Privacy policy

 

 

PRIVACY INFORMATION FOR VISITORS OF THE WWW.GFGARDEN.IT SITE

ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF REGULATION (EU) N. 679/2016

With specific reference to personal data as defined by art. 4 paragraph 1 n. 1) of EU Regulation no. 679/2016 (hereinafter the "Regulation") concerning you as an "interested party", the undersigned company G.F. SRL, (Tax code and VAT number 00123220352, in the person of its pro tempore legal representative, with registered office in Correggio (RE), Via dell'Industria 1 as the "Owner" pursuant to art. 4 paragraph 1 n . 7) of the Regulations, provides you with the following information that will allow you to know our privacy policy and to understand how your personal information is handled when using our services on the site www.gfgarden.it (hereinafter "Site")

1. Who is the Data Controller 

1.1. The "Owner" of the processing of your personal data pursuant to art. 4 paragraph 1 n. 7) of the Regulations is the company G.F. SRL, (Tax code and VAT number 00123220352, in the person of its pro tempore legal representative, with registered office in Correggio (RE), via dell'Industria, 1, which can be contacted by you at the following addresses: 'email address privacy@gfgarden.it

1.2. The subject "Responsible for the protection" of your personal data pursuant to art. 37 of the Regulations is the BALDI & PARTNERS firm, in the person of the lawyer Sara Mandelli, who can be contacted by you at the following addresses: via the email address dpo@gfgarden.it 

1.3. We inform you that any changes or updates regarding the data relating to the subject just specified will be suitably published on the website of the undersigned owner.

2. Nature and type of your data collected and processed.

Your Personal Data may be collected either because you voluntarily provide it (e.g. when you create your personal account in order to receive the Services offered by the Owner) or simply by analyzing your behavior on the Site.

The Personal Data processed through the Site are as follows:

2.1. Name, contact details and other Personal Data

In the Contact section of the website, you will be prompted to enter information such as your name, surname, email address.

2.2 Application

By registering in the section of the Site relating to applications in response to published job advertisements, to work in G.F. S.R.L. , at the address www.gfgarden.it, ("WORK WITH US", you will be asked to provide information such as your name, surname, telephone number, email address, date of birth, country of residence, address, qualification obtained, your current job position, and to upload your Curriculum Vitae in a free field.

2.3: Navigation data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and / or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site or third parties: except for this possibility, the data on web contacts do not currently persist for more than 60 days.

3. Purpose of the treatment.

3.1. In compliance with art. 5 paragraph 1 letter. b) of the Regulations, we inform you that your personal data, collected through the Site, will be processed by the Data Controller for the following purposes:

4. Legal basis and mandatory and optional nature of the processing

The legal bases used by the Data Controllers to process your Data, according to the purposes indicated in the previous Paragraph 3, are as follows:

Provision of the Service: the processing for this purpose is necessary in order to provide you with the Services and, therefore, for the execution of the contract with you. It is not mandatory to provide the Data Controller with your Personal Data for this purpose, but otherwise it will not be possible to provide you with any Service .

Recruitment: the processing for this purpose serves the Data Controller to be able to take into account your application and, therefore, it is necessary to be able to start the selection process in order to offer you, if necessary, a job position. The legal basis for this treatment is the execution of the contract (Article 6, paragraph 1, letter B GDPR). It is not mandatory to provide the Owners with your Personal Data for this purpose, but otherwise it will not be possible to consider your application. If you wish to provide particular categories of Personal Data (e.g. data relating to health, religion, etc.), G.F. S.R.L., will need your specific consent provided at the bottom of the Application.


Compliance: processing for this purpose is necessary for the Data Controller in order to fulfill any legal obligations. When you provide Personal Data to the Data Controller, they must be treated according to the applicable legislation, which could involve their conservation and communication to the Authorities for accounting, tax or other obligations.

