INFORMATION FOR THE PERSONAL DATA PROCESSING
- ARTICLE 13 GDPR 679/2016 -

In compliance with the provisions of the GDPR 679/2016, we are to inform you, as a "Data Subject", about the purpose of the collection and the manner of processing of personal data related to your Company/Person, acquired by us directly from you, in order to enable us to carry out our activities adequately and in accordance with the regulatory provisions in force.
We therefore provide you with the correct information on the processing of personal data, as specifically stated below.

1 IDENTITY AND CONTACT INFORMATION OF THE HOLDER

The Data Controller is the Company Rise Technology Srl, based in Rome, via Lungomare Paolo Toscanelli n. 170, c.f./P. Iva 0888212100, e-mail: info@risetechnology.com, pec: risetechnology@pec.it.
Pursuant to Article 37 of GDPR 679/2016, the Owner has appointed a Data Protection Officer, who can be contacted by email at: privacy@risetechnology.com.

2 PURPOSE OF PROCESSING

Without prejudice to the fulfillment of obligations under laws, regulations and EU regulations, the data collected will be processed by us to carry out the following activities:

a.    Acquisition of pre-contractual/contractual information and fulfillment of obligations under one or more contracts;
b.    Administrative and accounting management of customers and suppliers, in particular:

3 LEGAL BASIS FOR PROCESSING

The legal basis for processing is the fulfillment of pre-contractual and/or contractual obligations.

4 RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Personal data collected may be disclosed by us only to the third parties listed below:

The personal data may also be known by the personnel expressly appointed by the Data Controller who may carry out data management operations in relation to the purposes indicated above.
The specific identifying data of the aforementioned third parties may be known by you at any time through the exercise of the right of access granted to you and subject to any legal limitations in this regard.

5 INTENTION OF THE DATA CONTROLLER TO TRANSFER PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATION

It is not the intention of the Data Controller to transfer the collected data to a third country or international organization.

6 RETENTION PERIOD OF PERSONAL DATA COLLECTED

The data collected will be stored as follows.

a.    Data necessary for the purposes of the pre-contractual relationship: for the time strictly necessary for the eventual finalization of the contractual relationship and, in any case, for a period of time not exceeding one year after collection.
b.    Data necessary for the performance of the contractual relationship: for the duration of the contractual relationship and any warranty obligations required by law and/or contract.
c.    Accounting records, invoices and correspondence: ten years, as stipulated by law.
d.    Data necessary for credit recovery activity: until the completion of said activity.
e.    Data needed to manage any litigation: until the litigation is settled.

This is without prejudice to any longer retention periods where the same arise from legal, accounting and/or tax obligations.
After the retention period, as described above, we will proceed to the total elimination of the data you have provided.


7 RIGHTS OF THE DATA SUBJECT

GDPR 679/2016 recognizes certain rights of the Data Subject:

a.    Right of access to data collected and processed - Article 15;
b.    Right to obtain rectification of data - art. 16;
c.    Right to obtain deletion of data and right to be forgotten - Article 17;
d.    Right to obtain restriction of processing - art. 18;
e.    Right to data portability to another owner - art. 20;
f.    Right to object to processing - art. 21;
g.    Right not to undergo automated processing - art. 22;
h.    Right to revoke consent at any time, without affecting the lawfulness of the processing based on the consent given before revocation - Art. 7;
i.    Right to complain to the Control Authority - Art. 77;
j.    Right to seek judicial redress against the supervisory authority (Art. 78) and against the Data Controller or Data Processor (Art. 79).

In order to exercise the rights under (a) to (h) above, it is necessary to contact the Data Controller.


8 NATURE OF CONTRIBUTION

The provision of personal data, by the Interested Party, while not mandatory, is necessary for the achievement of the purposes indicated above. Failure to provide the data renders the legal relationship underlying the processing inexecutable.
It is the responsibility of the Data Subject to promptly notify the Data Controller of any changes concerning the personal data provided.

9 AUTOMATED DECISION-MAKING PROCESSES INCLUDING PROFILING

The data provided will not be processed by automated decision-making processes, including profiling.

10 MODE OF TREATMENT

The data provided will be processed by us in accordance with the provisions of GDPR 679/2016 and in the following manner:

a.    access to data and archives allowed only to the Appointees/Authorized Data Processors;
b.    protection of data and areas through appropriate measures and that are systematically monitored;
c.    data collection by direct contact with the Data Subject;
d.    recording and processing both through computer media and through paper files and media;
e.    organization of archives in mainly computerized form, but also in paper form;
f.    verifications and data changes as a result of any customer/supplier request.


11 COMPLAINT TO THE SUPERVISORY AUTHORITY

The Data Subject has the right to lodge a complaint with the Supervisory Authority if she/he believes that the processing concerning her/him violates GDPR 679/2016.
The authority of reference is the Data Protection Authority
http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524

 
POR - FESR / Regione del Veneto