INFORMATION CONCERNING THE PROCESSING OF PERSONAL DATA
(art. 13 of Reg. UE 679/2016 “GDPR”)
CaberlonCaroppi Architetti Associati (hereinafter the “Company”) takes great care to ensure the security and confidentiality of its clients personal data during all business operations.
In accordance with Reg. UE 679/2016 “GDPR” (General Data Protection Regulation), we hereby supply you all due information concerning the purposes and methods for your personal and sensitive data processing in our possession.
Data Controller is CaberlonCaroppi Architetti Associati, Via Scipione Piattoli, 7 – 20127 Milano (MI) – IT, in person of its legal representative, Chiara Caberlon.
If you have questions regarding the way we process your personal data, please contact the data controller directly using the following email address: firstname.lastname@example.org.
2. What kind of personal data may be collected
The following categories of personal data may be collected:
Contact details – information relating to your name, date and place of birth, address, telephone number, mobile number and email address.
Other personal data – information you provide relating to your education or professional situation, administrative, financial and accounting data.
Interests – information you provide in relation to your interests, including products and services in which you are interested.
Website use – information relating to the ways in which you use the website, including information collected through cookies (for more details please consult our Cookies Policy on website http://www.caberloncaroppi.com).
3. How we collect your personal data
The Company collects and processes your personal data in the following circumstances:
if you contact us in order to request services we provide;
if we have direct personal contact with you during meeting or event, in which you provide us yours data.
4. Purposes of data processing
Personal data must only be processed on legitimate grounds in accordance with current personal data regulations, as described below.
5. Operational management of services and other closely related administrative and accounting purposes.
The Company collects your contact details in order to allow you to obtain request services and for organizational, administrative, financial and accounting activities. In particular, internal organizational activities, those following contractual obligations’ fulfilment and information activities are related to these purposes.
Reason for data processing: fulfilment of contractual obligations (art. 6.1 lett. b), c) del GDPR).
Provision of data is compulsory so that we are able to respond to your requests; if you do not provide your data, we are unable to allow you to proceed.
6. Marketing activities designed to respond to your needs and provide you with information about projects and events.
The Company may process your contact details for marketing and advertising purposes with the aim of informing you about projects and initiatives carried out using automated contact methods (e.g. e-mail) as well as traditional contact methods (e.g. telephone calls), in the event that you grant your consent for this.
Reason for data processing: consent of the data subject (art. 6.1 lett. a) del GDPR).
7. Compliance with binding legal requests and obligations, regulations and measures taken by the judicial authorities, and to defend a right in a legal setting.
The Company collects your contact details in order to fulfil a legal obligation and/or defend one of its rights in a legal setting.
Reason for data processing: legal obligations to which the Company is bound to adhere (art. 6.1 lett. c), f) del GDPR).
8. Methods of data processing – Data retention
The personal data processing will be carried out by electronic, automated and / or manual instruments, with methods and tools to ensure maximum security and confidentiality, by persons authorized to do so in compliance with the requirements of GDPR.
The Company employs a vast range of security measures in order to optimize the protection, security, integrity and accessibility of your personal data. All of your personal data is stored on our secure servers (or as secure hard copies) or on secure servers belonging to our suppliers or commercial partners. The data is accessible and usable in accordance with our security standards and policies (or the equivalent standards of our suppliers or commercial partners) in compliance with GDPR.
9. How long we store your data for
We only store your personal data for the time necessary to pursue the purposes for which it was collected and for any other legitimate related purpose. Therefore, if your personal data has been processed for two different purposes, we will store your data until both purposes have been fulfilled. However, once one of those purposes has been achieved, we will no longer process your personal data for that purpose. Only those people who need to use your personal data for relevant purposes shall have access to it.
Where personal data is no longer necessary – or there are no longer legal grounds for storing it – it shall be made anonymous in an irreversible manner (and stored in this manner) or securely destroyed.
Below are the storage periods relating to the above purposes:
Fulfilment of contractual obligations: data processed in order to comply with any type of contractual obligation may be stored for the full duration of the contract and for no longer than ten years after the duration of the contract, in order to allow us to deal with any outstanding matters, such as accounting documentation (e.g. invoices).
Marketing: data processed for marketing purposes may be stored for 5 years from the date we receive your most recent consent for this purpose (except where you have opted out of receiving additional correspondence).
In the event of a dispute: in the event that we are forced to defend ourselves, take action or bring a claim against your or a third party, we may store personal data we consider to be reasonably necessary for such data processing purposes for the period in which such a claim may be pursued.
10. Communication and data diffusion
The personal data to be processed will be treated confidentially and will not be diffused. Persons who may have access to your personal data include authorized employees and external suppliers who have – if necessary – been named parties responsible for data processing where these provide service support.
Furthermore, these data may also be disclosed to following third parties:
entities that provide services for the management of the information system used by CaberlonCaroppi Architetti Associati and the telecommunications networks, including e-mail service, newsletter service and website service management;
firms or companies or consultant which provide assistance and advice;
competent authorities who enforce the law and/or regulations promulgated by public bodies, on request.
The above mentioned entities shall act as Data Processor or may perform their tasks fully independently, as if they were the Data Controller. The list of potential Data processors is constantly updated and it is available at CaberlonCaroppi Architetti Associati, Via Scipione Piattoli, 7 – 20127 Milano (MI) – IT. Please contact us on email@example.com if you would like to see a list of parties responsible for data processing and other individuals or companies to whom we pass your data.
11. Nature of underwriting
You are free to provide personal data. The provision of personal data is optional and discretionary, although it may be necessary for some specified services.
12. Right to access personal data and other rights
You can exercise your rights according to articles 7, 15-22, 77 of GDPR, by contacting the Data Controller, CaberlonCaroppi Architetti Associati by sending an email to firstname.lastname@example.org.
You have the right to ask us:
for access to your personal data;
for a copy of the personal data you have supplied us with (data portability);
to amend data in our possession;
to delete any data where we no longer have any legal grounds to process this;
to oppose data processing where application regulations allow for this;
to revoke your consent, where data processing depends on consent;
to limit the way we process your personal data, to the extent set out by personal data privacy regulations;
These rights are subject to a number of exceptions designed to protect the public interest (e.g. preventing or identifying crime) and our own legitimate interests. In the event that you exercise one of the aforementioned rights, it shall be our responsibility to verify whether you are legitimately entitled to exercise that right. We will inform you of the outcome of this within one month.
We will make every effort to deal with your concerns should you make any complaints or remarks regarding the way we process your data. However, if you wish, you may take complaints or remarks to the authority responsible for data protection, “Garante per la protezione dei dati personali” .