Abuse / Fraud: the information collected for this purpose will be used exclusively to prevent and / or identify any fraudulent activity or abuse in the use of the Site and therefore allows the Owner to protect himself in court.

5. Recipients of your personal data

For the pursuit of the purposes described in point 3 above, the personal data processed will be known by the employees of the Data Controller, who will operate as subjects authorized to process personal data.

Furthermore, for the pursuit of the purposes described in point 3 above, your personal data will be processed by third parties belonging, by way of example, to the following categories:

a) Subsidiaries, parent companies or affiliates of the Data Controller, such as:

FISPA s.r.l., via per Carpi 26 / b - 42015 Correggio (RE) VAT number 01329080350

Spal Automotive s.r.l., via per Carpi 26 / b - 42015 Correggio (RE) VAT number 01755790357

b) subjects that provide services for the management of the IT system, including server hosting and backup services;

c) subjects who provide the Data Controller with advice on tax, legal, judicial and compliance matters;

The subjects belonging to the categories listed above operate, in some cases, in total autonomy as separate data controllers, in other cases, as data processors specifically appointed by the Data Controller in compliance with Article 28 of the GDPR.

The communication of your data to subjects belonging to the above categories does not require your consent, being based on the legitimate prevailing interest of the Data Controller, given that such communications are necessary for the pursuit of the purposes mentioned in the previous paragraph 3.

The complete and updated list of subjects to whom your personal data may be disclosed can be requested from the Data Controller.

Furthermore, pursuant to the Provision of the Guarantor for the protection of personal data of 27 November 2008 concerning "Measures and precautions prescribed to the owners of the treatments carried out with electronic tools in relation to the attributions of the functions of System Administrators", as an interested party also ask the Data Controller for the identity of the System Administrators who operate on the operating systems where your personal data are present.

The personal data processed by the Data Controller are not subject to disclosure.

Transfer of personal data outside the European Union

G.F. srl does not intend to transfer your data to a country outside the European Union. However, where, in execution of the purposes listed above, G.F. srl should proceed with the transfer of your data outside the European Union, the Data Controller will proceed to make this transfer only after having ascertained the existence of one of the guarantees provided for by Articles 44 and ss. GDPR, in order to guarantee an adequate level of protection for your data.

6. Retention period of personal data collected and processed.

The Personal Data processed for the purpose of Providing the Services will be kept by the Data Controller for the time strictly necessary for the aforementioned purpose.In any case, since such Personal Data are processed to provide you with the Services, the Data Controller may keep them for a longer period, in particular for what may be necessary in order to protect the interests of the Owners from possible complaints relating to the Services.

Personal Data processed for the purpose of Recruitment will be kept by the Owners for the entire period in which the position for which the Application was sent is open or, if shorter, for one (1) year.

The Personal Data processed for the purposes of Compliance will be kept by the Data Controllers for the period provided for by specific legal obligations or by applicable legislation.

The Personal Data processed in order to prevent Abuse / Fraud will be kept by the Owners for the time strictly necessary for the aforementioned purpose and therefore until the moment in which the Owners will be required to keep them to protect themselves in court to communicate said data to the competent Authorities.

7. How your personal data will be processed

The processing of your personal data will take place using paper, IT and telematic tools, with logic strictly related to the purposes indicated and, in any case, with methods suitable for guaranteeing their security and confidentiality in accordance with the provisions of Article 32 of the GDPR.

