Personal data is provided voluntarily by the users. The decision not to provide personal data may impede the processing of requested actions.
Purposes of Data Processing
Voluntarily-provided personal and sensible data shall be processed only for the purpose of meeting users’ needs and requested actions.
Personal and sensitive data provided by the users are treated fairly and legally in order to execute pre-contractual or contractual obligations (art. 6 par. 1 lett. b) of Regulation 679/2016 requested by the users themselves (request made by filing of a form) and for the processing of newsletters.
Personal and sensitive data by the users will not be transferred in any way to third parties. Data can be communicated and transmitted to employees and collaborators of the Data Controller who will treat them in compliance with the regulations and instructions provided by the Data Controller itself.
Responsible for processing
If necessary, for activities related to the maintenance of the website, personal data can be processed by entities appointed by the Data Controller responsible for the processing in accordance with art. 28 of EU Regulation 679/2016.
The personal data will be kept for a period not exceeding the purposes for which the data were collected and subsequently processed.
Data Subject Rights
In accordance with art. 13, comma 2, and articles 15-21 of the Regulation, we inform you that with respect to the processing of your personal data you can exercise the following rights:
- Right of access by the data subject to personal data and:
- confirmation that personal and sensitive data is being processed or not;
- the purpose of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of an automated decision-making, including profiling;
- a copy of the personal data and information undergoing processing;
- Right of rectification and right to have incomplete personal data completed;
- Right to erasure (“Right to be forgotten”) where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
- the personal data have been unlawfully processed the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
- Right to restriction of processing on the following grounds:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
- Right to object to the Data Protection Authority following the procedures and indications published on the website of the Data Protection Authority ().
- Right to Data Portability The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. Where technically feasible, the data subject has the right to have personal data transmitted directly from one controller to another.
- Right to Object at any time the processing of personal data concerning him or her, including profiling. The controller shall no longer process personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject. The data subject maintains the right to object at any time the processing of personal data for direct marketing purposes.
- The Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling. unless: i) this proves to be necessary for entering into, or performance of, a contract between the data subject and the data controller, ii) this is authorized by Union or Member State Law to which the controller is subject, and iii) this is based on the data subject’s explicit consent.
- Right to rectify consent at any moment; personal data, if not supported by other legal framework (among which the compliance with legal obligations or the performance of a contract), must erased by the Data Controller.
The exercise of such rights is not subject to any restriction and is free.
Exercise of your rights
The Data Subject may at any time exercise his or her rights by:
– sending a registered letter to SU srl, Strada Ponte del Marchese 24, 36100, Vicenza
– a certified mail to firstname.lastname@example.org.
The Data Controller is SU Srl, Strada Ponte del Marchese 24, 36100, Vicenza. email@example.com