Policy for the Processing of Personal Data in accordance with Art. 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereinafter "GDPR")
This information is provided by Pirate Rocket S.r.l. (VAT number 02644170033) and by Inclusyon S.r.l. (VAT number 10642430960), with legal address in Milan at Via Giovanni Battista Sammartini, 33, as Joint Controllers (hereinafter the "Joint Controllers") of the processing of personal data (hereinafter the "Processing").
a) The Processing in which you are listed as a "Data Subject" shall be carried out for the following purposes:- Assessment of pre-contractual relationships, based on Art. 6, para. 1(b) of the GDPR;
- Stipulation and execution of contractual relationships, on the basis of Art. 6, co. 1, lett.b) of the GDPR;
- Fulfillment of legal obligations, on the basis of Art. 6, co. 1, lett.c) of the GDPR.
Category of data processed | Data types |
---|---|
Personal data | Name, surname, address, telephone number, tax code, email address |
Payment Data | IBAN and bank data |
b) the Joint Controllers may communicate personal data to the following parties:
Category of recipients | Purpose |
---|---|
Data processors and individuals authorized to process such data | Fulfillment of contractual obligations |
Provider | Fulfillment of contractual obligations |
Accounting/tax firm | Fulfillment of statutory fiscal obligations |
Credit institutions, payment institutions, banks, postal services and insurance | Management of payments and insurance policies |
c) the period of conservation of personal data is as follows:
- for management purposes, personal data will be stored for 24 (twenty-four) months;
- for tax purposes, personal data will be kept for a period of 10 years as prescribed by law.
d) personal data is stored in computer files located both inside and outside the European Union, if this is decisive for the achievement of the purposes set out in point (a). In the latter case, the Joint Controllers shall ensure that personal data is treated with the utmost confidentiality by undertakings outside the European Union in compliance with the adequacy decisions of the European Commission, or, if necessary, by concluding agreements ensuring an adequate level of protection;
e) personal data shall be processed in paper form, as well as by digital and telematic means of communication, without involving automated decision-making;
f) personal data shall not be disclosed to third parties not authorized to process them;
g) the Joint Controllers, in compliance with art. 32 of the GDPR, provide themselves with the appropriate security measures in relation to the Processing carried out, so as to guarantee the confidentiality, integrity and availability of the personal data, and requires the parties to whom such data is communicated to adopt the appropriate security measures in turn;
h) Data Subjects affected by the Processing, in accordance with art. 15 et seq. of the GDPR, are entitled to exercise the following rights:
- right to be informed that data processing is in progress concerning him/her and, if so, to have access to the personal data processed;
- right to rectification of personal data;
- right to erasure (right to be forgotten) of personal data concerning him/her;
- right to the restriction of the processing of personal data concerning him/her;
- right to data portability to receive, or have transmitted to another Controller, personal data concerning him/her in a structured, commonly used and machine-readable format;
- right to object to the processing of personal data;
- right to lodge a complaint with the competent authorities about a personal data processing breach.
[email protected]
The Data Subject may also, at any time, contact the DPO by sending an e-mail to the following address:
[email protected]