8. Rights of the interested party.

8.1. In relation to your personal data being processed by the GF Data Controller, we inform you that you have the right to exercise the following rights, enshrined in articles 15 to 21 of the GDPR and, in particular:

right of access - article 15 GDPR: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, to obtain access to your personal data - including a copy of the same - and communication, between the others, of the following information:

  1. purpose of the treatment
  2. categories of personal data processed
  3. recipients to whom these have been or will be communicated
  4. data retention period or the criteria used
  5. rights of the interested party (rectification, cancellation of personal data, limitation of processing and right to object to processing
  6. right to lodge a complaint
  7. right to receive information on the origin of my personal data if they have not been collected from the interested party
  8. the existence of an automated decision-making process, including profiling;


right of rectification - Article 16 GDPR: right to obtain, without undue delay, the correction of inaccurate personal data concerning you and / or the integration of incomplete personal data;

right to cancellation (right to be forgotten) - article 17 GDPR: right to obtain, without undue delay, the cancellation of personal data concerning you, when:

the data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;

You have withdrawn your consent and there is no other legal basis for the processing;

You have successfully opposed the processing of your personal data;

the data has been unlawfully processed,

the data must be deleted to fulfill a legal obligation;

the personal data were collected in relation to the information society service offer referred to in Article 8, paragraph 1, GDPR.

The right to erasure does not apply to the extent that the processing is necessary for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest or for the ascertainment, exercise or defense of a right. in court.

right to limitation of treatment - article 18 GDPR: right to obtain the limitation of processing, when:

the interested party disputes the accuracy of the personal data;

the processing is unlawful and the interested party opposes the deletion of personal data and instead requests that its use be limited

personal data are necessary for the interested party to ascertain, exercise or defend a right in court;

right to object: right to object to the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing.

right to data portability - Article 20 GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to transmit them to another Data Controller without impediments, if the processing is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data be transmitted directly from the Data Controller to another Data Controller if this is technically feasible;

right to lodge a complaint with the Guarantor for the protection of personal data, Piazza Venezia n. 11, 00187, Rome (RM).

8.2. In compliance with art. 12 paragraph 1 of the Regulation, GF S.r.l. undertakes to provide you with the communications referred to in articles 15 to 22 of the Regulation in a concise, transparent, intelligible, easily accessible form and in simple and clear language: such information will be provided in writing or by other possibly electronic means or, upon request of the interested party, will be provided orally, provided that the identity of the interested party is proven by other means.

8.3. In compliance with art. 12 paragraph 3 of the Regulation, the Data Controller informs you that he undertakes to provide you with information relating to the action taken regarding a request pursuant to articles 15 to 22 without undue delay and, in any case, at the latest within one month of receipt of the request itself; this deadline can be extended by two months, if necessary, taking into account the complexity and number of requests.

8.4. In order to exercise the rights described above in this article, the interested party may use the contact details specified in art. 1 of this "Information".

8.5 The exercise of your rights as an interested party is free of charge pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetition, the Data Controller may charge you a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.

Finally, we inform you that the Data Controller may request additional information necessary to confirm the identity of the interested party.

 

 

CUSTOMER PRIVACY POLICY

ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 and 14 OF REGULATION (EU) N. 2016/679


With this document (the "Information"), the Data Controller, as defined below, wishes to inform you of the purposes and methods of

processing of your personal data and on the rights that the Regulation (EU) 2016/679, concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (the "GDPR"), recognizes you.

This information is addressed to natural persons customers and to employees, administrators and contact persons of the customers whose data the Data Controller must process in order to enter into or follow up on the requested order contract.

1. Who are the Data Controller and the Data Protection Officer (DPO)

The "Owner" of the processing of your data better specified in art. 2.1. of this information is GF SRL Via dell’Industria 1 - 42015 Correggio (RE) VAT number 00123220352, which can be contacted by you via the email address: privacy@gfgarden.it

The Data Controller has appointed Data Protection Officer ("DPO") Studio Baldi & Partners - via Giovanni Gutenberg, 3 - 42124 Reggio Emilia, in the person of the lawyer Sara Mandelli whom you can contact to exercise your rights, as well as to receive any information relating to them and / or to this Information, by writing to the following email address: dpo@gfgarden.it

2. What personal data we process

2.1. Common personal data

For the purposes indicated in this Notice, the Data Controller may process the common personal data of customers, natural persons or employees, administrators and customer contact persons such as, for example, personal data (name, surname, address, telephone number, e-mail and other contact details, an identification number), financial data (IBAN) data relating to the existing relationship with the Data Controller.

