information notice pursuant to Article 13 of Legislative Decree no. 196/03 and Article 13 of EU Regulation no. 2016/679
Pursuant to and for the purposes of Legislative Decree no. 196/03 (protection of individuals and other subjects with regard to the processing of personal data) and Article 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”), in order to allow you to make an informed and appropriate assessment regarding the nature of the personal data we are requesting from you, the purposes and methods of the processing to which such data will be subjected, and to inform you of your rights as a data subject, we invite you to read the following information notice:
Nature of the data. The Data Controller processes personal and identifying data (such as name, surname, company
name, address, telephone number, email, banking and payment details) – hereinafter referred to as “personal
data” or simply “data” – provided by you when entering into contracts for the services offered by the Data
Controller.
Purpose of the processing. Your personal data are processed:
A) Without your express consent (art. 24 letters a), b), c) of the Privacy Code and art. 6 letters b), e) GDPR),
in order to: conclude contracts for the services of the Data Controller; fulfill pre-contractual, contractual
and tax obligations arising from existing relations with you; comply with legal obligations, regulations, EU
legislation or an order from an Authority (such as anti-money laundering regulations); exercise the rights of
the Data Controller, for example the right of defense in legal proceedings.
B) Only with your specific and separate consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), in order to:
- send you by e-mail, post and/or SMS and/or phone calls newsletters, commercial communications and/or advertising material regarding products or services offered by the Data Controller, and to assess your level of satisfaction with the quality of the services;
- send you commercial and/or promotional communications from third parties (for example, business partners, insurance companies, other companies) via e-mail, post and/or SMS and/or phone calls.
Processing methods. The processing of your personal data is carried out by means of the operations indicated in
Article 4 of the Privacy Code and Article 4 no. 2) GDPR.
The Data Controller will process the personal data for the time necessary to fulfill the purposes mentioned
above and, in any case, for no more than 10 years from the termination of the relationship for Service Purposes
and for no more than 2 years from the collection of the data for Marketing Purposes.
Access to data. Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
to
employees and collaborators of the Data Controller, in Italy and abroad, in their capacity as persons in charge
and/or internal data processors and/or system administrators;
- to third-party companies or other entities (by way of example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
Data communication. Your data will not be disseminated. Pursuant to art. 24 letters a), b), d) of the Privacy
Code and art. 6 letters b) and c) of the GDPR, the Data Controller may communicate your data for the purposes
referred to in art. 2.A) to supervisory bodies (such as IVASS), judicial authorities, insurance companies for
the provision of insurance services, as well as to those subjects to whom communication is mandatory by law.
Data transfer. Personal data are stored on servers located within the territory of the European Union. The Data
Controller ensures that any transfer of data outside the EU will be carried out in accordance with applicable
legal provisions.
Nature of data provision and consequences of refusal to provide data. The provision of data for the purposes
referred to in art. 2.A) is mandatory. Without them, we will not be able to guarantee you the Services referred
to in art. 2.A). The provision of data for the purposes referred to in art. 2.B) is optional. You will still
have the right to the Services referred to in art. 2.A).
Rights of the data subject. Pursuant to art. 7 of the Consolidated Data Protection Act, the data subject has the
right to obtain confirmation of the existence or not of personal data concerning them and to have such data made
available in an intelligible form; they have the right to know the origin of the data, the purpose, methods and
logic of the processing, the identifying details of the Data Controller as well as the subjects and categories
of subjects to whom the data may be communicated or who may become aware of it as Data Processors or Persons in
Charge; the data subject also has the right to obtain updating, correction and integration of the data,
cancellation, anonymization or blocking of data processed unlawfully. Furthermore, the data subject has the
right to object, in whole or in part, to the processing of personal data concerning them, even if relevant to
the purpose of the collection specified above. However, in this latter case, since sending advertising material,
direct sales, or conducting market research or commercial communication are not part of the processing purposes
carried out by us, the objection must be based on justified reasons.
Right to lodge a complaint with the Supervisory Authority. The data subject has the right to lodge a complaint
with the Supervisory Authority: Garante per la protezione dei dati personali – Piazza di Monte Citorio n. 121
00186 ROME Fax: (+39) 06.69677.3785 Switchboard: (+39) 06.696771 E-mail: mailto:garante@gpdp.it Certified mail:
mailto: protocollo@pec.gpdp.it. References on the Privacy Authority’s website
http://www.garanteprivacy.it.
10. Data Controller and Data Processors. The Data Controller is Dr. Lucrezia Bargnani, as sole director and pro
tempore legal representative of the company “Holbarg S.r.l.” with registered office in Castiglione delle
Stiviere (MN) Via Gnutti no. 64/B.
The updated list of any appointed Data Processors and persons in charge of processing is kept at the registered
office of the Data Controller and in compliance with art. 28 GDPR.