INFORMATION ON THE PROCESSING OF THE CUSTOMER’S PERSONAL DATA

PURSUANT TO ART.13 D. LGS. 196/2003 E DELL’ART. 13 REG. UE 679/2016

The Privacy Regulation (GDPR) requires us to provide information on the Processing of Data necessary for us to execute the Employment Contract stipulated with the customer, to provide the requested services/products and for the activities connected to them.

For the Privacy Policy:

a)   We, Baiazzurra SAS, of Vittorio Piras & C., Via S. Avendrace, 50 – 09100 Cagliari – ITALY, are Data Controllers;

b) The Customer is the interested party, and has the rights and obligations that we explain below.

1. Treatment

1.1. The data Controller, whose data are indicated in the Introduction, will process the Data according to the principles of lawfulness, correctness, transparency, purpose and conservation limitation, data minimization, accuracy, integrity and confidentiality.

2.Purposes, Categories of Data and Legal Bases of Processing

2.1.The Data Controller carries out the Processing with the purpose:

a) Fulfill, even before the conclusion of any contractual relationship, if requested by the Customer, the contract, or specific requests made by you (such as, for example, to contact and deliver the requested services/products, or to communicate that the services/ requested products are ready/available);

b)  Carry out obligations deriving from any contractual relationship;

c)  Carry out commercial communications, send tax documents, via telephone, email, text message and fax;

d)  To store data on quotes and information requested.

e)  Fulfill administrative, financial, accounting and/or tax obligations;

f)   Fulfill any obligation established by law and/or an order from the Public Authority;

g)  Possibly, to assert or defend a right in court;

2.2.The Data Controller will process data in the following categories: name, surname, tax data, address, email address, telephone number (or other type of contact).

2.3.The legal bases of the Processing are as follows, divided by categories of Data:

a) Identification data: consent of the interested party and/or need to carry out obligations referred to in the previous points 2.1 a-e;

b) Tax data: need to fulfill the obligations referred to in the previous points 2.1 c-e.

3.Methods of Treatment

3.1.The Data will be:

a) Collected electronically and/or on paper;

b) Recorded in digital format on computers and/or kept in paper archives in the exclusive availability of the Data Controller;

c) Protected from risks of destruction, modification, cancellation and unauthorized access through efficient physical, logical and organizational security measures;

d) Further processed, including on paper, to the extent and within the times strictly necessary to implement the purposes indicated above.

4. Communication to Recipients and Dissemination

4.1. The Data is possibly communicated to third party Recipients (including the PA or Judicial Authority) only to the extent strictly necessary in relation to the above purposes, or in any case only for legal compliance or by order of the Authority.

4.2. The categories of Recipients are as follows:

a) Subjects necessary for the execution of activities connected and consequent to the execution of the Contract;

b) Appointees and people authorized by the Data Controller who are committed to confidentiality or have an adequate legal obligation of confidentiality (e.g. employees and collaborators of the Data Controller);

4.3. The Data Controller may also have to communicate Data to fulfill legal obligations or to comply with orders from public authorities, including judicial authorities.

4.4. The Data will not be disclosed.

5. Data Retention Period

5.1. The Data Controller retains his Data for the minimum time necessary to achieve the Purposes referred to in point 2 and in any case no longer than fifteen years.

6. Mandatory nature of data communication

6.1. Data communication is:

1. Mandatory, with regard to the execution of the contract or the fulfillment of legal obligations or orders of the Public Authority;

2. Optional, with regard to other services you may request.

7. Consequences of refusal to communicate the Data

7.1. In case of refusal to communicate any personal data necessary pursuant to the previous point

6.1

a), it will not be possible to fulfill the contract.

7.2. In case of refusal to communicate any personal data necessary pursuant to the previous point

6.1

b), it may not be possible to carry out any other services requested.

8. Rights of the interested party

8.1. The interested party has the right to:

a) access your Data held by the Data Controller;

b) request rectification and/or cancellation (“oblivion”);

c) request the Limitation or oppose the Processing;

d) request data portability;

e) lodge a complaint with a Supervisory Authority.

8.2. The interested party also has the rights referred to in the art.

7 of the Privacy Code not expressly mentioned above (i.e. to obtain confirmation of the existence of Data concerning him and their communication in an intelligible form, the indication of their origin, the identification details of the Data Controllers, the transformation into anonymous form of the Data or their blocking if processed in violation of the Privacy Law.

8.3. The Customer can assert their rights by making a request via email to the address info@baiazzurra.com or by fax to the number +39 070 273695.

8.4.The Customer can contact the Data Controller at the following telephone numbers +39 070 273695 – +39 070 991494 or via email at  info@baiazzurra.com.