+39 335 84 83 827
info@pegasoscar.it

Personal data processing and protection information statement (Art. 13 GDPR)

 

Paolo Iannaccone provides information on how he processes and protects personal data he may acquire from and process through the website.

 

Art. 1. Data Controller: collects data and decides processing purposes/ methods

PEGASO’S di Paolo Iannaccone

VAT number:                                03586780987

Tax Identification number:           NNCPLA78H11A509E

Address:                                       Via Tengattini n. 36/A, 25030 Paratico (BS)

Telephone:                                   3358483827

Email:                                           p.iannaccone@pegasoscar.it

Certified email:                            paolo.iannaccone@pec.it

 

Art. 2. Purposes and legal basis for processing: why data are processed and what justifies processing

Data are processed for the following purposes.

Purpose a) – Online contacts

  • fulfilment of precontractual obligations (respond to requests submitted through the contact form on the website in the “contact me” section);

Legal basis: execution of the contract.

Refusal to provide compulsory data (indicated with a *) prevents the controller from responding to requests.

Purpose b) – Anonymous statistics

  • Collection of anonymous statistical data on visits to the website.

Legal basis: controller’s legitimate interest.

The Controller does not profile data.

 

Art. 3. Processed data and processing methods

The following data are processed in order to fulfil the purposes of Art. 2:

Purpose a) – Online contacts

  • Compulsory data: name, email, message
  • Optional data: surname, mobile

Purpose b) – Statistics

  • Anonymous statistical data are collected on visited website pages. We do not
    collect the user’s IP address and therefore we are unable to identify which pages you are visiting.

All disclosed data are processed within the limits strictly necessary for the achievement of purposes set forth in Art. 2 here above, in hard copy or by computerised means.

 

Art. 4. Data conservation

Data are processed and stored at the Data Controller’s office and in company devices (e.g. computer, server, smartphone, etc.).

Data processing (hard copy or digital) is executed with appropriate measures for ensuring the security and confidentiality of personal data and specifically in compliance with adequate security measures and in accordance with the principles of propriety, necessity and proportionality.

Some of the software used by the Data Controller is managed by cloud systems (e.g. email inboxes and management software). Providers have been selected to ensure the safeguarding and confidentiality of data.

Some data may also be present in backup systems. If this is the case, removal will not be possible. As of now we guarantee that in the event of a total system reboot, such data will be anonymised once more/deleted.

Collected and processed data are stored for the following periods:

Purpose a):        1 year from contract request.

Purpose b):        24 months

 

Art. 5. Communication and transmission of data

In the execution of normal contractual duties, employees and/or non-employed professionals working for the Data Controller have access to data in their capacity as authorised processing persons.

No data is sold to third parties.

 

Art. 6. Data transmission beyond the EU

No data is transmitted beyond the EU.

 

Art. 7. Rights of the data subject

Art. 7 no. 3 The data subject has the right to withdraw their consent at any time; Art. 15 Right to access, including the right to obtain information on the personal data conservation period. Right to obtain indication on the origin of collected data as well as on the processing purposes and methods. Right to lodge a complaint with the Personal Data Protection Authority; Art. 16 Data Subject’s right to obtain the updating, rectification, integration of personal data; Art. 17 Right to cancellation /the right to be forgotten (when provided for); Art. 18 Right to the limitation of processing (when provided for); Art. 20 Right to data portability (when enabled by current technology); Art. 21 Right to object to processing; Art. 22 Right to not be subjected to a decision solely based on automated processing, including profiling.

Art. 19 requires the Data Controller to notify of rectification, erasure and/or limitation of processing requested by data subjects.

 

Art. 8. Requests from data subjects: how rights can be exercised

Requests pertaining to the exercise of rights set forth in Art. 7 here above can be submitted by data subjects to the Data Controller by registered letter or email, to the addresses provided in Art. 1 here above.

In all submitted requests, data subjects must enclose a valid identification document.

 

Art. 9. Updating of this information statement

This Information Statement may be modified and integrated, including as a consequence of legislative modifications/ integrations. Data subjects will be informed of any modifications.

You are reminded that the data subject can obtain the latest updated text of the information statement by sending a request to:

p.iannaccone@pegasoscar.it