PRIVACY POLICY STATEMENT

Pursuant to Articles 13 and 14 of EU Regulation 679/2016 and generally in compliance with the transparency principle established by the same Regulation, INDACO PROJECT Srl has prepared this Privacy Notice containing provisions aimed at ensuring that the processing is carried out in respect of the fundamental rights and freedoms of natural persons, with particular regard to the right to the protection of personal data.

1. Data Controller

INDACO PROJECT s.r.l. as Data controller, is legal entity that determines the purposes and means deemed appropriate to ensure full compliance with the regulations. The company details are provided below:

• Company Name: INDACO PROJECT Srl
• P.IVA: 02196721209
• Registered Office: Via Bruno Buozzi, 16 - 40013 Castel Maggiore (BO) - ITALY
• Email: Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.
• Certified Email (Pec): Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.
• Phone Number: 0039/051/6166900

The updated list of Data Processors and authorized personnel is kept at the Data Controller’s registered office.

2. Types of Data and Processing Purposes

INDACO PROJECT srl collects all personal data necessary for the subscription of the contract for the supply of products and services, for managing the obligations related to the provision of services, for handling technical assistance, and all data required for the continuous improvement of the service provided. Additional purposes of processing may arise from operational and management needs, control over the execution of services, verification of tax and social security compliance, management of any contractual breaches and related disputes, warnings, debt recovery, arbitration, legal disputes, etc. Failure to provide data, due to the data subject’s refusal, results in the impossibility of executing the contract.

3. Methods of Data Processing and Data Retention

The processing will be carried out, with or without the aid of electronic tools, according to the principles of fairness, lawfulness, and transparency, in order to safeguard at all times the confidentiality and rights of the data subjects, in compliance with the provisions of the applicable legislation. The IT applications produced and marketed by INDACO PROJECT are capable of ensuring the exercise of all rights provided by EU Regulation 2016/679, known as the GDPR, through automated and/or manual functions, which can be activated by some of the Software Users. The collected data will be retained, in accordance with the applicable legislation, for no longer than necessary to achieve the purposes for which they are processed, and in any case in line with the contractual timelines agreed between the parties, upon a specific request from the Customer. In the event of termination of the supply relationship, INDACO PROJECT will make the data available to the Customer, releasing itself from any further obligation to retain data for civil and/or tax purposes.

4. Person Authorized to Process Personal Data

The personal data collected are processed by authorized personnel who need to access them in the course of their duties, as well as by external parties who may act, depending on the case, as joint controllers or data processors. INDACO PROJECT, when deemed necessary, reserves the right to appoint external Data Processors such as companies and/or professionals entrusted with data processing in the context of support services or related activities; these suppliers will have access only to the personal data necessary to perform their tasks. Third-party service providers are also required to process personal data in compliance with this Privacy Notice and applicable data protection laws. The Data Controller reserves the right to transfer personal data to a third country based on the European Commission’s adequacy decisions or on appropriate safeguards provided by current legislation, committing not to disclose the data. Without prejudice to communications made in compliance with legal and contractual obligations, all collected and processed data may be communicated, exclusively for the purposes specified above, to all parties authorized to access such data by law; to employees, collaborators, and suppliers of the Data Controller within the scope of their duties; among the Data Controller’s suppliers are, by way of example, banking and credit institutions, insurance companies, legal advisors, tax consultants and accountants, debt collection agencies, companies that perform financial risk assessments, fraud prevention companies, public administrations, supervisory and control authorities.

5. Rights of the Data Subject

European Regulation No. 679/2016 on the protection of personal data grants the Data Subject the exercise of specific rights, including the right to request from the Data Controller:

• access to personal data, as well as obtaining a copy in an accessible format;
• rectification of data;
• withdrawal of consent, where processing is based on consent given by you; you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal;
• erasure of data, in exercise of the right to be forgotten or upon termination of the supply contract;
• restriction of processing;
• objection, in whole or in part, to processing for legitimate reasons (under certain circumstances, you may object to the processing of your data, particularly if personal data are processed for direct marketing purposes; you have the right to object at any time to such processing, including profiling to the extent that it relates to direct marketing. If personal data are processed for scientific or historical research purposes or for statistical purposes, you have the right to object for reasons related to your particular situation, unless processing is necessary for the performance of a task carried out in the public interest);
• data portability, in a structured, commonly used, and machine-readable format;
• lodging a complaint with the supervisory authority (Data Protection Authority – Garante Privacy).