INFORMATION NOTICE ON PERSONAL DATA PROCESSING PURSUANT TO ARTICLES 13-14 OF EU REGULATION NO. 2016/679
The Data Controller shall safeguard the confidentiality of your personal data and ensure their protection from any events which may cause data security risks. As per EU Regulation no. 679/2016 (GDPR), with special reference to Articles 13 and 14, the following information on personal data processing is provided to users (hereinafter, “Data Subjects”) pursuant to law.
CONTROLLER AND CONTACT DETAILS
Your personal data will be processed by Maristella Mare s.r.l., having its registered office at 4, Via Anco Marzio, 20123 Milan MI, Italy, as Data Controller, in the person of its pro-tempore legal representative.
CONTROLLER AND CONTACT DETAILS
Abiding by the applicable personal data protection regulations, your personal data shall be filed, collected and processed by the Controller(s) for the following business purposes:
Purposes without specific consent Fulfilmentofcompanyadministration,taxandaccountingrequirementsreferringtocustomer/supplierrelationships,and fulfilmentof general obligations imposed on the Data Controller by law or regulations, EU regulations or requests from judicial authorities.

Purposes requiring specific consent

Marketing activities

LEGAL BASIS OF DATA PROCESSING (ART. 6)
Personal data processing for the aforesaid purposes shall be lawful insofar as one of following legal bases, set forth in Art. 6 of the Regulation shall apply:

Legal Basis

Processing is necessary for the performance of any agreements the Data Subject is a Party to, or in order to take steps at the request of the Data Subject prior to entering into a contract.

Data Subjects shall give their consent to the processing of their personal data for a specific purpose.

CATEGORIES OF PERSONAL DATA RECIPIENTS
For the aforesaid purposes, the following recipients may access the personal data you provided:

Categories of recipients

Banks and banking companies

Cloud service providers

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

The Data Controller(s) shall not intend to transfer personal data to a non-EU country or an international organisation. Should it be required to perform any such transfer the Controller(s) shall forthwith ensure that the said data transfer will only be performed under the specific conditions set out in Articles 45 (“Transfers on the basis of an adequacy decision”), 46, para. 1 (“Transfers subject to appropriate safeguards”), or 46, para. 2 (Execution of Standard Contractual Clauses issued by the European Commission) of the GDPR.

PERSONAL DATA RETENTION
Unless the Data Subject has explicitly asked for their data to be deleted, their personal data shall be stored for as long as required for the achievement of the legitimate purposes they were collected for. However, starting on the date of termination of the business relationship, personal data shall be retained for the fulfilment of obligations that remain valid even after termination of the contract (pursuant to Art. 2220 of the Italian Civil Code). With a view to those purposes, the Controller(s) shall only retain any data required for the fulfilment thereof.
YOUR RIGHTS AS DATA SUBJECT

In compliance with the GDPR, you can enforce the rights set forth therein, and specifically the following rights:

  • Right to access – Obtain confirmation from the Data Controller as to whether or not personal data concerning you are being processed and, in this case, access to specific information on the following: purposes of processing, categories of personal data being processed and data retention period, recipients to whom the said data can be disclosed (Art. 15, GDPR),
  • Right to amendment – Without undue delay, have your inaccurate personal data rectified, or completed if incomplete (Art. 16, GDPR),
  • Right to data erasure – Without undue delay, ask for the deletion of your personal data, in certain circumstances and with the restrictions applied by the GDPR (Art. 17, GDPR),
  • Right to restriction of processing – Require the Controller to restrict the processing of your personal data, in certain circumstances and with the restrictions applied by the GDPR (Art. 18, GDPR)
  • Right to portability – You may request to obtain structured, commonly used and machine readable formats of your personal data provided to the Controller, and shall have the right to transfer such data to another Controller without hindrance from the Controller, in certain circumstances and with the restrictions applied by the GDPR (Art. 20, GDPR)
  • Right to object – Object to the processing of your personal data, unless the Controller has lawful rights to proceed with the processing thereof (Art. 21, GDPR)
  • Right to claim – Lodge a complaint with the Italian data protection authority (www.garanteprivacy.it).

You can amend or withdraw your consent and enforce your rights by directly contacting the Data Controller by e-mail at the address

gdpr@maristellamare.it

METHODS OF DATA PROCESSING

Your personal data shall be processed by performing the operations set forth in Art. 4, para. 2, GDPR, whether or not by automated means, namely: collection, recording, organisation, structuring, update, storage, adaptation or alteration, retrieval and analysis, reference, use, disclosure by transmission, comparison, interconnection, restriction, erasure or destruction. In any event, the logical and physical security of your data and the general confidentiality of the personal data being processed shall be guaranteed, by implementing all the appropriate technical and organisational measures as required to ensure their security.