PRIVACY POLICY

INFORMATION IN IMPLEMENTATION OF EU REGULATION 2016/679

Pursuant to art. 13 of European Regulation (EU) 2016/679 (hereinafter GDPR), and in relation to personal data which ICM S.r.l. (hereinafter “Data Controller”) will come into your possession, we inform you of the following:

Data conroller and person responsible for the protection of personal data

The data controller is ICM S.r.l. in Via Don Sasselli d’Era, 26 – 37041, Albaredo d’Adige (VR) with telephone +39 045 6600611 and fax +39 045 6609560, with email: info@icmcave.com and email pec icmcavesrl@pec.it. The Owner has not appointed a Data Protection Officer (DPO).

Purpose of data processing

The treatment is aimed at the correct and complete execution of the activity of computer assistance and your data will be processed in order to:

• comply with tax and accounting obligations;
• comply with the obligations imposed on the holding by the legislation in force;
• establish, manage and terminate a contractual and commercial relationship;
• provide IT support services.

Methods of data processing

The processing is carried out by means of the operations indicated in art. 4 GDPR: collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication, trasmission, dissemination, or any other form of provision, comparison or interconnection, limitation, cancellation and destruction of data.

The operation can be carried out with or without the aid of electronic or automated instruments. The treatment is carried out by the Owner or external managers or by those authorized to the treatment. Personal data are processed in ways that are strictly necessary to meet the above purposes.

Legal basis of the treatment

The owner of the treatment treats your personal data lawfully, where the treatment:

• is necessary for the wxecution of an order or contract to which you are a party or for the execution of pre-contractual measures taken on request;
• is necessary to comply with a legal obligation incumbent on the Data Controller.

Consequences of failure to provide personal data

With regard to personal data relating to the execution of the contract to which you are party or relating to the fulfilment of a legal obligation (for exemple, the fulfilments related to the maintenance of accounting and tax records), the failure to provide personal data prevents the conclusion of the contractual relationship itself.

Data transfer to third countries

The management and storage of personal data will take place on servers located within the European Union, owned by the Data Controller or by third companies apponted and duly appointed as Data Processors. It is understood that the data controller, if necessary, will have the right to move the location of the servers in Italy an/or European Union, and/or Non-EU countries. Personal data may also be transferred outside the EU to subjects with whom a collaboration is in progress for the establishment and management of the task received from the Data Controller. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, by concluding, where necessary, by adopting guaranteeing an adequate level of protection, and/or by adopting the standard conctractual clauses provided for by the European Commission. In any case, it should be noted that the Data Controller will never transfer the personal data collected to third parties.

Data retention

Your personal data, subject to processing for the purposes indicated above, will be kept the duration of the contract and, subsequently, for the time in which the Data Controller is subject to obligations of storage for tax purposes or for other purposes, provided by law or regulations.

Data communications

Your personal data may be cmmunicated to:

1. consultants, accountents or lawyers who provide functional service for the above purposes;
2. banks and insurance companies that provide functional services for purpose indicated above;
3. subjects who porcess the data in execution of specific legal obligations;
4. judical or administrative authorities, for the fulfilment of legal obligations.

Data profiling and dissemination

Your personal data is not subject to dissemination or to any fully automated decision-making process, including profiling.

Right of the data subject

Among the rights granted to you by the GDPR are those of:

• ask the Data Controller for access to your personal data and information relating to the same; the rectification of inaccurate data or the integration of incompleta data; the cancellation of personal data relating to you (if one of the conditions indicaated in art. 17, paragraph 1 of the GDPR occurs and in coliance with the exceptions provided for in paragraph 3 of the same article); the limitation of the processing of your personal data (if one of the hypotheses indicated in art. 18, paragraph 1 of the GDPR occurs);
• request and obtain from the Data Controller – in the event that the legal basis of the processing is the contract or consent, and the same is carried out by automated means – your personal data in a structured format and readable by automatic device, also in order to communicate such data to another data controller (so-called right to portability of personal data);
• object at any time to the processing of your personal data to the occurence of special situations that effect you;
• revoke consent at any time, limited to cases where the processing is based on your consent for one or more specific purposes and concerns common personal data (e.g. date and place of birth or place of residence), processingbased on consent and carried out prior to revocation of the same retains however, its lawfulness;
• lodge a complaint with a supervisory authority (Data Protection Authority – www.gareprivacy.iantt).