PROCESSING OF PERSONAL DATA POLICY
Pursuant to article 13 of the EU Regulation 2016/679, hereafter called GDPR (General Data Protection Regulation), also considered as D. Lgs. 196/2003 modified by the D. Lgs. 101/2018, we inform you on the following:
- Data Controller
The Data “Controller” is the Larus Business Automation Srl Company, with registered office in Via B. Maderna, 7 – 30174 Mestre, Venezia (VE), ITALY.
The Controller can be contacted by registered mail to the address indicated, or by utilising the [email protected] certified e-mail address (PEC).
- Purpose of the processing and legal basis
Navigation Data. The Controller will process some personal data of the users who interact with the computer systems and the software procedures used to operate this website. In particular, will be processed navigation data that the computer systems acquire independently during the use of the website, such as the IP address, domain names and browser types that are not complemented by any additional personal details and that are used to obtain anonymous statistical information about the site, control requirements of the methods of use of the same; as well as to ascertain liability in case of any computer crimes against our site.
- Data provided voluntarily by the user.
The data you provide will be processed exclusively for the following purposes:
a) Stipulation and execution of the contractual relationship (registration, use of site services) and of all the activities related to it, such as, for example, billing, credit protection, protection of rights and interests of the Data Controller, Administration Services, Management services, logistics/organizational services and functional services for the execution of the contract;
b)Fulfilment of the obligations under applicable laws, regulations and provisions issued by Authorities entitled by law and by Supervisory and Control bodies.
The legal basis for the processing of personal data for the purposes specified in paragraphs a) and b) are: the execution of a contract and/or the adoption of a pre-contractual measure at the request of the interested party, and the fulfilment of one or more legal obligations or exercise of legitimate interest.
c) Carrying out promotional/advertising information activities by means of periodical newsletter sending. Only the processing of personal data for the purposes specified in paragraph c) requires your express consent art. 7 of the GDPR. Such consent is about both the automated methods of communication and the above described traditional ones.
For those interested already customers of the Data Controller, the sending information for the purposes described at the previous point c) can be based also on the legitimate interest of the Data Controller as required by art.6, paragraph 1 letter f) and by the recital n.47 of the GDPR.
The interested party will always have the right to object, in an easy way and free of charge, to all or any part of the processing of their personal data for the purposes of point c).
- Data processing methods
The processing of personal data is realized by means of the operations referred to in Art. 4 n. 2) GDPR, for the purposes listed above, both on paper and computer/electronic support, through electronic and/or automated tools, in compliance with the current legislation, in particular on confidentiality and safety and in accordance with principles of correctness, lawfulness and Customer’s rights protection and transparency. The processing is performed directly by the organization of the Data Controller and by its leaders ex art 28 as well as internal designated subjects.
- Mandatory or optional nature of the data and consequences of denial in providing personal data
Data required for the purposes referred to in the previous point have to be necessarily provided for the fulfilment of the legal obligations and/or the conclusion and execution of the contract as you requested or the exercise of a legitimate interest from the controller.
Thus, your refusal, even partial, in providing those data would result in the impossibility of Larus Business Automation Srl to establish and manage the relationship itself. The provision of personal data necessary for the purposes referred to in point c) is optional, therefore your refusal in providing thosa data can lead to the impossibility of putting in place the activities described herein (marketing and promotional).
- Communication and Dissemination
Your personal data can be communicated, within the limits strictly relevant to the above-mentioned obligations, responsibilities and purposes and in compliance with the current legislation on privacy, to the following categories of subjects:
- Subjects to which this communication can be carried out in order to fulfil or to demand the fulfilment of specific contractual obligations or provided by laws, regulations and/or community legislation
- External Natural and/or legal persons that provide services instrumental to the controller activities for the above-mentioned purposes (e.g. business partners, suppliers, companies, institutions, professional studies). These subjects will operate in the capacity of responsibles for the processing of data ex art 28 GDPR.
- Data retention period
Personal data will be stored for the entire length necessary for the execution of the contract signed with the Data controller, after which the data will be stored to comply with the legal obligations and to store administrative documents in compliance with the current legislation.
- Data Transfer
Personal data is stored on servers located within the European Union. It is anyway understood that the Data Controller, if necessary, will have the right to move the servers also non-EU. In this case, the controller ensures from now on that the non-EU transferral of data will take place in accordance with the applicable legal provisions, under standard contracts required by the European Commission.
- Rights of the data subject
As a Data Subject, you have the rights referred to in the GDPR and precisely the rights to:
- Obtain confirmation of the existence (or lack thereof) of personal data about you, even if the data are not yet registered, and their dissemination in a comprehensible form;
- Obtain an indication of: a) the origin of personal data; b) the processing purposes and methods; c) the logic applied in case of processing carried out via electronic means; d) the identity of the owner, of those responsible and of the representative who has been nominated, under art. 3, comma 1, GDPR; e) the subjects or the categories of subjects to which personal data can be disseminated or that may become aware in the capacity of representative designated in the territory of the State, of managers or processors;
- Obtain: a) the update, the amendment and, if desired, the integration of data; b) the deletion, the anonymization or the blocking of the personal data processed in violation of the law, including those of which the storage is not necessary in relation to the purposes for which the data have been collected or subsequently processed; c) the attestation that the operations provided for in points a) and b) have been brought out, also with regard to the content, of those to whom data have been communicated, except if this fulfilment become impossible or involves a use of means clearly disproportionate compared with the protected right;
- Oppose, in whole or in part: a) for legitimate reasons for the processing of your personal data, even if they are appropriate to a collection purpose; b) to the processing of your personal data in order to the sending of advertising or direct sales material or in order to carry out market research or commercial communication, using call systems, and/or e-mail and/or traditional marketing methods via phone and/or paper mail. Please note that each interested party has the right to oppose, in whole or in part, the data processing for marketing purposes. Thus, the data subject can decide whether to receive just communications via traditional marketing methods or automated communications or neither of the two types of communications. If applicable they have the rights referred to in art. 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Authority.
To exercise any of the above-mentioned rights and for questions or information related to the processing of your personal data and to the security measures taken, every Data Subject can in any case forward to our company their requests at the following address: [email protected]