judicial, financial and other institutions, if required by laws, regulations, European provisions.
Personal data may also be known by the staff specifically appointed by the Controller who may provides for the management of data, in relation to the purposes indicated above.
The specific identification data of the aforementioned third parties may be known by you at any time through the exercise of the right of access recognized to you and without prejudice to any legal limitations in this regard.
Personal data will not be disseminated.
- AIM OF THE CONTROLLER TO TRANSFER PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION
The Data Controller does not have the aim to transfer personal data to a third country or international organization.
If in the future the collected data should eventually be transferred to a third country or to an international organization, the transfer will take place in compliance with the conditions set out in the GDPR 679/2016.
- THE PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
Collected data will be stored as follows.
- Necessary Data for the purpose of the pre-contractual relationship: for the time strictly necessary for the possible finalization of the contractual relationship and, in any case, for a period of time not exceeding 1 year from the collection.
- Necessary Data for the fulfillment/management of the contractual relationship/requested services and performances: for the entire duration of the contractual relationship, for the time strictly necessary for the fulfillment of the requested services and performances and, in any case, for a further period of 5 years exceeding the termination of the relationship, without prejudice to any further warranty period provided for by law or by the contract.
- Accounting records, invoices and correspondence: 10 years, as established by law.
- Necessary Data for credit recovery activity: up to completion of this activity.
- Necessary Data for the management of any litigation: up to the definition of the dispute itself.
- Necessary Data for marketing activities: for the entire duration of the contractual relationship / for the execution of the services and services requested or for the 5 years following the termination of the same or, in any case, up to the revocation of the consent or the exercise of the right to object and to erasure of personal data.
- Necessary Data for the insertion in homogeneous groups for the application of commercial benefits: for the entire duration of the contractual relationship / for the execution of the services and services requested or, in any case, up to the revocation of the consent or the exercise of the right to object and to erasure of personal data.
Any longer period of conservation remains in the event that these derive from legal, accounting and/or tax obligations.
After the retention period, as described above, we will proceed to the entire elimination of data provided by you.
- RIGHTS OF THE DATA SUBJECT
The GDPR 2016/679 acknowledges the following rights to the Data Subject:
- Right of access – art. 15;
- Right to rectification - art. 16;
- Right to erasure (‘right to be forgotten’) - art. 17;
- Right to restriction of processing - art. 18;
- Right to data portability - art. 20;
- Right to object – art. 21;
- Right to automated individual decision-making – art. 22;
- Right to withdraw the consent at any time without affecting of the lawfulness of processing based on consent before its withdrawal – art. 7;
- Right to lodge a complaint with a supervisory authority – art. 77;
- Right to an effective judicial remedy against a supervisory authority (art. 78) and against the Controller or processor (art. 79).
For the exercise of the abovementioned rights from a) to h) the Data Subject has to contact the Data Controller.
- SOURCE FROM WHICH THE PERSONAL DATA ORIGINATE
Personal data may be collected directly from you.
Otherwise, your personal data may have been collected from sources accessible to the public including, in particular, databases available in the national Chambers of Commerce.
- LEGAL NATURE OF THE DATA COLLECTION
The provision of personal data by the Data Subject for the purposes referred to in the previous art. 3 lett. a) b), c) is not mandatory, but it is necessary to carry out the legal relationship underlying the processing. In case of failing in providing such data the contractual obligation may not be fulfilled.
The provision of personal data by the Data Subject for the purposes referred to in the previous art. 3 lett. d) and e) is optional and it is only necessary for the fulfillment of the ancillary services of the legal relationship. You are free to choose not to provide any data or to withdraw afterwards the possibility to processing data. In this case you will not take any advantage of the above mentioned purposes.
It is up to the Data Subject to promptly notify the Data Controller of any changes concerning personal data.
- AUTOMATED DECISION-MAKING, INCLUDING PROFILING
Collected data will not be subject to automated decision-making, including profiling.
Personal data provided, in case of consent, may be subject to inclusion in homogeneous groups, through human intervention, for the application of commercial benefits (e.g. discounts).
- THE DATA PROCESSING
Collected data will be processed as follows in compliance with the GDPR 2016/679 provisions:
- the access to data and files will be allowed to persons who, under the direct authority of the Controller or processor, are authorised to process personal data;
- the protection and systematic monitoring of personal data through appropriate actions;
- the data recording and processing through information systems or files or paper means and organization of paper and computer files;
- the review and change of personal data on a possible request from the customer/supplier/user.
- RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
The Data Subject has the right to lodge a complaint with the supervisory authority in the event of any kind of violation of the GDPR 2016/679. The supervisory authority is the Garante per la Protezione dei dati personali