Privacy Statement Pursuant to Article 13 of UE Regulation 2016/679 – For clients
The “Data Controller”
Under Section 4 of EU Regulation 2016/679 containing the Personal Data Protection Code and the free movement of such data (henceforward referred to as “EU Regulation”), Carter & Benson S.r.l. is the Data Controller of the acquired personal data and in compliance with Article 13 of EU Regulation (“Information to be provided where personal data are collected from the data subject”) provides the following information.
The Company hereby informs you that any acquired personal data, even relating to existing legal relationships (including, by way of example but not limited to employees, collaborators, trainees, etc.) shall be undergoing processing in compliance with the above mentioned law provisions. With respect to the aforesaid processing operations, the following information is among other things hereby provided by the Controller.
“Personal data” (art. 4 number 1 EU Regulation 2016/679) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Processing” (art. 4 number 2 EU Regulation 2016/679) means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
These operations shall be carried out with respect to the principles of fairness, lawfulness, transparency and for the safeguard of your confidentiality and your rights.
Collected personal data
Collected personal data shall be essentially relating to:
- Identification data (either company name/label or first names and last names of individuals, registered office address, phone number, fax, e-mail, tax dates, etc.);
- Data relating to existing legal relationships (Personnel Research and Recruitment). These data may be provided directly by the subject (in n the broadest sense of the word).
Identity and contact details of the Data Controller
Company Name: Carter & Benson S.r.l.
Legal office: Foro Buonaparte 22, 20121 Milan
Telephon number: 02/80509788
Email: carterbenson@legalmail.it
Contact details of the Data Protection Officer (DPO)
DPO not compulsory.
Purposes of processing operations
Purposes of personal data processing are the following:
- execution, management of contracts, also with reference to existing prior agreements or to agreements related to the Personnel Research and Recruitment, and therefore the establishment, management and development of relationships with the subject (e.g. execution of operations in compliance with the signed Agreement);
- compliance with obligations by Law, Regulation, Community legislation or other settlements ordered by Authorities or Control and Surveillance bodies (e.g. Control bodies for the administrative responsibilities of Companies, anti money laundering) linked to the existing and/or future agreement;
- exercise and defend your own rights, also with reference to frauds and credit recovery;
- outsourced professional collaborators, if any, entrusted with the fulfilment of law or contractual obligations;
- internal analysis in aggregated form.
For each of the above mentioned purposes you can find details about type of data, type of personal data and the related conservation time in the following chart:
CHART 1
| Purpose of processing operation of personal data | Legal basis of the processing | Types of personal data subject to processing | Personal data preservation time | Type of recipient |
|---|---|---|---|---|
| Purpose 1 | Agreement | · Identification data · Personal data |
Until the agreement’s due date and for other 10 years | * |
| Purpose 2 | Legal Obligation | · Identification data · Personal data |
Until the agreement’s due date and for other 10 years | * |
| Purpose 3 | Legitimate interest
Business relationship between owner and subject |
· Identification data · Personal data |
Within the terms provided for by the Law | * |
| Purpose 4 | Legitimate interest
Business relationship between owner and subject |
· Identification data · Personal data |
Until the agreement’s due date and for other 10 years | * |
| Purpose 5 | Legitimate interest
Business relationship between owner and subject |
· Identification data · Personal data |
Until the agreement’s due date | * |
*Types of recipients
With reference to the above mentioned purposes, data may be communicated to the following subjects and/or subject categories, or rather be communicated to companies and/or individuals, both in Italy and abroad, that provide services, also external, in name of the Data Controller. Among these ** hereafter their different categories are indicated by way of example but not limited to:
- Consultants for accountability management;
- IT providers;
- Consulting companies;
- Authorities or Surveillance bodies.
(**) a list of external Subject/Responsible with other useful data for identification is available at the Data Controller office.
Data subjects’ rights
With regard to the aforesaid processing operations, the rights referred to Section 4 of EU Regulation 2016/679 may be exercised as follow:
- right of access by the data subject [art. 15 of EU Regulation](right to obtain from the controller confirmation as to whether or not Personal Data are being processed, and, where that is the case, access to the related information);
- right to rectification [art. 16 of EU Regulation](right to obtain the rectification of inaccurate Personal Data concerning him or her);
- right to erasure of Personal Data concerning him or her without undue delay (“right to be forgotten”) [art. 17 EU Regulation] (data subject shall have the right to erasure of Personal Data);
- right to restriction of processing of Personal Data as regulated by art. 18 EU Regulation (where the processing is unlawful or the accuracy of the Personal Data is contested by the data subject )[art. 18 EU Regulation];
- right to data portability [art. 20 EU Regulation] (data subject shall have the right to receive the Personal Data concerning him or her, in a structured format to transmit those data to another controller pursuant to mentioned article);
- right to object to processing of Personal Data [art. 21 EU Regulation] (the data subject shall have the right to object to processing of Personal Data concerning him or her);
- right not to be subject to a decision based on automated processing [art. 22 EU Regulation] (the data subject shall have the right not to be subject to a decision based solely on automated processing).
Further information about the data subject’s right are provided on the company website or rather asking to the Data Controller the complete extract of the above mentioned articles.
The above mentioned rights can be exercise pursuant to Regulation, thus sending an email to carterbenson@legalmail.it.
Carter & Benson S.r.l., pursuant to art. 19 EU Regulation, provides to communicate any rectification or erasure of personal data or restriction of processing to each recipient, unless this proves impossible or involves disproportionate effort.
Whereas the purpose pursued by Carter & Benson S.r.l. is based on consent, the data subject has the power to withdrawal at any time, sending and email to carterbenson@legalmail.it.
Pursuant to art. 7 EU Regulation, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint
The data subject, if considers that the processing of personal data relating to him or her infringes the Regulation, shall have the right to lodge a complaint with a supervisory authority, following the instructions given in the following internet page http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
Compulsory provision of personal data
Where the purpose of processing in based on a legal or contractual (or even precontractual) obligation, the data subject must provide the required data. Otherwise the Data Controller will not have the possibility to pursue the specific purpose of processing.
Automated processing
The Data Controller does not use an automated processing.
Mechanisms of processing operations
Personal data will be processed in paper form, electronically or on-line, and inputted in the relevant databases (clients, users, etc.) which will be accessible by, and, therefore, disclosed to, explicitly appointed personnel by the Data Controller, such as Data Processors or Persons in charge of the processing of personal data, and they will be allowed to carry out reference operations, utilization, processing, compare, and any whatsoever appropriate operation, even automated, in compliance with the necessary law provisions to guarantee, among others, privacy and data protection as well as their accuracy, revision, and relevance with regard to the declared purposes.
Modifications and updates
The present circular is effective at the indicated date.
Carter & Benson S.r.l. may modify and/or integrate the document also as consequence of potential and consequent modifications and/or updates of the regulation. Any modifications will be notified and the subject will view the updated text on the website www.carterbenson.com section Privacy & Cookie.