The company the company NextAI Srl in the person of its legal representative p.t., VAT no. 02717930743, with headquarters in viale Francia snc - 72019 San Vito dei Normanni (BR), pec address: nextai.srl@pec.it (hereinafter, "Data Controller"), in its capacity as Data Controller of personal data pursuant to Article 1 of Legislative Decree No. 196 of June 30, 2003 - Privacy Code (hereinafter, "Code") and Articles 4, No. 7) and 24 of EU Regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data (hereinafter, "Regulation") informs pursuant to Article 13 of the Regulation that it will proceed to the processing of personal data referring to customers.
Foreword:
Under the European Data Protection Regulation, legal persons cannot be considered data subjects and therefore the European Regulation does not apply. However, if personal data referring to a natural person is included in the context of the collection of corporate data, that person is to be considered a data subject under the aforementioned regulation.
- Subject of processing (what data we process)
The data processed are: first and last name of the legal representative, date of birth, tax code, registered office, tax/VAT number, email, telephone, pec and/or recipient code,
- Purpose of processing and legal basis
Data will be processed to enable the performance of activities related to the establishment and management of the service requested from the owner.
In particular, the processing is necessary for the performance of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the data subject as well as the 'fulfillment of a legal obligation of an accounting and tax nature to which the data controller is subject. The processing of data may also be necessary in the event of disputes and therefore to assert a right or resist in court and this is in the legitimate interest of the company.
Providing the requested data is mandatory as it is necessary to carry out the service/request, and refusal to provide such data may result in failure to complete or maintain the contractual relationship.
Processing will be carried out by digital and analog means. The data will not be subject to public dissemination.
It is specified that the email indicated by the data subject will be exported to a CRM for sending newsletters for commercial purposes, pursuant to Article 130 paragraph 4 Privacy Code.
The data will be processed lawfully, fairly and with the utmost confidentiality, in compliance with the appropriate security measures as set forth in the Code and the Regulations.
- Method of treatment
The Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for: no longer than 10 years after the conclusion of the contract and/or the occurrence of any act interrupting the statute of limitations. For newsletter purposes, the data will be deleted after 5 years from the sending of the last commercial information.
- Disclosure of data
The Data Controller may communicate the data for the purposes mentioned in Art. 2 to subjects to whom the communication is required by law for the fulfillment of purposes related to the fulfillment of legal obligations. The data may also be communicated to subjects carrying out tasks on behalf of the Data Controller, appointed as data processors ex art. 28.
The data may be disclosed to any intermediaries in the proposed service who may process the data as autonomous data controllers ex art. 14.
- Data Retention and Transfer
The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or third party companies appointed and duly appointed as Data Processors. The data may be subject to transfer outside the European Union, in which case the Data Controller undertakes as of now to use appropriate transfer safeguards, entering into standard contractual clauses approved by the European Commission where appropriate.
- Rights of the data subject
The customer in his or her capacity as a data subject has the rights set forth in Article 15 of the Regulations, namely:
- The data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet recorded, and its communication in an intelligible form.
- The data subject has the right to obtain the indication:
- (a) of the origin of personal data;
- (b) of the purposes and methods of processing;
- (c) of the logic applied in the case of processing carried out with the aid of electronic instruments;
- (d) of the identification details of the owner, managers and representative;
- e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or appointees.
- The data subject has the right to obtain:
- (a) updating, rectification or, when interested, supplementation of data;
- (b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
- c) certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the protected right.
- The data subject has the right to object, in whole or in part:
- (a) for legitimate reasons to process personal data concerning him/her, even if relevant to the purpose of collection;
- (b) to the processing of personal data concerning him/her for the pursuit of purposes not covered by Art. 2.
Also pursuant to Articles 15 et seq. of the GDPR, the user has the right to request at any time, access to his personal data, rectification or deletion of the same, restriction of processing in the cases provided for by Article 18 of the GDPR, obtain in a structured, commonly used and machine-readable format the data concerning him, in the cases provided for by Article 20 of the GDPR. At any time, the user may revoke ex art. 7 of the GDPR the consent given; lodge a complaint with the competent supervisory authority ex art. 77 of the GDPR if he/she considers that the processing of his/her data is contrary to the legislation in force.
The user may make a request to object to the processing of his or her personal data pursuant to Article 21 of the GDPR in which to give evidence of the reasons justifying the objection: the Data Controller reserves the right to evaluate the request, which would not be accepted in case of the existence of compelling legitimate reasons to proceed with the processing that override the user's interests, rights and freedoms.
The interested party at any time may exercise the rights referred to in the preceding article by sending:
- a registered letter with return receipt to: NextAi Srl viale Francia snc - 72019 San Vito dei Normanni (BR),
- an e-mail to the PEC address: nextai.ltd.@pec.it