Data processing and protection information
(customer information – Articles 13 and 14 GDPR)

Pursuant to and for the effects of the combined provisions of European Regulation 2016/679 (General Data Protection Regulation, hereinafter “GDPR”) and Legislative Decree 196/2003 and subsequent amendments (Legislative Decree 101/2018), the company AR19 Srl in the person of the legal representative Mr. ROSSO ALBERTO, as Data Controller (hereinafter “Data Controller”), informs of the following.

​

Art. 1. Controller (the person or company that decides how and why to process the data).

​

AR19 Srl

Registered office: Via Palmanova, 4 -20100 – Milan (MI); Operational office: Via Picozzi, 20;

Tax code and VAT number no. 10732020960

Email Address: privacy@ar19.eu, PEC Address: info.ar19@pec.it

 

Art. 2. Purpose and legal basis of the processing: why the data are processed and from what the processing is justified

​

As part of your work, the acquisition and processing of customers' personal data, including bank data, is necessary to properly perform the service and/or product requested (by signing the quote, order, and/or contract) and to fulfill the related obligations set forth in civil and tax law. Therefore, consent is not required.

The purposes for which the specific and explicit consent of the interested parties is not necessary are:

- provide the requested product/service;

- issue quotes, formulate contract proposals, issue invoices, respond to requests from interested parties (e.g. requests received via email, telephone);

- fulfill the pre-contractual, contractual and tax obligations resulting from this activity of the Owner;

- fulfill obligations under law, regulation, Community legislation, or an order of the Authority;

- exercise the rights of the Owner, for example any right of defense in court.

The refusal to provide all or some of the data required for the purpose a) and/or the indication of incomplete and/or untrue data by the interested parties prevents the Owner from fulfilling the obligations set out.

 

The legal basis that legitimises data processing is

performance of a contract to which the person concerned is a party and/or the performance of legal obligations.

 

Art. 3. Method of processing: how data are processed

​

To achieve the purposes of Article 2, the Owner processes common data (e.g., first name, last name, company name, email address, telephone number, certified email address, SDI code, banking and payment references, tax code, VAT number).

 

Unless voluntarily communicated by the interested parties, the Owner does not process specific data pursuant to Article 9 of the GDPR (e.g., data relating to health, political affiliation, trade union membership, etc.) and/or judicial data pursuant to Article 10 of the GDPR (e.g., data relating to criminal convictions and/or crimes).

 

The data are processed within the limits strictly necessary to achieve the purposes set out in the previous Article 2, also with the aid of electronic or, in any case, automated means (computer tools) and the processing can also be carried out via the Owner's website.

In any case, data processing is carried out by adopting all appropriate measures to ensure the security and confidentiality of data subjects' personal data, in particular in compliance with the security measures set out in Article 32 of the GDPR and in accordance with the principles of lawfulness, necessity, and proportionality.

 

Art. 4. Data retention: where and for how long data is held

​

The data is processed and stored at the Owner's offices and on the company tools used (e.g. computers). All data (paper and digital) are protected by appropriate security systems so as to ensure their confidentiality and safeguarding. All data are physically stored in Italy. Some digital files are stored in cloud systems. Providers have been selected to ensure the safeguarding and confidentiality of data. These devices are physically located within the European Union.

The Owner will keep the personal data for the time necessary to fulfill the purposes referred to in the previous Art. 2, in particular for the entire duration of the contractual relationship with customers, to fulfill the obligations imposed by current tax and anti-money laundering legislation. Personal data may be kept for a longer period in the event of any disputes, for the entire duration of the same, to allow the exercise of the Owner's right of defense in court and out of court.

The data collected and processed with reference to Art. 2 will be kept for 10 (ten) years from the end of the contractual relationship to fulfill any requests of the interested parties.

​

Art. 5. Communication and transmission of data: to whom the data are communicated

​

The data are not subject to communication and dissemination to third parties, without prejudice to the obligations arising from the law. In fulfilment of these obligations the personal data, including bank data, of customers may be transmitted to third parties who carry out the processing on behalf of the Owner in their capacity as External Managers appointed pursuant to art. 28 GDPR (as an indication the accountant for billing data, IT consultants for the technical assistance report, etc).

Personal data may also be communicated to Credit Institutions, Insurance Companies, law firms for the management of any litigation and the exercise of the Owner's right of defense, to the competent Public Security Authorities for investigation and inspection activities, to the Owner's employees and/or collaborators in carrying out their normal work and/or collaboration activities, such as persons authorized for processing.

The updated list of such entities is nevertheless available at the offices of the Holder.

No data is resold to third parties.
 

 

Art. 6. Rights of data subjects (Articles 15 et seq. of the GDPR).

​

Art. 15 Right of access, including the right to obtain an indication of the period of retention of personal data envisaged, or if the criteria used to determine that period are not possible. Right to obtain an indication of the origin of the data collected, as well as the purposes and methods of processing. Right to file a complaint with the Supervisory Authority at any time (Privacy Guarantor: Piazza Venezia nr. 11, 00187 ROME, Tel. +39 06 696771 - PEC: protocollo@pec.gpdp.it); Art. 16 Right of the data subject to obtain updating, rectification or integration of personal data; Art. 17 Right to erasure and right to be forgotten; Art. 18 Right to restriction of processing, when provided for; Art. 19 Obligation of the holder to notify rectification, cancellation and/or limitation; Art. 20 Right to data portability, where existing technology permits; Art. 21 Right to object, at any time on grounds connected with his particular situation, in the event that the processing is carried out in the exercise of public authority or in the performance of a task in the public interest or if the basis is made for the legitimate interest of the holder; Art. 22 Right to obtain guidance on the existence of automated decision-making, including profiling.

 

Art. 7. Instances of data subjects: how rights can be exercised 

​

Applications relating to the exercise of the rights referred to in Article 6 above may be submitted by interested parties to the Data Controller by registered letter or certified email (PEC) to the addresses referred to in Article 6 above. 1.

In all cases, interested parties will have to attach their own valid identity document to the request.