Object: information pursuant to article 13 of legislative decree 196/2003 and article 13 of eu regulation no. 2016/679
Pursuant to art. 13 of Legislative Decree 196/2003 (hereinafter "Privacy Code") and of art. 13 of the EU Regulation no. 2016/679 (hereinafter "GDPR 2016/679", briefly "GDPR"), laying down provisions for the protection of persons and other subjects regarding the processing of personal data, with this statement, BARIMAR SRL declares that the personal data collected will form object of processing in compliance with the aforementioned law and the obligations of confidentiality to which the Data Controller is bound, as described below.
1. HOLDER OF THE TREATMENT
The data controller is the company BARIMAR SRL whose registered office is in Bari at Via De Rossi, 15, in the person of the Sole Director Mr. Pasqualicchio Renato Ciro, at BARIMAR Srl in Via De Rossi, 15 - 70122 Bari. This privacy information does not exclude that the Data Controller may communicate other information also orally to the data subject at the time of data collection.
2. PERSONS ADDRESSED FOR THE TREATMENT
The recipient subject (s) of the data processing, as governed by this information in accordance with the provisions of the Privacy Code and the GDPR, are the Customers of the Company BARIMAR SRL, to which the latter carries out its business of agency. In the following text the subjects indicated above will be indicated as "interested".
3. PERSONAL DATA PROTECTION MANAGER
The figure of the personal data protection officer, or Data Protection Officer (in short DPO) is intended to protect the rights of data subjects under Article 37 of the GDPR; this figure is mandatory:
- a) if the treatment is carried out by a public authority or a public body, with the exception of the judicial authorities in the exercise of the jurisdictional functions;
- b) if the main activities of the owner or manager consist of treatments that require regular and systematic monitoring of large-scale stakeholders;
- c) if the main activities of the owner or manager consist in the large-scale processing of particular categories of data or personal data relating to criminal convictions and offenses.
Therefore, this figure is not applicable, in this case, to BARIMAR SRL.
4. NATURE OF PERSONAL DATA COLLECTED
The personal data collected by BARIMAR SRL are essentially related to the following types: identification (name or company name, address / s, telephone, fax, e-mail, fiscal data, etc.); relating to data processing (data that can be used for accounting, tax, etc.).
5. PURPOSE OF THE TREATMENT
The processing of data collected is done by manual, computer and data processing in order to:
- a) gathering the essential customer data useful for establishing a relationship of trust;
- b) execute customer orders;
- c) correctly manage the economic and fiscal aspects related to the existing contract;
- d) to fulfill contractual obligations towards customers;
- e) comply with all tax formalities arising from the relationship established.
6. NATURE OF DATA CONFERENCE AND CONSEQUENCES OF A REFUSAL TO REPLY
The provision of data and the related processing referred to in paragraphs 1 to 5 of the previous article, are mandatory in relation to the purposes related to the obligations of a contractual and legal nature; the conferment is, moreover, to be considered mandatory in relation to the purposes that refer to the completion of all the necessary and functional activities for the execution of contractual and legal obligations. It follows that any refusal by the interested parties to provide data for the aforementioned purposes may determine the impossibility to proceed with the contractual relationships and the obligations of the law or to carry out certain operations, if the data are necessary to execution of the report or operation.
7. SCOPE OF COMMUNICATION, DISSEMINATION OR KNOWLEDGE OF DATA
The personal data given to BARIMAR SRL are not lent, sold or exchanged to other subjects and / or organizations, if not expressly requesting the consent of the person concerned, BARIMAR SRL may, however, entrust to third parties, who will be appointed holders of the treatment, the personal data of its customers for purposes related to accounting, tax, social security, welfare and protection of contractual rights. In particular, BARIMAR SRL does not disseminate data but may communicate it to the following subjects:
- - Credit institutions and financial mediation;
- - Other professionals and consultants who assist the client from the point of view of social security, welfare, work;
- - Financial administration;
- - Social security and / or welfare institutions;
- - Local societies,
- - employees and collaborators of BARIMAR SRL;
- - employees and collaborators of professional studies, consultancy and accounting data processing commissioned by the company.
In all cases, BARIMAR SRL undertakes to ensure that the data are not processed beyond the purposes specified in this Information.
8. TRANSFER OF PERSONAL DATA
The data of the interested parties will not be transferred either to Member States of the European Union or to third countries not belonging to the European Union.
9. PROCESSING AND STORAGE MODALITIES
Data processing will be carried out in an automated and / or manual form, in compliance with the provisions of art. 32 of the GDPR2016 / 679 and the annex B of the D.Lgs.196 / 2003 (article 33-36 of the Code) on the subject of security measures, by persons specifically appointed and in breach of the provisions of Article 29 GDPR 2016/679.
