Customer Personal Data Processing Information

Dear Customer,
We invite you to review this information notice describing the rules we apply for managing your personal data, in accordance with Articles 12 and 13 of EU Regulation 2016/679, also known as the “General Data Protection Regulation” or “GDPR”.


1. Identity and contact details of the data controller

The data controller of your personal data is AGIC Technology S.r.l., with registered office in Rome, via di Castel Giubileo, 62 - 00138 and can be contacted at the following email addresses:

  • agictechnology@legalmail.it (certified email - PEC)
  • gdpr@agict.it (ordinary email - PEO)


2. Purpose of processing

Your personal data will be processed for the following purposes:

a. management of the contractual relationship with the customer and fulfillment of obligations arising from it
b. compliance with tax obligations 
c. compliance with accounting obligations 
d. provision of services, including remote assistance 
e. sending promotional communications regarding services and events 
f. management and organization of events
g. management of pre-litigation and/or litigation
h. compliance activities management
i. management of IT and/or infrastructure systems
j. management control
k. active cycle management
l. administrative support for public and private tenders


3. Legal basis for processing

For the purposes outlined in letters a), d), f), j), k), and l), the legal basis is represented by Article 6, paragraph 1, letter b) of the GDPR, as processing is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the same.


For the purposes outlined in letters b) and c), the legal basis is represented by Article 6, paragraph 1, letter c) of the GDPR, as processing is necessary to comply with a legal obligation to which the data controller is subject.


For the purpose outlined in letter e), the legal basis is represented by Article 6, paragraph 1, letter a) of the GDPR, as the data subject has given consent to the processing of their personal data.


For the purposes outlined in letters h) and i), the legal basis is represented by Article 6, paragraph 1, letter f) of the GDPR, as processing is necessary for the pursuit of the legitimate interest of the data controller, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not prevail.


Finally, for the purpose outlined in letter g), the legal basis is represented by Article 9, paragraph 2, letter f) of the GDPR, as processing is necessary to establish, exercise, or defend a right in judicial proceedings or whenever judicial authorities exercise their judicial functions.


4. Processing methods

Your data may be processed using paper and/or electronic media, with logic strictly related to the purposes and in any case in a manner that ensures confidentiality and security.


5. Categories of recipients


Your personal data may be processed directly by the data controller or through third parties – who may alternatively act as data controllers or data processors – exclusively within the scope and for the pursuit of the purposes outlined above.

In light of the above, your data may be communicated to the following categories of third parties:

•    companies affiliated with the data controller
•    companies appointed by the data controller as Data Processors
•  judicial authorities and/or bodies responsible for exercising public authority whenever a specific request is submitted in this regard 

 

6. Transfer of personal data to a third country

Your personal data may be transferred outside the European Union for organizational and managerial needs. In any case, the transfer will occur based on the scenarios provided by current legislation and in compliance with the conditions set forth therein.

Your personal data may also be transferred to Microsoft’s cloud, still within the European Union, always in compliance with the provisions of the GDPR and functionally to the purposes outlined above.


7. Retention period

Unless otherwise specified, your personal data will be retained in compliance with legal obligations and until the purpose of processing ceases or for the time necessary to fulfill specific legal, accounting, fiscal, and/or administrative obligations, and in any case for 10 years from the date of issuance of the relevant documentation.


For the purposes outlined in letters e) and f), your data will be retained for a period of 24 months from the termination of the contractual relationship and for the entire duration of the same.


For the purpose outlined in letter g), your data will be retained for the time necessary to protect the position of the Data Controller in judicial and/or procedural settings.


8. Exercise of rights

The data subject may exercise at any time the rights provided by Article 13, paragraph 2, and Articles 15, 16, 17, 18, 20, and 21 of the GDPR by writing to the data controller at the email address gdpr@agic.it.


In particular, the data subject has the right to obtain from the data controller:

  • confirmation of whether or not personal data concerning them is being processed and, if so, access to the personal data and the following information
  • rectification and/or integration of inaccurate personal data concerning them without undue delay
  • deletion of personal data concerning them without undue delay
  • restriction of processing
  • receipt, in a structured, commonly used, and machine-readable format, of personal data concerning them and the right to transmit such data to another data controller without hindrance


Furthermore, where a processing purpose is based on the consent of the data subject, they have the right to withdraw any consents given at any time by writing to the email address gdpr@agic.it.


Finally, the data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them where processing is necessary:

  • for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller
  • for the pursuit of the legitimate interest of the data controller or third parties


In this case as well, the data subject may exercise their right by writing to the email address gdpr@agic.it.


9. Complaint to the Supervisory Authority

Pursuant to Article 77 of the GDPR, the data subject who believes that the processing concerning them violates the GDPR has the right to lodge a complaint with the Supervisory Authority (Garante per la Protezione dei Dati Personali) located in Rome, Piazza Venezia, 11 – 00187 (PEO: protocollo@gpdp.it – PEC: protocollo@pec.gpdp.it).


10. Provision of personal data

Some personal data is necessary for the pursuit of the purposes outlined above. Therefore, failure to provide such data may result in the inability to proceed and thus initiate relationships with the data controller.


For the purpose outlined in letter e), the provision of personal data is optional. Failure to consent to the processing of personal data will result in the inability to pursue the relevant purpose.


11. Automated decision-making processes

No type of automated decision-making process is present for the processing of the data outlined above, pursuant to Article 22 of the GDPR.