Pursuant to Art. 13 of European Regulation 2016/679 (hereinafter, GDPR) on the protection of personal data, our Company, Integhra S.R.L., as Data Controller, informs you that the data concerning you, whether provided by you or acquired otherwise, will be processed in accordance with the aforesaid regulation.

Personal data will be processed lawfully, fairly, and in a transparent manner in relation to the data subject.

Processing of personal data means any operation or set of operations being performed, whether or not using electronic means, concerning the collection, recording, organisation, storage, consultation, processing, change, selection, retrieval, comparison, use, combination, block, communication, dissemination, erasure, and destruction of data, even if not entered in a database.

DATA CONTROLLER

Our company, Integhra S.R.L. (VAT 06517620487), acting through its Legal Representative, with office at Via Arnolfo, 32, 50121 Florence (FI), e-mail: info@integhra.it – certified email: integhra@legalmail.it  – Tel. 055-5520168.

DATA PROTECTION OFFICER (DPO)

Atty. Clementina Baroni (VAT 02001880356 and tax code BRNCMN73T50L826B), specifically designated as DPO, with registered office at Via Domenico Francesco Cecati, 1/1, 42123 Reggio nell’Emilia (RE), email: info@studiolegaleavvbaroni.it  – certified email: clementina.baroni@ordineavvocatireggioemilia.it – Tel. 0522506307.

CATEGORIES OF DATA PROCESSED

The Data processed are:

-in case of a natural person, his or her identity details (including, but not limited to, his or her name, surname, place and date of birth, tax code , identity document, tel. no., email address, IBAN);

-in case of a legal person, the data processed will include, but will not be limited to, its business name or the name of the company’s owner/contact person, email address, IBAN, name, surname, place and date of birth, tax code of any contact persons and/or representatives of the Customer company;

-the personal data, under Arts. 9-10, of the Customer’s staff/collaborators and their family members

PURPOSES OF PROCESSING

A. ESTABLISHMENT AND ENFORCEMENT OF THE SERVICE CONTRACT which, for example, takes the shape of: pre-contractual activities, execution of the agreement for its fulfilment, payments, the management and organisation of service supply, and litigation management.

Legal basis of processing: data processing is justified by the agreement for the supply of goods or services to which you are party (Art. 6(b) GDPR).

Recipients of data: the data collected for the stated purpose may be communicated to professional firms of lawyers, accountants or labour consultants, to data processors designated pursuant to Art. 28 of EU Reg. 2016/679, to insurance companies, IT consultants/system administrators, joint controllers, and independent data controllers.

The updated list of data processors is held at the Controller’s premises and may be consulted at any time after requesting access to your data.

Duration of processing: the data collected for the aforesaid purpose shall be kept until termination of the contractual relationship for any reason or for a longer period upon expiry of the ordinary limitation period for contractual liability, without prejudice to special requirements for further data storage.

Failure to provide data: the provision of the data required for the stated purpose is a contractual obligation which the data subject is required to meet. The data subject’s failure to provide such data will prevent agreement performance.

B. COMPLIANCE WITH LEGAL OBLIGATIONS which, for example, take the shape of: administrative and accounting obligations, tax obligations.

Legal basis of processing: data processing is justified by compliance with a legal obligation to which the Controller is subject (Art. 6(c) GDPR).

Recipients of data: the data collected for the stated purpose may be communicated to: credit institutions, the Revenue Agency, other public bodies and/or private entities to which data communication is required under law, professional firms of lawyers, accountants or labour consultants, data processors designated pursuant to Art. 28 of Reg. 2016/679, insurance companies, IT consultants/system administrators, joint controllers, and independent data controllers.

The updated list of data processors is held at the Controller’s premises and may be consulted at any time, subject to requesting access to your data.

Duration of processing: the data collected for the aforesaid purpose shall be stored for the time laid down by the law requiring the processing or for a longer period relating to the limitation period of the relevant rights, without prejudice to special requirements for further data storage in connection with any new legal obligations. 

Failure to provide data: the provision of data is required and necessary to fulfil legal obligations. The data subject’s refusal to provide data will prevent the continuance of the relationship.

With respect to points A and B above, the Data Controller also provides the following information:

Methods of processing: data are processed for the purposes set out above using electronic, IT or paper media in compliance with the rules on confidentiality and security laid down in the aforementioned regulations and other consequent laws.

Transfer of data abroad:  The data collected for the aforesaid purposes shall not be transferred to non-EU countries.  However, the Controller may use cloud services; in which case, the service providers will be selected from amongst those providing appropriate safeguards, as laid down in Article 46 of EU Regulation 2016/679.

Automated decision-making: the data collected for the aforesaid purposes will not be subject to automated decision-making (including profiling).

Rights of the data subject: pursuant to EU Reg. 2016/679, the data subject has the right:

• to access personal data to know (“responsive transparency”) the purposes of the processing, the categories of personal data collected, the recipients of data communication, in particular recipients in third countries or international organisations, the envisaged period for which the personal data will be stored (Art. 15);
• to obtain the rectification of data (Art. 16);
• to obtain the erasure of personal data if they are no longer necessary in relation to the purposes for which they were collected and if there is no further legal need for their storage (Art. 17 GDPR);
• to request restriction of processing (Art. 18);
• to request data portability (Art. 20);
• to object, on grounds relating to his or her particular situation, to processing (Art. 21 GDPR). In this case, we will no longer process your data unless compelling legitimate grounds for the processing are demonstrated (e.g. for the defence of legal claims).
• not to be subject to automated decision-making, including profiling (Art. 22);

Lastly, the data subject has the right to lodge a complaint with a supervisory authority under Art. 13 (2) (d) and Art. 77 of the Regulation.

Exercise of data subject’s rights: the data subject may exercise his or her rights at any time, in accordance with Art. 12 of EU Regulation 2016/679, by:

• Sending a registered letter with return receipt to the registered office of the Controller, Integhra S.R.L., at Via Arnolfo, 32, 50121 Florence (FI);
• Sending an email to the following addresses:

certified email integhra@legalmail.it;

email info@integhra.it

or by sending a registered letter with return receipt to the

• DPO: Atty. Clementina Baroni, with registered office atVia Domenico Francesco Cecati, 1/1, 42123 Reggio nell’Emilia (RE);
• certified email:  clementina.baroni@ordineavvocatireggioemilia.it;
• email: info@studiolegaleavvbaroni.it

Referral: any issue not provided for herein shall be governed by the relevant laws in force and, in particular, Regulation 2016/679 and Legislative Decree no. 196/03, as amended by Legislative Decree no. 101/18 as amended and supplemented, and by any other measure related thereto.