MIREX spa wishes to inform you that pursuant to EU Reg. 679/2016 on the protection of natural persons with regard to the processing of personal data (hereinafter, “EU GDPR”), and for the establishment and execution of relations with you in progress is in possession of your personal data (personal and fiscal) or will come into possession of these through the direct request of some data, also acquired verbally or through third parties.
For this reason, to comply with the obligations under the EU GDPR in relation to your data, we invite you to take note of the following information and to give consent to the processing of personal data that our company will acquire.
1. Purposes of data processing and legal basis
The data are processed under the legitimate interest of the data controller, providing the contractual requirements and the consequent fulfillment of the legal obligations deriving from them, as well as to achieve an effective management of the same relationships. The processing to which your personal data will be submitted is finalized to the fulfillment of our own
– all activities related to and instrumental in the proper management and execution of tax and accounting obligations
2. Data processing arrangements
The processing is carried out using operations or set of operations indicated such as the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, blocking, communication, deletion and destruction of data.
The data will be processed in written form and / or on magnetic, electronic or telematic support, even when the data are communicated to the subjects indicated in this statement which in turn are engaged to process them using only procedures and procedures strictly necessary for the specific purposes referred to in point 1. The processing is carried out by persons in charge of the respective functions and in accordance with the instructions received, only for the achievement of the specific purposes respecting the principles of confidentiality and security required by the EU GDPR.
- Provision of data
The provision of common and identifying personal data is strictly necessary for the purposes of carrying out the activities referred to in point 1.
During the existing contractual relationship, the Data Controller may become aware of “special categories of personal data” referred to by you, meaning for such, based on the provisions of art. 9 of EU Reg. 2016/679, personal data that may revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, religious associations or organizations , philosophical, political or trade union, personal data suitable to reveal the state of health and sexual life, genetic and biometric data.
Please note that these data will be processed only for the purposes and in the manner provided for in Article 9 of EU Regulation 2016/679 and only after its explicit consent.
4. Refusal to provide data
Any refusal by the data subject to provide personal data in the case referred to in paragraph 3 will make it impossible to carry out the activities referred to in point 1.
Failure to consent to the following points will not prejudice in any way the work relationship in place, but will be taken into consideration in compliance with the same principles of the EU GDPR: lawfulness, correctness and transparency.
It should be noted that the processing of data may be carried out without the consent, as well as in the judicial field, pursuant to art. 6 par. 1 in the following cases:
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
- Communication of data
Without prejudice to communications made in compliance with legal obligations, the data may be communicated, exclusively for the purposes indicated in point 1, in Italy or abroad, to the following categories of collaborators or external parties:
- Public and private bodies, associated or controlled companies;
- Banking institutions;
- Associates of our society;
- Anyone who is the legitimate recipient of communication for the aforementioned purposes referred to in point 1.
6. Storage period
The data will be kept for the entire duration of the contractual relationships established and subsequently for the fulfillment of all legal obligations.
7. Dissemination of data
Personal data are not subject to disclosure (unless expressly authorized by the data subject)
- Transfers of personal data to third countries
Personal data may be transferred to countries of the European Union and to third countries for the purposes referred to in point 1, but only after verification of the presence of an adequacy decision by the Commission or on the basis of standard contractual clauses as foreseen by the Regulation in art. 46.
9. Rights of the data subject.
The data subject may request the Data Controller at any time via the following e-mail address email@example.com or fax number 039-6020609 accessibility, rectification, cancellation, limitation, the right to object and the portability of data pursuant to articles 15 to 22 of the EU Reg 2016/679.
10. Data controller.
The data controller is:
MIREX SPA registered office Via dell’Industria 20 – 20882 Bellusco (Mi) – tel. +39 0396020601
fax +39 0396020609