we wish to inform you that EU Reg. 679/2016 (and Legislative Decree No. 196/2003 and subsequent amendments and additions) provide for the protection of individuals with regard to the processing of personal data. According to these regulations, the processing of data must be conducted within the principles of correctness, legality, transparency and respect for your privacy and rights.
Pursuant to art. 13 of EU Reg. 679/2016, we hereby provide you with the following information:
Furthermore, your personal data may be communicated for the purposes referred to in point a), to:
c1) Your data will not be transferred by the Controller to a third country or an international organisation.
c2) In accordance with the Decision "Measures and arrangements for data controllers performed with electronic instruments relating to system administrator functions - 27 November 2008" (Official Journal No. 300 of 24 December 2008) and related additions and amendments, the Data Controller has specific appointed "System Administrators" who, as part of performing their duties, can access, even indirectly, services or systems that process or that allow the processing of personal information.
Your personal data will not be disseminated.
If a dispute arises, your personal data will be processed for all the time required in relation to said dispute.
The Controller, taking into account the state of the art and the cost of implementation and the nature of the scope of application, the context and purposes of the processing both when determining the processing means and during the processing itself (so-called risk analysis - accountability), has put in place appropriate technical and organisational measures, intended to effectively implement the principles of data protection and to integrate the necessary guarantees in the processing in order to meet the requirements of EU Reg. 679/2016 and protect the rights of the data subject.
In this perspective, your personal data will be processed for purposes that are related and/or instrumental to the commercial/professional relationship established in compliance with the objectives to be pursued referred to above.
The data will be processed by methods and instruments suitable to guarantee security (arts. 24, 25 and 32 EU Reg. 679/2016) and will be performed by means of an automated process and by non-automated means (paper archives). The Controller, in the context of processing your personal data for the purposes indicated above referred to in a), will use any technical and organisational measures to ensure a security level appropriate to the risk, so as to permanently ensure, their confidentiality, integrity, availability and the resilience of the processing systems and services (by way of example and not limited to: checks on both the assignment to data processors and the classification of such data; procedures, if sustainable, pseudonymisation and encryption and disaster recovery mechanisms).
Below are some of the legal bases of the processing put in place by the Data Controller:
The legal basis for processing your personal data for the purposes referred to in section a) (i) is represented by the need to implement the existing commercial relationship between you and the Data Controller, pursuant to art. 6.1(b) of EU Reg. 79/2016.
The legal basis for processing your personal data for the purposes referred to in section a) (ii) is represented by the need to fulfil a legal obligation the Data Controller is subject to pursuant to art. 6.1(c) of EU Reg. 79/2016.
The legal basis for processing your personal data for the purposes referred to in section a) (iii) is represented by the legitimate interests of the Data Controller to exercise or defend their rights in the courts (pursuant to art. 6.1.(f) of EU Reg. 679/2016), on which, the Controller does not consider that any of their rights, interests or fundamental freedom prevail.
The Data Controller is: OPTIMA SPA with a sole shareholder (a company subject to management and coordination activities by Cone Investments UK Ltd.), whose registered office is in Via Gaggio No. 72, in San Clemente (RN), Tax Code - VAT No. 01622060406, Telephone: +39 0541 859411, Fax: +39 0541 859412, Email email@example.com, Certified firstname.lastname@example.org (above and hereinafter defined as the “Controller”).
Pursuant to art. 28 of EU Reg. 679/2016, the Data Controller may use third parties that process data on their behalf and formally appointed by them as data processors. The complete and updated list of data processors appointed will be provided by the Data Controller on simple request, by sending a communication to the address indicated above.
Pursuant to art. 29 of EU Reg. 679/2016, the Data Controller may use anyone acting under their authority and/or the appointed processor; these subjects will be duly instructed.
The Data Controller has not currently appointed the DPO. (37 of EU Reg. 679/2016 and WP Guidelines article 29 of 13.12.2016), as no such figure is required in the organisation, given that the characteristics of the processing do not fall under the specific case referred to in the afore-mentioned article 37.
The Data Controller hereby informs you that:
The full text of the articles of EU Reg. 679/2016 relating to your rights (articles 15 to 23 inclusively) can be accessed at any time at the following links present on this website of the Data Protection Authority:
or, alternatively, they will be provided to you by the Controller on simple request, by sending a communication to the address indicated above.