Information provided pursuant to Articles 13-14 of GDPR 2016/679 (General Data Protection Regulation)

Pursuant to Article 13 of Regulation EU 2016/679 containing the new provisions for the protection of “privacy” and related to the protection and processing of personal data, please be informed that the processing of personal data provided and acquired at the date of signing the contract/activity plan, as well as those that will be provided, and in relation to the information that will come into possession, for the purpose of protecting individuals and other subjects concerning the processing of personal data, will be carried out in compliance with the regulations set out in the aforementioned Regulation and the confidentiality and transparency obligations to which the data controller is bound; it is also specified as follows:

1. Purpose of Processing

The data provided will be used for the purpose of fully carrying out the activities related to the contractual relationship entered into, being processed exclusively for the purposes thereof and as provided by Legislative Decree 30.06.2003, no. 196 as amended, and as modified by Legislative Decree 101/2018 to adapt to Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (General Data Protection Regulation – GDPR).

2. Processing and Storage Methods

Processing will be carried out in an automated and/or manual form, in compliance with the provisions of Article 32 of GDPR 2016/679 on security measures, by specifically appointed individuals and in compliance with the provisions of Article 29 of GDPR 2016/679. In compliance with the principles of lawfulness, purpose limitation, and data minimization, pursuant to Article 5 of GDPR 2016/679, upon the free and explicit consent expressed by signing the contract/activity plan, personal data will be confidential, will not be disclosed, and will be stored for the necessary period to achieve the purposes for which they are collected and processed.

3. Provision of Data

The provision of data for the purposes mentioned in point 1 is mandatory, and any refusal to authorize it results in the impossibility of continuing the contractual relationship.

4. Scope of Data Communication and Dissemination

The collected data will not be subject to dissemination and will not be communicated without explicit consent, except for necessary communications that may involve the transfer of data to public bodies, consultants, or other subjects for legal obligations. The aforementioned data may be known, within the limits of current laws, by employees and/or collaborators expressly appointed and instructed by the Data Controller. The parties commit to maintaining the confidentiality of confidential information and not to communicate it to third parties unless strictly necessary for the execution of the contractual objectives, provided that such individuals have previously committed in writing to keeping the information confidential and not to use it except for the permitted purposes of the contract. The parties also commit to return or destroy immediately upon termination or resolution of the contract, upon written request of the entitled party, all files, acts, documents, lists, registers, reports, notes, designs, sketches, notes, cards, letters, and all other materials, including any copies or reproductions thereof, containing one or more confidential information, unless there is a legal obligation to retain them. The confidentiality obligation persists for the duration of this contract and for a further period of 5 (five) years.

5. Confidentiality Obligation

The Parties assume full responsibility for any violations by any connected persons or third parties to whom confidential information is provided under the contract, of the confidentiality obligations contained therein. The confidentiality obligation indicated above does not apply to confidential information that the receiving party can demonstrate: a) is already public domain, or becomes public domain not due to a violation of confidentiality obligations by the receiving party; b) the receiving party is required to disclose by law or regulation, by order of any competent authority, provided that the parties have previously consulted about the methods and contents of such disclosure, unless otherwise provided by law, regulation, or public authority; c) the receiving party has legitimately obtained from third parties without confidentiality obligations; d) the receiving party can demonstrate with appropriate documentation to have already had in its legitimate possession before it was provided by the other party; e) is developed independently and in good faith by personnel of the receiving party who have had no access to the other party's confidential information. Any violations of the confidentiality obligations for which a party is responsible entitle the other party to obtain any damages suffered.

6. Data Controller

The data controller of personal data is Spritz Matter Srl.

7. Special Categories of Personal Data

Pursuant to Articles 9 and 10 of Regulation EU No. 2016/679, it is possible to provide the professional with data that qualify as "special categories of personal data," that is, data revealing “racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning health or sex life or sexual orientation.” Such categories of data can only be processed with free and explicit consent, expressed in writing.

8. Data Subject Rights

At any time, the data subject can exercise, pursuant to Articles 15 to 22 of Regulation EU No. 2016/679, the right to: a) request confirmation of the existence or otherwise of personal data;
b) obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated, and, where possible, the retention period;
c) obtain the rectification and erasure of data;
d) obtain the restriction of processing;
e) obtain data portability, i.e., receive them from a data controller, in a structured, commonly used, and machine-readable format, and transmit them to another data controller without hindrance;
f) object to the processing at any time and also in the case of processing for direct marketing purposes;
g) object to automated decision-making processes concerning natural persons, including profiling.
h) request access to personal data and the rectification or erasure of the same or the restriction of processing that concerns them or to object to their processing, in addition to the right to data portability;
i) withdraw consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal;
j) lodge a complaint with a supervisory authority.
The exercise of rights can be carried out through a written request sent via certified email to: spritzmatter@pec.it
Spritz Matter Srl

Last update May 31, 2024