Information on processing of personal data
- The Data Controller is Cultur-e srl, Via Vettore, 6 | 00141 Rome | Tel.+39 0664410500 firstname.lastname@example.org
- The Data Protection Officer is Simona Battistella.
- Cultur-e srl personnel will be appointed to manage the data.
Source of Personal Data
As per Article 13 of EU Regulation N. 679/2016, Cultur-e srl will manage the personal data that individuals have freely elected to transmit to our offices either in person or through websites.
Personal Data Processing Categories
Only for the objectives and in the conditions described in this document, information may be managed that is considered “personal data.” This includes general personal and contact information (i.e., mobile phone number, e-mail address, etc.).
Objective of Personal Data Processing and Legal Basis
As per the indicated Bill, the Data Controller guarantees that the processing of personal data will take place in respect of individual rights and fundamental liberties, as well as individual dignity, with particular attention to privacy, personal identity and the right to the protection of personal data.
- All personal data transmitted to interested subjects are managed in connection to:
- Administrative practices related to Cultur-e srl services and their implementation to allow users to enjoy custom-tailored services and their execution.
- Insertion of information in IT databases;
- Requirements related to requested services;
- Specific requests of interested parties.
The transmission of personal data is not mandatory, but refusal to transmit said data will hinder the execution of requested services based on said data. The legal basis in this case is legislative and the agreement between the parties to execute a contract.
- Personal data may also be used for promotional activities through the following Cultur-e srl services:
- Customer satisfaction on quality of provided services;
- Information and advertising concerning new initiatives, events, publications and e-mail services through the implicit subscription to mailing lists that are property of Cultur-e srl;
- Marketing, surveys and market analyses;
- Public relations activities.
The transmission of said personal data for the above-mentioned objectives is not mandatory. If the data is provided, the interested party must agree to its processing.
Data Transmission and Consequences of Data Processing Refusal
The transmission of personal data for the objectives described at Point 3.1 is necessary to provide and manage services. The Refusal to allow data processing will compromise service implementation by the Data Controller.
With reference to the objectives described in Point 3.2, the agreement to data processing is not mandatory and can be given by clicking on the relevant checkbox, for each objective described below. Lack of agreement will not compromise the implementation of requested services and will only affect the following issues:
- Cultur-e srl will not be able to conduct aggregate, anonymous statistical monitoring to improve the provided service;
- Cultur-e srl will not be able to provide information, communication and promotions through newsletters on company initiatives or initiatives provided by associate companies.
Data Transmission and Diffusion
The personal data that interested parties transmit to us voluntarily will in no way be disclosed to third parties. The personal data of interested parties, if necessary, may be communicated to:
- All parties that have the right to said data by law;
- Our collaborators, employees and suppliers, for their services and/or contractual obligations related to the interested parties;
- Post offices and couriers for the physical delivery of documentation and/or material;
- All public and private subjects, physical or juridical parties (legal, administrative and fiscal consulting services, judicial offices, chambers of commerce, Rome City Hall, etc.) for communications that are necessary and functional to the completion of our activities in the manners and with the procedures described above;
- Banks and banking institutions to manage incoming and outgoing payments for contract implementation.
In these cases, only the essential data necessary for the said objectives will be transmitted.
Transfer of Data to Third Countries
The Data Controller does not transfer personal data to third countries. However, the use of cloud services may require us to select the suppliers that provide the best guarantees, as established by Art. 46 GDPR 679/2016.
Data Processing Process
The processing concerns personal data used for common identification. Its processing includes both paper and digital archives that are carefully managed to guarantee security and confidentiality. Data will also be managed and protected from environments that are constantly monitored. This includes the adoption of all technical, IT, organizational, logistic and safety procedures required to guarantee a satisfactory protection of personal data as required by law and allow access to all parties responsible for data processing, as established by the Data Controller or appointed managers.
Length of Data Conservation
Personal data will be conserved for the amount of time that is necessary to pursue the objectives of the processing agreed upon by the user, specifically:
- Objectives indicated in Point 3.1 for the amount of time necessary to complete contractual obligations and, in any case, no more than 11 years from the data transmission for legislative requirements, and by the deadline established by law;
- Objectives indicated in Point 3.2
Access to Personal Data
The user can, at any moment, exercise the following rights:
- Access personal data – obtain confirmation (or not) that their data is currently being processed and have access to the following information: objectives, data categories, data recipients, conservation period and the existence of an automatic decisional process;
- Request to correct or delete said data or limit its processing – by “limit” we refer to the data fields marked for limited future processing;
- Oppose data processing – for reasons related to data processing for specific situations for assignments of public interest or the pursuit of legitimate interests;
- Data portability – in the case of automatic data processing based on agreements or for the execution of a contract, data will be transmitted in a commonly-used and legible, structured format for all data. Data will be provided in said fashion to the Data Owner by the Data Controller in an .xml or analogous format;
- Withdrawal of consent or limitation of data processing: this does not in any way hinder the lawfulness of the data processed prior to the withdrawal;
- Present a complaint as per Art. 77 GDPR to the control authority based on residence, place of work, or place of rights violation. In Italy, the Guarantor for the Protection of Personal Data may be contact through the forms available at: http://www.garanteprivacy.it.
The rights indicated above can be exercised by the Data Owner to the contacts indicated in this document. The right to refuse the processing of personal data for marketing purposes extends to traditional ones; moreover, the Data Owner may exercise this right only partially by refusing, for example, to receive communications from automated tools. Requests concerning the exercise of user rights will be completed timely and within one month of the request. In cases of particular complexity and multiple demands, this period may be extended by a further 2 (two) months.