Pursuant to EU GDPR 2016/679 and existing Italian legislation on Personal Data Protection
Palladio Holding S.p.A., with registered office in Vicenza in Strada Statale Padana verso Verona, 6, Register of Companies of Vicenza, Tax I.D. and VAT code 03402170249 (hereinafter, "Data Controller"), as entity in charge of the data processing, would like to inform you pursuant to art. 13 of Italian Legislative Decree no. 196 of 30.6.2003 (hereinafter, "Privacy Code") and art. 13 of EU Regulation no. 2016/679 (hereinafter, "GDPR") that your data will be processed with the following methods and for the following purposes:
Subject of the processing
The subject of the processing are the personal data of the party concerned (demographic and identification data) and the data relating to electronic communications (via internet or telephone).
Purpose of the processing
The purposes of the data processing can be ascribed to the following macro-categories:
- administrative and accounting;
- prescribed by the Italian legislation in force;
- connected to the banking, credit, brokerage and consultancy sectors;
- security and crime prevention.
Lawfulness of the processing
Your personal data are processed for the fulfilment of the current contractual relationship and for the pursuit of the Data Controller's legitimate interests.
Your personal data will be processed through the operations indicated in art. 4, no. 2) of the GDPR and more specifically: collection, recording, organisation, retention, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Your personal data are processed in both paper and electronic and/or automated form.
Access to data
Your data can be provided for the purposes referred to in articles 2.A) and 2.B) to:
- employees and collaborators of the Data Controller, in their roles as internal data processors and/or system administrators;
- third-party companies or other entities performing outsourcing activities on behalf of the Controller, in their role as external persons in charge of the personal data processing.
Without the need for express consent, as provided for by art. 6, letters b) and c) of the GDPR, the Controller may communicate your personal data for the purposes referred to in art. 2.A) to those entities to whom the communication is obligatory by law for the completion of said purposes. Said entities will process the data in their role as independent data controllers.
Your data will not be disseminated.
Personal data are stored on servers located in Italy, and within the European Union. It remains in any case understood that the Data Controller, where necessary, shall have the right to move its servers, also outside of the EU. In this case, the Data Controller ensures from this moment on that the transfer of data outside the EU will be carried out in accordance with the provisions of applicable law, after stipulation of the standard contractual clauses envisaged by the European Commission.
Rights of the party concerned
In your role as party concerned, you have the following rights:
to obtain confirmation of the existence or otherwise of personal data relating to you, even if not yet recorded, and their communication in an intelligible form;
to obtain an indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied when processing is carried out with the aid of electronic tools; d) the identification data of the Data Controller, those responsible for the data processing and the appointed representative; e) the entities or categories of entities to whom the personal data can be communicated or who can be informed as representatives of data processors or persons in charge designated in the State's territory;
to obtain: a) the updating, rectification or, where interested, integration of the data; b) the cancellation, transformation into anonymous form or the blocking of data treated in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) the declaration that the operations described in letters a) and b) have been brought to the knowledge, even as regards their content, of those to whom the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
to oppose, in whole or in part, for legitimate reasons, to the processing of personal data relating to you, even though relevant to the purpose of the collection.
Where applicable, you also have the rights declared in articles 16-21 of the GDPR (Right to rectification, right to be forgotten, right to limit processing, right to data portability, right to oppose), as well as the right to lodge a complaint with the Supervisor Authority.
Duration of information retention
We will retain your personal data only for the time necessary for the achievement of the purposes for which they were collected or for any other connected lawful purposes, and in any case for a period laid down by the prevailing laws.
Access to personal data is restricted to only those who need to use them for important aims.
The personal data that are no longer needed, or for which there is no longer a legal basis for its retention, are irreversibly rendered anonymous (and can be retained in this state) or destroyed in a secure manner.
If disputes arise and we must defend ourselves, act or even make claims against you or third parties, we may retain the personal data that we deem reasonably necessary for processing for these purposes, for a period of time in which such a claim can be pursued.
How to exercise your rights
You can exercise your rights at any time, including the right to cancellation of personal data, in compliance with the law on retention by sending:a registered letter with return receipt to the Data Controller;a certified email to the address: firstname.lastname@example.org
This information could be subject to amendments. If the Data Controller makes substantial changes to the use of the user's data, the former will alert the user by posting them with the utmost clarity on their pages or through alternative or similar means.