3. DATA PROCESSING AND STORAGE PROCEDURES
Personal data are processed mainly in electronic, but also paper form for the period of time strictly necessary to achieve the purposes for which they were collected and in keeping with the provisions of art. 32 of the GDPR 2016/679 by specifically appointed subjects.
Personal details are kept for the prescription periods laid down by the law, whilst personal data contained in the private area and the account itself are erased by the Data Controller automatically one year from the date on which the contractual relationship comes to an end.
The user may eliminate the account at any time, using the App function designed for this purpose, thereby ceasing the processing of the data conferred, which will then be erased from the Data Processor’s servers. In this case, the user must be aware that the data previously shared with other users may continue to be visible and stored by third parties, and that the Data Controller and Data Processor shall not be held in any way liable in connection therewith.
These data, connected with the services provided by this App, are processed locally on the user’s mobile terminal and the servers of the Data Processor, Information Technologies S.r.l., situated in Italy and are entered in the company’s IT system in full compliance with current legislation, including security and confidentiality profiles, and in keeping with the principles of fairness and lawfulness in the processing of data (articles 5, 6, 32 of EU Regulation 2016/679).
The Data Controller does not use any automated decision-making process, as defined in article 22, paragraphs 1 and 4, of EU Regulation no. 2016/679.
4. COMPULSORY/OPTIONAL NATURE OF PROVIDING DATA
With reference to the purpose described under point 2a), consent must be given in order to benefit from the services covered by the contract. If consent is not given or given incorrectly, the service cannot be activated.
With reference to the purpose described under point 2b), even though they may prove useful, the supply of data is optional and failure to provide them will not prejudice the App registration/activation procedure.
With reference to the purpose described under point 2c), it is mandatory and failure to provide data will make it impossible for the Data Controller to meet obligations laid down by current laws or regulations or by community legislation.
With reference to the purpose described under point 2d), the supply of personal data for promotional and/or marketing purposes is optional. Failure to supply data in this case will not prejudice the conclusion of the contract or the activation of the App.
5. DISCLOSURE AND DISSEMINATION
Your personal data may be disclosed to:
1. Persons, companies or professional practices that offer Genia Business s.r.l assistance and consultancy services connected with accounting, administrative, legal, tax and financial matters relating to the supply of the services and the use of the App;
2. Subjects, bodies or authorities to which your personal data must be disclosed by operation of law or under a regulation or by orders given by an authority;
3. Subjects delegated and/or appointed in the manner described in art. 4, no. 10, of EU Regulation 2016/679 by Genia Business to carry out operations strictly linked to the supply of services, or, when necessary, external data processors appointed in accordance with art. 28 of the aforementioned Regulation.
With the exception of the situations described above, the user’s personal data are not disseminated.
6. RIGHTS OF THE DATA SUBJECT
The user may exercise the rights envisaged in EU Regulation 2016/679 in articles 15 to 22 at any time and, more precisely the right to:
a) request confirmation as to whether or not his personal data exist;
b) obtain information regarding the purposes for which the data are being processed, the categories of personal data, the recipients or categories of recipient to whom the personal data have been or will be disclosed and, whenever possible, the period for which the data will be stored;
c) have data rectified or erased;
d) obtain the restriction of processing;
e) obtain data portability, that is, the right to receive them from a data controller, in a structured, commonly used and machine-readable format, and to transmit those data to another data controller without hindrance;
f) object to processing at any time, including processing for direct marketing purposes;
g) object to an automated decision-making process relating to natural persons, including profiling;
h) request from the Data Controller access to personal data and rectification or erasure thereof or the restriction of the processing concerning the data subject or to object to their being processed, as well as the right to data portability;
i) withdraw consent at any moment, without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal;
j) lodge a complaint with the Data Protection Authority.
To exercise these rights, you can write to the Data Controller – Genia Business Srl - Via Caduti del Pilastro 8 - 40055 Castenaso (Bologna), Italy – or send an e-mail to:
7. Data Controller and Data Processor
Once the App has been installed and the user has consulted and benefited from the services provided by it, personal data relating to identified or identifiable natural persons may be processed. Details of the Data Controller and provider of the App are given below:
Genia Business Srl - Via Caduti del Pilastro 8 - 40055 Castenaso (Bologna), Italy - VAT No. 02727491207.
In accordance with art. 28 of the GDPR we indicate as external data processor the company IT – Information Technologies S.r.l., with registered office at Via Ferrarese no. 219/7, 40128 Bologna (Italy), that offers services for the maintenance of the App.
An up-to-date list of other data processors is available from the Data Controller and may be requested by e-mail from the following address firstname.lastname@example.org .