Information to be provided ex art. 13, GDPR – contact form
Identity and contacts of the Controller
The Controller is Minella Tiziana – Via Vittoria Colonna 32, 10155 Torino (TO – Italy), VAT IT03152590018, tax code MNLTZN62P54L219G; mob. +39 366.476.13.38 – +39 338.6626635 – @: tizianaminella@dataprotectionconsultant.it; info@dataprotectionconsultant.it; PEC: tizianaminella@pec.dataprotectionconsultant.it (hereinafter: «the Controller»).
Source and nature of personal data and purposes of processing
Personal data are collected directly from the data subject and consist of first name, last name and e-mail provided by the data subject and information included in the contact message. They are processed for the following purposes:
a) to reply to the message
b) to comply with laws, regulations and EU legislation
c) to establish, exercise or defend legal claims, in court proceedings, for the Controller’s or third parties’ rights, as well as to reply to requests by law enforcement, judiciary and public bodies for their tasks of control, assessment and institutional activities.
Means of processing
The Controller processes data with automatic means and without any criteria of elaboration and analysis, storing them in its filing systems. Preventative security measures are applied to prevent data from loss, destruction, alteration (whether by accident or not), unlawful or unauthorised access.
Legal basis of processing
a) for the purpose referred to in letter a), paragraph «Source and nature of personal data and purposes of processing», the legal basis is art. 6, par. 1, letter b), GDPR, since data processing is necessary for the performance of obligations taken towards the data subject
b) for the purpose referred to in letter b), paragraph «Source and nature of personal data and purposes of processing», the legal basis is art. 6, par. 1, letter c), GDPR, since the processing is necessary for compliance with a legal obligation to which the Controller is subject
c) for the purpose referred to in letter c), paragraph «Source and nature of personal data and purposes of processing», the legal basis is the «legitimate interest» of the Controller or of a third party (art. 6, par. 1, letter f), GDPR), since the processing is aimed at establishing, exercising or defend a right or to comply with decisions and requests of information submitted by supervisory authorities and institutional bodies.
Processors, persons authorised to process personal data, autonomous controllers
a) Personal data are processed directly by the legal representative of the Controller.
b) At present, the Controller has not engaged any processor.
c) Personal data may be processed by autonomous controllers (e.g.: Internet Provider) to carry out activities connected to the management of the accesses to the Internet and to this website and, if not here described, they shall provide the user with information ex art. 13, GDPR.
Communication of personal data
Personal data may be communicated to supervisory authorities and judiciary or public bodies for their institutional tasks or to comply with legal obligations to which the Controller is subject (purposes referred to in letters b) and c), paragraph «Source and nature of personal data and purposes of processing»).
Period of data storage
Data will be stored depending on the purposes of their processing. The period for which data will be stored is determined by the Controller as follows:
a) for the purpose referred to in point a), «Source and nature of personal data and purposes of processing», personal data will be stored as long as the request is not fully fulfilled, which means that the user may be contacted more times if the request is not completely fulfilled at the first contact. Then, personal data will be erased
b) for the purpose referred to in point b), «Source and nature of personal data and purposes of processing», the period of data storage is determined by the single national and EU rules and laws governing legal obligations to which the Controller is subject
c) for the purposes referred to in point c), «Source and nature of personal data and purposes of processing», the period of data storage depends on the duration of the legal proceedings and from what it is imposed by supervisory authorities and institutional bodies.
Where data are processed and transfers of personal data to third countries
Personal data are processed at the Controller’s office and they are stored in the Controller’s filing system. It is understood that, if need be, the Controller will have the right to transfer personal data to third countries. In this case, the Controller assures that the transfer will take place in accordance with provisions in force, on the basis of an agreement or contract which ensures an adequate level of protection and/or by adopting the contractual clauses issued by the Decision 5th February 2010 of the European Commission (articles 45, 46, 47 and 49, GDPR).
Data subjects’ rights ex arts. 15-21, GDPR
You can exercise the rights of access, rectification, portability, right to be forgotten, restriction of processing, objection to the processing on legitimate grounds or you can unsubscribe to the newsletter service by writing to: Minella Tiziana – Via Vittoria Colonna 32, 10155 Torino (TO – Italy) or by e-mail info@dataprotectionconsultant.it.
How to lodge a complaint with the supervisory authority
The data subject has the right to lodge a complaint with the supervisory authority (Garante per la Protezione dei Dati Personali – Piazza Venezia 11, 00187 Roma (RM – Italy) – www.garanteprivacy.it, e-mail protocollo@pec.gpdp.it, using the format which can be downloaded at https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw) to exercise and defend the right of data protection.
Leave a Reply