Privacy Information Notice

Policy on personal data processing (Art. 13 of Regulation EU 2016/679)

Dear Customer/Supplier,
We wish to inform you that in accordance with Article 13 of Regulation EU 2016/679 (GDPR), on the protection of natural persons with regard to the processing of personal data and to the free circulation of that data, the personal data you provide to us will be processed in accordance with the GDPR. Data will be processed according to the principles of lawfulness, fairness, transparency, and with the protection of your confidentiality and rights, with particular reference to the integrity, confidentiality, personal identity and right to the protection of personal data.

Purpose of the data processing
The personal data you provide will be used for the following purposes:

• to fulfil the requested services, enable the efficient management of customer and supplier relations in order to reply to any requests for information, assistance, suggestions and/or specific requirements;
• to fulfil our legal obligations in relation to administration and accounting activities;
• to fulfil our contractual obligations with customers in connection with the provision of advice, assistance and preparation of documents in accordance with the terms and conditions stipulated in offers and contracts;
• to fulfil our legal obligations in relation to the administration, management and logistics of the training courses you wish to enrol on; to provide the requested services;
• to enable the efficient management of customer and supplier relations in order to reply to any requests for information, assistance, suggestions and/or specific requirements you may have;
• to send communications relating to the services we offer, newsletters, personalised news with materials and promotions about our products and services (e.g.: invitations to training courses, events, seminars and conferences), either by traditional means (operator telephone calls) or automated means (email).

Methods of processing
The data will be processed manually and/or using automated and computerised methods, always in accordance with the security measures referred to in Article 32 of the GDPR, by persons specifically authorised in accordance with Article 29 of the GDPR. Security measures will therefore be used to guarantee the confidentiality of the data subject, and to avoid unauthorised access to the data by any third party or by unauthorised personnel.

Storage period
In accordance with the principles of lawfulness, purpose limitation and minimisation of data, pursuant to Article 5 of the GDPR, your personal data will be kept for the time necessary to fulfil the purpose for which it was collected and processed, and in accordance with the legal timeframe.

Mandatory or voluntary provision of data
The provision of the data is optional. However, any refusal to provide it, or failure to provide consent to data processing will result in ELCOS s.r.l. being unable to fully provide the services offered.

Scope of disclosure and dissemination
The data we collect will not be circulated. Your personal data may be communicated to the following categories of recipients, for the above purposes:

• external consultants responsible for data processing operations and/or advice on tax payment
• public bodies that require the data by law (social security and welfare bodies, finance offices etc.)
• parent companies, subsidiaries and affiliated companies, to which ELCOS s.r.l. allocates various activities (such as the administration and logistics management of various conventions and/or training courses).

Transfer of data to third countries
The data controller will not transfer the personal data to third countries. However, cloud services may be used and in such cases, the service providers will be selected from among providers who can ensure adequate guarantees as required by Article 46 of the GDPR.

Data controller, data processor and DPO
The data controller is ELCOS s.r.l., through its legal representative. An up-to-date list of the data processors can be obtained from the company’s head office. No DPO has been appointed.

To enforce the rights of the data subject and/or to request further information, please contact the data controller ELCOS s.r.l., with headquarters and processing centre at Via Arandora Star 28/a - 43122 Parma (PR), Italy – Tel. +39 0521 772021, email: info@elcos.it

Rights of the data subject
In accordance with Articles 15-22 of the GDPR you may exercise the following rights at any time:

1. Request confirmation of the existence of your personal data and, if so, obtain access to the data indicated in para. b) below.
2. Obtain information about the purposes of the data processing, the categories of personal data, the recipients or categories of recipients to whom the personal data has been or will be communicated (in particular, recipients in third countries or international organisations) and the storage period, where possible.
3. Obtain the rectification and erasure of the data.
4. Revoke consent to processing at any time (however, revocation of consent does not affect the lawfulness of the processing based on consent prior to the revocation).
5. Obtain a restriction of data processing.
6. Obtain the portability of the data, in other words receive it from a data controller in a structured, commonly used machine readable format, and transmit it to another data controller without impediment.
7. Object to the processing at any time, also in the case of data processing for direct marketing purposes.
8. Object to an automated decision-making process relating to private individuals, including profiling.
9. Obtain confirmation of compliance with the obligations on the data controller according to Article 19 of the GDPR, i.e. the communication – to each recipient who has received the personal data – of any rectifications, erasures, or restriction of processing carried out in accordance with Article 16 of the GDPR, except in cases where this proves to be impossible or implies a disproportionate effort.
10. Submit a complaint to the competent supervisory authority.