2.2. Source of personal data

Your personal data processed by the Data Controller are those provided directly by you or collected by the Data Controller from third parties (for example, the company for which it operates, customer of the Data Controller). This information also covers the processing of your personal data acquired by third parties.

3. Purpose and legal basis of the processing, nature of the provision and consequences of a refusal to provide personal data

The treatments to which your personal data will be subjected are aimed exclusively at carrying out the activities related to the stipulation and execution of contracts / orders for the supply requested by you (including the management of delivery obligations and logistics and transport functional to it) and / or the granting of the related tasks and mandates, the subsequent management of administrative, accounting, tax obligations, the possible management of disputes, as well as the fulfillment of obligations established by laws, regulations and community legislation, as well as by provisions issued by authorities legitimated by law and by supervisory and control bodies.

The processing of your personal data, for the aforementioned purposes only, can also take place without your explicit consent as:

The provision of personal data is a necessary requirement for the establishment or execution of the purchase contract. Failure to provide the data will therefore make it impossible for the Owner to conclude and / or execute the contract.

In any case, your personal data will be processed for the duration of the purchase relationship and / or your relationship of dependence / collaboration with the customer - legal person and, beyond that date, exclusively for the period of time necessary to comply with the law. in force (including the provisions for the ten-year ordinary prescription of rights).

4. How your personal data will be processed

The processing of your personal data will take place, in compliance with the provisions of the GDPR, by means of paper, IT and telematic tools, with logic strictly related to the purposes indicated and, in any case, with methods suitable for guaranteeing their security and confidentiality in accordance with the provisions set forth. from article 32 GDPR.

5. To which subjects your personal data may be disclosed and who can learn about them

For the pursuit of the purposes described in the previous point 3, your personal data will be known by the employees and collaborators of the Data Controller who will operate as authorized subjects and / or data processors.

Your personal data may be communicated, for the aforementioned purposes, to banking institutions, public administrations, social security institutions, for the fulfillment of the obligations established by law, as well as to the categories of subjects and external companies that perform on behalf of the Data Controller. various types of services, such as, by way of example only: IT system management services, accounting services, goods or correspondence shipping services, documentation archiving services, etc. Your data may also be transferred to other companies contractually linked to the Data Controller exclusively for the achievement of the stated purposes or in order to comply with contractual or legal obligations.

The subjects belonging to the above categories operate, in some cases, in total autonomy as separate Data Controllers, in other cases, as Data Processors specifically appointed by the Data Controller in compliance with Article 28 of the GDPR.

The communication of your data to the subjects belonging to the above categories does not require your consent, being based, depending on the third party considered, on legal obligations or on the overriding legitimate interest of the Data Controller, given that such communications are necessary for the pursuit of the purposes mentioned in the previous paragraph 3.

The complete and updated list of the subjects to whom your personal data may be communicated can be requested at the registered office of the Data Controller.

The personal data processed by the Data Controller are not subject to disclosure. In any case, we inform you that, for administrative purposes, your data may be disclosed to the other companies belonging to the Owner on the basis of the overriding legitimate interest of the Owner, for organizational and administrative needs.

Transfer of personal data outside the European Union

The Owner GF SRL. does not intend to transfer your data to a country outside the European Union. However, if, in execution of the purposes listed above, GF SRL were to proceed with the transfer of your data outside the European Union, the Data Controller will proceed to transfer your data only after having ascertained the existence of one of the guarantees provided for by the articles 44 and ss. GDPR, in order to guarantee an adequate level of protection for your data.

