INFORMATION NOTICE PURSUANT TO ART. 13 - 14 REG. EU No. 679/2016
FOR THE TREATMENT OF THE PERSONAL DATA OF BUSINESS CUSTOMERS

CONI PERFETTO SRL, with registered office in Casandrino (NA), Via P. Borsellino, 149, VAT number  01453901215, in the person of the legal representative pro tempore, as  HOLDER OF THE TREATMENT  (hereinafter "Owner"), informs you pursuant to articles 13 and 14 of EU Regulation no. 2016/679 (hereinafter "GDPR") that the data you provide will be processed in the manner and for the following purposes:
1. Object of the treatment The Data Controller, for the establishment and management of relations with you in progress, processes: - Your non-specific personal, identification, contact and tax data (for example: name, surname, company name, P . VAT, address, telephone, e-mail, bank and payment details, etc.);
2. Purpose of the processing and legal basis Your personal data are processed: a.  Without your express consent (Article 6 of the GDPR) for the following purposes: - To conclude contracts for the services of the Data Controller; - Fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you; - Fulfill the obligations established by law, by a Regulation, by community legislation or by an order of the Authority (for example: issuing invoices); - Exercise the rights of the Data Controller (for example: treasury management, right of defense in court, etc.). b.  Without your express consent (Article 6 of the GDPR), but with the right to oppose the so-called processing (opt out), to: - exercise a legitimate interest of the Data Controller, for example sending them via e-mail, newsletters and commercial communications on services offered by the Owner (similar to those already purchased) and detection of the degree of satisfaction with the quality of services.
3. Nature of the provision of data and consequences of failure to provide the data The provision of data for the purposes referred to in point  2.a)  it is mandatory and does not require consent. In the absence of such data we will not be able to provide our services. The use of your contact details for the purposes referred to in point  2.b)  it is in the legitimate interest of the Data Controller and does not require consent. However, you can decide at any time to deny the possibility of processing the data already provided for these purposes by sending an e-mail to: info@coniperfetto.it. In this case, you will not be able to receive newsletters, information material, commercial communications on services offered by the Data Controller. However, you will continue to be entitled to the services referred to in the point  2.a).
4. Processing methods The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR, and more precisely: collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, comparison or interconnection, limitation, cancellation and destruction of data. Your personal data are subjected to both paper and electronic processing. The treatment is carried out by persons in charge and collaborators in the context of their respective functions and in accordance with the instructions received, always and only for the achievement of the specific purposes, scrupulously respecting the principles of confidentiality and security required by the applicable regulations.
5. Access to data Your data may be made accessible for the purposes referred to in point 2: - To the employees and collaborators of the Data Controller in their capacity as data processors and / or system administrators; - To third-party companies or other subjects (by way of example: professional firms, consultants, other group companies, software houses that provide management, shipping carriers, credit institutions, insurance companies, etc.) who carry out outsourced activities on behalf of of the Data Controller, in their capacity as external data processors.
6. Communication of data Without the need for express consent (Article 6 of the GDPR), the Data Controller may communicate your data to the Public Administration, Supervisory Bodies and / or Judicial Authorities as well as to all other subjects to whom communication is mandatory or required by law. Your information will not be disseminated.
7. Data transfer We inform you that we generally try to avoid data transfers outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to transfer data to non-EU countries. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for by the Commission. European Union and / or binding corporate rules.
8. Data retention All personal data provided will be processed in compliance with the principles of lawfulness, correctness, relevance and proportionality, only with the methods, including IT and telematic, strictly necessary to pursue the purposes described above. The data is stored in accordance with the law based on the category of data processed and the purpose for which it is processed. The personal data are kept for 10 years from the moment the contract is concluded (Article 2220 of the Italian Civil Code). The data relating to the newsletter and the sending of commercial communications will be kept for 4 years from the last interaction. In the event of a request for cancellation by the interested party, the data related to the legitimate interest of the owner or necessary for the fulfillment of legal obligations may in any case be kept. It should be noted that the information systems used for the management of the information collected are configured, from the outset, in such a way as to minimize the use of personal data.
9. Rights of the interested party In his capacity as interested party, he has the rights referred to in art. 15 ss and art. 77 GDPR, and precisely the rights of: a)  obtain from the data controller confirmation as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information: the purposes of the processing; the categories of personal data in question; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients of third countries or international organizations; when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period; if the data are not collected from the interested party, all available information on their origin; the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject. b)  obtain from the data controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing an additional declaration. c)  obtain from the data controller the deletion of personal data concerning him without undue delay, if one of the following reasons exists: a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) the interested party revokes the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal basis for the processing ; c) the interested party opposes the processing pursuant to Article 21, paragraph 1, and there is no legitimate overriding reason to proceed with the processing, or opposes the processing pursuant to Article 21, paragraph 2; d) the personal data have been unlawfully processed; e) the personal data must be deleted to fulfill a legal obligation under the law of the Union or of the Member State to which the data controller is subject; d)  obtain from the data controller the limitation of the processing when one of the following hypotheses occurs: a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the interested party opposes the cancellation of personal data and requests instead that its use be limited; c) although the data controller no longer needs them for processing purposes, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court; d) the interested party opposed the processing pursuant to Article 21, paragraph 1, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party. And)  receive in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a data controller and transmit such data to another data controller without impediments by the data controller to whom he provided them if: a) the processing is based on or on a contract b) the processing is carried out by automated means. In exercising their rights regarding data portability, the interested party has the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible. f)  oppose at any time, for reasons connected with his particular situation, to the processing of personal data concerning him pursuant to article 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him for these purposes, including profiling to the extent that it is connected to such marketing g)  right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which significantly affects his person in a similar way. h)  right to lodge a complaint with a supervisory authority pursuant to art. 77.
10. How to exercise your rights You can exercise your rights at any time by contacting the Data Controller at the following e-mail address:  info@coniperfetto.it
Owner, manager and appointees The Data Controller is  CONI PERFETTO SRL, with registered office in Casandrino (NA), Via P. Borsellino, 149, VAT number  01453901215. The updated list of data processors and persons in charge of processing is kept at the registered office of the Data Controller.
This information is updated as of 01/28/2022