INFORMATION FOR PERSONAL DATA PROCESSING
(Pursuant to Art. 12 of EU Regulation 2016/679 of the European Parliament and Council)
Company Magnetic Systems Srl with registered office in Via G. B. Vico, 25/A – 20010 Cornaredo (MI), VAT 12884060158, in capacity as Controller of the personal data processing, would like to inform you that EU Regulation 2016/679 of the European Parliament and Council (“General Regulation on Data Protection), establishes regulations on the protection of natural persons as regards processing of personal data, as well as regulations concerning the free circulation of said data.
The regulation protects the rights and fundamental freedoms of natural persons, specifically the right to personal data protection.
The data controller (natural or legal person who establishes the aims and methods for personal data processing) implements appropriate measures to provide the data subject with all information concerning the processing.
According to the indicated regulations, said processing shall be inspired by principles of fairness, lawfulness and transparency and protection of your confidentiality and your rights.
Pursuant to article 12 of EU Regulation 2016/679, in case of collection from the data subject of data concerning them, the Data Controller provides the following information to the data subject, when the personal data are obtained:
Object of the Processing
The Data Controller handles the personal data, identification of a natural person (data subject) such as name, surname, ID number, company name, address, telephone, email, bank and payment details etc. you have provided upon entering into contracts for the Data Controller’s services.
Data Controller and Representative of the Controller
The Data Controller is:
MAGNETIC SYSTEMS SRL with registered office in Via G.B. Vico, 25/A – 20010 Cornaredo, (MI), VAT 12884060158, Tel +39 02 93562264 / Fax +39 02 93562541, firstname.lastname@example.org
The Representative of the Data Controller (where applicable) is: Not appointed.
Person Responsible for Data Protection (where applicable)
The Person Responsible for data protection is: Not appointed.
Aims of data processing
The data provided by you shall be processed without your express Consent for the following aims:
2A) execution of a contract
3A) execution of pre-contractual measures
4A) legal obligation the data controller is subject to
7A) pursuit of the lawful interest of the Data Controller or third parties.
The data processing is lawful because:
2C) data processing is necessary for the execution of a contract of which the data subject is a part or for the execution of pre-contractual measures taken upon request of the same,
3C) the processing is required to fulfil a legal obligation the Controller of processing is subject to
4C) data processing is necessary to safeguard the vital interests of the data subject or another individual;
6C) the processing is required for the pursuit of the lawful interest of the Controller of the processing or of third parties, provided that they do not undermine the data subject’s interests or rights and fundamental freedoms that require personal data protection, in particular if the data subject is a minor
Lawful interests of the data controller(where applicable only if the lawfulness conditions of the processing under point 3 are type 6C)
The processing of data is based on the following lawful interests: any right to legal defence.
Methods of data processing
The personal data are processed by means of the operations set out in art. 4 par. 2) and more precisely: the collection, recording, organisation, layout, storage, adaptation or modification, extraction, referencing, use, disclosure by sending, disseminating or any other form of disclosure, comparison or interconnection, limitation, deletion or destruction;
the data are processed by using appropriate instruments and procedures to assure safety and confidentiality.
The personal data shall be processed with the following methods:
- paper manual
- computerised manual (without automated decision process)
With no need for express consent (pursuant to art. 6 lett. b) and c)), the Data Controller may disclose your data for the purposes referred to above to Supervisory Bodies, Judicial Authorities, to insurance companies, as well as to entities to whom disclosure is mandatory by law for the accomplishment of said purposes. Said entities shall process the data in their capacity as independent data controllers.
- the data may be/shall be disclosed to the following categories of recipients: external managers who take part in company processes solely to fulfil specific legal obligations and in compliance with contractual obligations, public and private bodies for social security, welfare and insurance purposes
Disclosure of the data to a third party country or international organisation
- The personal data shall not be sent to a third party country or international organisation.
Nature of the provision of data and consequences of the refusal to answer
The Data Controller is obliged to inform the data subject if the disclosure of the personal data is a legal or contractual obligation or a necessary requirement for entering into a contract, and whether the data subject is obliged to provide their personal data as well as the possible consequences of failure to provide said data;
The provision of the data is:
- mandatory (Point 4, letter A)
In the case where the data provision for the indicated purposes is mandatory, the reason of the obligation is due to the execution of a contract.
In the case where the data provision for the indicated purposes is mandatory, any refusal to provide said data:
- might entail failed execution of the contract,
- might entail partial execution of the contract,
- failed continuation of the contract,
- failure to provide the services;
The Data Controller shall process the personal data for the time strictly required to fulfil the above purposes. The processed personal data shall be stored for the activation period of the service and for a maximum time of 10 years from its discontinuation.
Rights of the data subject
The data subject may exercise their rights with the data controller at any time.
Art. 13 letter b) of EU Regulation 2016/679, states that when the personal data are obtained, the data controller provides the data subject with the existence of the following rights required to assure correct and transparent processing of the personal data:
- access to the data (Art. 15)
- rectification of data processing (art. 16)
- cancellation of the data (Art. 17)
- limitation of data processing (Art. 18)
- objection to data processing (Art. 21)
- portability of the data (Art. 20).
In addition to the rights under article 13, the EU Regulation set forth additional rights that may be exercised by the data subject:
- revocation of consent (Art. 7)
- complain with an oversight authority (Art. 77).
The articles that specifically deal with the individual rights of the Data Subject are attached.
Right to revocation of consent (Art. 7)
Art. 7 paragraph 3, states that the data subject has the right to revoke their consent at any time in the following cases:
- where the processing is based on consent given to processing of one’s data for one or more specific purposes (article 6, paragraph 1, letter a),
- where the processing concerns the particular categories of personal data (personal data that reveal race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data regarding health or sexual life or sexual orientation) and is based on consent given to processing of one’s data for one or more specific purposes (article 9, paragraph 2, letter a).
Revocation of consent does not prejudice the lawfulness of the processing based on consent given before the revocation.
The data subject is informed on that prior to giving their consent. The consent is revoked with the same ease with which it is granted.
Right to complain with an oversight authority (Art. 77)
Art. 77 states that the data subject, should they believe that the processing concerning them infringes this regulation, has the right to complain with an oversight authority, specifically in the member State where they normally reside or work or where the alleged infringement took place. Without prejudice to bringing any other administrative or judicial proceedings.
The Data Controller informs the data subject of the option of complaining with an oversight authority and to bring judicial proceedings.
The oversight authority the complaint has been filed with, informs the complainant of the status or outcome of the complaint, including the option of bringing judicial proceedings pursuant to article 78.
The data subject also has the right to bring actual judicial proceedings, should the oversight authority fail to handle the complaint or fail to inform them within three months of the status or outcome of the complaint filed. Without prejudice to bringing any other administrative or judicial proceedings.
Methods to exercise the data subject’s rights
The data subject may exercise the rights at any time by sending to the Data Controller and/or the Data Processor (where appointed):
- a registered letter with return receipt sent to: MAGNETIC SYSTEMS SRL with registered office in Via G.B. Vico, 25/A – 20010 Cornaredo (MI), VAT 12884060158;
- an email to: email@example.com
RIGHTS OF THE DATA SUBJECT (Articles 13-21)
Right to access the personal data (art. 15)
Right to rectify the personal data (Art. 16)
Right of deletion of personal data («right to be forgotten») (Art. 17)
Right to the limitation of personal data processing (Art. 18)
Right to object to personal data processing (Art. 21)
Right to portability of the personal data (Art. 20)