Policy for the Processing of Personal Data in accordance with Art. 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereinafter ''GDPR'')
This information is provided by Pirate Rocket S.r.l. (VAT number 02644170033) and by Inclusyon S.r.l. (VAT number 12594050960), with legal address in Milan at Via Giovanni Battista Sammartini, 33, as Joint Controllers (hereinafter the "Joint Controllers") of the processing of personal data (hereinafter the "Processing").
a) The Processing in which you are listed as a "Data Subject" shall be carried out for the following purposes:
- sending commercial communications via email and/or by telephone, on the basis of art. 6, co. 1, lett. f) of the GDPR, that is the legitimate interest of the Joint Controllers, which intends to protect its rights and interests provided by the relevant provision of the Guarantor Authority;
- for newsletter sending, according to art. 6, co. 1, lett. a) of GDPR.
|CATEGORY OF DATA PROCESSED||DATA TYPES|
|Personal data||Name, surname, address, telephone number, tax code, email address|
|CATEGORY OF RECIPIENTS||PURPOSE|
|Data processors and individuals authorized to process such data||Fulfillment of contractual obligations|
|Provider||Fulfillment of contractual obligations|
|Accounting/tax firm||Fulfillment of statutory fiscal obligations|
|Credit institutions, payment institutions, banks, postal services and insurance||Management of payments and insurance policies|
|Outside experts, professionals||Fulfillment of legal obligations other than tax obligations|
|Public Authority||Fulfillment of legal obligations|
- for the sending of commercial communications on the basis of the legitimate interest of the Joint Controllers and personal data will be kept for 5 (five) years;
- for newsletter sending the data will be kept for 5 (five) years;
- for tax purposes, personal data will be kept for a period of 10 years as prescribed by law.
e) personal data shall be processed in paper form, as well as by digital and telematic means of communication, without involving automated decision-making;
f) personal data shall not be disclosed to third parties not authorised to process them;
g) the Joint Controllers, in compliance with art. 32 of the GDPR, provide themselves with the appropriate security measures in relation to the Processing carried out, so as to guarantee the confidentiality, integrity and availability of the personal data, and requires the parties to whom such data is communicated to adopt the appropriate security measures in turn;
h) Data Subjects affected by the Processing, in accordance with art. 15 et seq. of the GDPR, are entitled to exercise the following rights:
- right to be informed that data processing is in progress concerning him/her and, if so, to have access to the personal data processed;
- right to rectification of personal data;
- right to erasure (right to be forgotten) of personal data concerning him/her;
- right to the restriction of the processing of personal data concerning him/her;
- right to data portability to receive, or have transmitted to another Controller, personal data concerning him/her in a structured, commonly used and machine-readable format;
- right to object to the processing of personal data;
- right to lodge a complaint with the competent authorities about a personal data processing breach.