(in accordance with art. 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/16)

PIUSI S.p.A. – with registered office in via Pacinotti n. 16/A, 46029 Suzzara (MN), Italy, VAT No. 01869920205 (hereinafter “Controller”), in its capacity as Data Controller, advises you, in accordance with the Italian legislation in force and art. 13 and 14 of EU Regulation no. 2016/679 (hereinafter “GDPR”), that the personal data you have provided will be processed with the following methods and purposes:

1. Data subject to processing

The data subject to processing will be identification data (e.g. forename, surname, company name, address, telephone, e-mail, bank and payment details), hereinafter defined “personal data” or also simply “data”, that you communicate to the Data Controller in light of the contractual relationship existing with them or the relationship of contact made with them (e.g. sending CV).

2. Purpose of processing and consent of data subject
In accordance with art. 6 of EU Reg. 2016/679, your data will be processed solely for the following purposes:

2.2 Only after obtaining your specific written consent will the data you provide will be processed for the following purposes:

2.3 We advise you that if you are already our client, we may send you commercial communications concerning the products and services of the Controller analogous to those that you have already used, unless you expressly object to this type of processing, which should be communicated to the Controller.

3. Data processing and storage methods

3.1 Your personal data will be processed through the operations indicated in art. 4 of the Italian Privacy Code and art. 4 no. 2) of the GDPR and specifically: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data will be processed both on paper and electronically and/or automatically.
The Controller will process your personal data for the time necessary to fulfil the purposes referred to in art. 2 of this information and in any case for no more than 10 years from the termination of the contractual relationship, also with regard to the personal data acquired for marketing purposes. At the end of the aforesaid period, the data will be deleted or anonymised.    
The Data Controller will take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.

4. Access to data
Your data may be made accessible for the purposes referred to in art. 2.1 and 2.2:

 5. Communication of data
5.1 Your data may be communicated for the purposes referred to in art. 2.1 to Supervisory Bodies (such as IVASS), Judicial Authorities, insurance companies for the provision of insurance services, as well as those subjects to whom communication is compulsory by law for the performance of the aforesaid purposes. These subjects will process the data in their capacity as autonomous data controllers.
5.2 Your data will not be distributed.

6. Data Transfer
Your personal data will be stored on servers located within the European Union. It is in any case understood that the Controller, should it be necessary, shall be entitled to move the servers outside the EU as well. In this case, the Controller assures as of now that the transfer of data outside the EU shall take place in accordance with the provision of applicable laws, subject to the stipulation of the standard contractual clauses envisaged by the European Commission.

7. Nature of data provision and consequences of refusing to respond
7.1 The provision of data for the purposes referred to in art. 2.1 is mandatory. In their absence, we cannot guarantee the performance of the purchase agreement.
7.2 The provision of data for the purposes referred to in art. 2.2 is instead optional. You may therefore decide not to provide any data item or subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications or advertising material concerning the products offered by the Controller.
8. Rights of the data subject
8.1 In your capacity as data subject, you have the rights guaranteed by existing Italian legislation and by art. 15 of the GDPR, and specifically the rights to:
8.2 Where applicable, they also have the rights referred to in art. 16–21 of the GDPR (Rights to rectification, right to be forgotten, right to limit processing, right to data portability, right to object) as well as the right to lodge a complaint with the Data Protection Authority.

9. Method of exercising rights
You may at any time exercise the rights referred to in the preceding point 8 by sending:
10. Data Controller and contact details
The Data Controller is PIUSI S.P.A. with registered office in via Pacinotti n. 16/A, Tel. +39 0376-534561 - Fax +39 0376-536393 - E-mail marketing@piusi.com.
The updated list of data supervisors and processors is held at the registered office of the Data Controller.