The company RankLab Studio in person of the pro tempore legal representative (VAT number 01395270513) with registered office in Via Mansueto Dotti, 1) (hereinafter, “Owner”), as Data Controller of personal data in accordance with the articles 4 and 28 of the legislative decree 30 June 2003, n. 196 – Privacy Code (hereinafter “Code”) and of articles 4, n. 7) and 24 of EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereafter referred to as the “Rules”) pursuant to art. 13 of the Code and 13 of the Regulations which will proceed to the processing of personal data referred to customers or to those who request information via forms (if they are natural persons).
1. Object of the treatment
The data processed are: personal data; ID card number or passport or driving license, etc .; contact information such as telephone number, e-mail address, etc. (add or change according to requirements).
The personal data mentioned above will be used exclusively for the provision of the service as requested by the customer and for all activities that are instrumental, including the purposes of establishing and managing contractual relationships of any kind, as defined by the sector regulations.
The provision of the requested data is mandatory as necessary to perform the service and any refusal to provide such data could lead to failure to complete or maintain the contractual relationship; the treatment will be carried out both manually and through the use of IT procedures; the data will not be disseminated.
2. Purpose of the processing
The processing of data will be carried out to allow the performance of activities related to the establishment and management of the service requested to the Owner.
The same data will be processed in a lawful manner, according to correctness and with the utmost confidentiality, mainly with electronic and computer tools and stored both on computer media and on paper and on any other suitable support, in compliance with the minimum security measures as well as foreseen by the Code and by the Regulations.
Only if expressly authorized by means of appropriate flag / check the data will be used for sending information.
3. Methods of processing
The processing of personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for:
no later than 10 years from the conclusion of the contract;
no more than 2 years from the request for information.
In case of consent to the processing for sending commercial information, the email that will be inserted in the sending list will be used for the above mentioned purposes until the cancellation by the user and in any case no later than 5 years from the sending of the last email containing commercial information.
4. Access to data
The holder can provide access to personal data to the following subjects (for purposes of fulfillment of obligations related to the relationship established or for purposes of data retention security):
• to employees and collaborators of the Owner in their capacity as authorized persons and / or DPOs and / or system administrators, all formally appointed or appointed;
5. Communication of data
The Data Controller may communicate the data for the purposes referred to in art. 2 to Supervisory Bodies, Judicial Authorities and to all the other subjects to whom the communication is obligatory by law for the accomplishment of the purposes established by law. The aforementioned data will not be disseminated.
6. Storage and Data Transfer
The management and storage of personal data will be carried out on servers located within the European Union of the Owner and / or third-party companies appointed and duly appointed as Data Processors.
Currently the servers are located in Italy.
The data will not be transferred to outside the European Union. In any case it is understood that the Data Controller, if necessary, will have the right to move the server locations to other European Union countries and / or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements guaranteeing an adequate level of protection and / or adopting the provisions