In compliance with the principles of lawfulness, correctness, transparency, purpose limitation and data minimization, pursuant to art. 5 GDPR 2016/679, subject to the free and explicit consent expressed at the bottom of this statement, the personal data of the interested parties will be kept for the period of time necessary to achieve the purposes for which they are collected and processed.
If the person giving the data is under the age of 16, such processing will be lawful only if and to the extent that such consent is given or authorized by the holder of parental responsibility.
Furthermore, pursuant to article 32 par.1 of reg. UE 679/2016, it is necessary that the owner of the processing of personal data puts in place "technical and organizational measures, adequate to ensure a level of security appropriate to the risk.These measures must be commensurate with the" privacy risk "and will be adequate if they are able to protect the data processed from the risk of destruction, loss, modification, unauthorized disclosure, access in an incidental or illegal way.
In this sense, the processing and storage of the data provided to BARIMAR SRL is done through the use of the software management PLURIMPRESA, implemented the technical security measures provided by the GDPR; specifically: User-id for users and administrators: the administrator user can independently assign credentials and access privileges to the various operators; the management of user groups allows assignment by homogeneous categories; Password Strength: by raising the "Privacy Level" a password strength check is activated, with a length of at least 8 characters;
Password masking: passwords are not visible when typing;
Authentication errors: in the case of attempted access with incorrect credentials, the error message that is returned is generic, without providing indications that could facilitate unauthorized access; after 3 attempts, the entry window is closed;
Password control on server: passwords are saved encrypted on the server database;
Changing the password by the user: all users can change their password; furthermore, by setting the "Privacy Level" to high, they are obliged to modify it on first access and then at least every 6 months thereafter;
Review of authorizations; periodically the status of the policies assigned to users;
Log: the application generates different types of logs related to both user activities and those of server administration;
Anonymization of outputs: the management data can be exported in formats (csv, xls, txt) on which the removal of unnecessary data (eg removal of columns containing personal data) is easily achievable;
Data cancellation:
the accounting and inventory movements are automatically removed at the eleventh year from their placement;
removal can also be performed in advance; all data relating to a single "company" can be removed at any time and in full;
Minimization of mandatory data: the management system is set up to collect only the necessary data;
Transmission encryption: the client-server conversation uses the TLS cryptographic protocol;
Data protection: in addition to being proprietary and therefore only queryable through the management system, the data base is inseparably combined with the unique identifier of the installation.
Furthermore we proceed with: . periodic backup of backup copies (back-up) of data on external devices;
- - the use of KASPESKY software to protect against all forms of malware, with the end antivirus;
- - the firewall configuration at the end of intrusion detection.
The BARIMAR SRL, in addition to compliance with the legislation on privacy, operates in line with civil and fiscal legislation providing for the maintenance of an orderly accounting and the preservation of documents for at least 10 years.
10. PARTICULAR CATEGORIES OF PERSONAL DATA
Pursuant to Articles 26 and 27 of Legislative Decree No.96/2003 and Articles 9 and 10 of EU Regulation no. 2016/679, interested parties could confer; at BARIMAR SRL data that qualifies as "particular categories of personal data", ie data revealing "racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data, biometrics data to identify in unambiguous way of a physical person, data relating to the health or sex life or sexual orientation of the person These categories of data may be processed by BARIMAR SRL only after free and explicit consent, expressed in writing at the foot of this statement.
11. EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING THE PROFILING
BARIMAR SRL does not adopt any automated decision making process, including probation, as per art. 22, paragraphs 1 and 4 of the EU Regulation no. 679/2016.
12. RIGHTS OF THE INTERESTED PARTY
At any time, interested parties may exercise pursuant to Article 7 of Legislative Decree 196/2003 and Articles 15 to 22 of EU Regulation no. 2016/679, the right to:
- a) request confirmation of the existence or otherwise of personal data;
- b) obtain information on the purposes of the processing, the categories of personal data, recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the retention period;
- c) obtain the correction and deletion of data;
- d) obtain the treatment limitation;
- e) obtain data portability, ie receive them from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without hindrance;
- f) oppose the processing at any time and also in the case of treatment for direct marketing purposes;
- g) to oppose an automated decision-making process concerning natural persons, including profiling;
- h) ask the data controller to access personal data and to rectify or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability;
- i) withdraw the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;
- j) to propose a complaint to a supervisory authority.
You may exercise the above rights at any time by sending an appropriate request by:
- - registered letter to BARIMAR SRL - Via De Rossi, 15 - 70122 Bari (BA);
- - e-mail to the certified e-mail address (PEC): office@pec.barimar.it