6. What rights do you have as an interested party
In relation to the treatments described in this Notice, as an interested party you may, under the conditions provided for by the GDPR, exercise the rights enshrined in articles 15 to 21 of the GDPR and, in particular, the following rights:

right of access: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, to obtain access to your personal data - including a copy of the same - and the communication, among others, of the following information :

  1. purpose of the treatment;
  2. categories of personal data processed;
  3. recipients to whom these have been or will be communicated;
  4. data retention period or the criteria used;
  5. rights of the interested party (rectification, cancellation of personal data, limitation of processing and right to object to processing;
  6. right to lodge a complaint;
  7. the right to receive information on the origin of my personal data if they have not been collected from the interested party;
  8. the existence of an automated decision-making process, including profiling;

right of rectification: right to obtain the correction of inaccurate personal data concerning you and / or the integration of incomplete personal data;

right to cancellation (right to be forgotten): right to obtain the cancellation of personal data concerning you, when:

The right to erasure does not apply to the extent that the processing is necessary for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest or for the ascertainment, exercise or defense of a right. in court;

right to limitation of treatment: right to obtain the limitation of processing, when:


right to object: right to object to the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing;

right to data portability: the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to transmit them to another Data Controller without impediments, if the processing is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data be transmitted directly from the Data Controller to another Data Controller if this is technically feasible;

lodge a complaint with the Guarantor Authority for the protection of personal data, Piazza Venezia 11, 00187, Rome (RM).
The above rights may be exercised against the Data Controller by contacting the references indicated in point 1 above.

The exercise of your rights as an interested party is free pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetition, the Data Controller may charge you a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.

 

 

SUPPLIER PRIVACY POLICY

ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 and 14 OF REGULATION (EU) N. 2016/679


With this document (the "Disclosure"), The Data Controller, as defined below, wishes to inform you about the purposes and methods of processing your personal data and about the rights that Regulation (EU) 2016/679, relating to the protection of individuals with regard to data processing personal data, as well as the free circulation of such data (the "GDPR”), Recognizes them.

This information is aimed at natural persons suppliers / consultants and employees, administrators and contact persons of suppliers / consultants whose data the Data Controller must process in order to enter into or follow up on the supply contract.

1. Who are the Data Controller and the Data Protection Officer (DPO)

The "Owner" of the processing of your data better specified in art. 2.1. of this information is GF SRL (C. f. and VAT number 00123220352), in the person of its legal representative pro tempore, with registered office in Correggio (RE), via dell'Industra 1 which can be contacted by you through the email address privacy@gfgarden.it

The Data Controller has appointed Data Protection Officer ("DPO") Studio Baldi & Partners - via Giovanni Gutenberg, 3 - 42124 Reggio Emilia, in the person of the lawyer Sara Mandelli whom you can contact to exercise your rights, as well as to receive any information relating to them and / or to this Information, by writing to the following email address: dpo@gfgarden.it

2. What personal data we process

2.1. Common personal data

For the purposes indicated in this Notice, the Data Controller may process the common personal data of suppliers / consultants, natural persons or employees, administrators and contact persons of suppliers / consultants such as, for example, personal data (name, surname, address, telephone number , e-mail and other contact details, an identification number), financial data (IBAN) and data relating to the supply or consultancy relationship in place with the Data Controller.

2.2. Source of personal data

Your personal data processed by the Data Controller are those provided directly by you or collected by the Data Controller from third parties (for example, the company for which it operates, supplier of the Data Controller). This information also covers the processing of your personal data acquired by third parties.

3. Purpose and legal basis of the processing, nature of the provision and consequences of a refusal to provide personal data

The treatments to which your personal data will be subjected are aimed exclusively at carrying out the activities related to the stipulation and execution of contracts / orders for the supply of professional services and services and / or the conferment of the related tasks and mandates, the subsequent management of the obligations. administrative, accounting, tax, the possible management of disputes, as well as the fulfillment of obligations established by laws, regulations and community legislation, as well as by provisions issued by authorities legitimated by the law and by supervisory and control bodies.

The processing of your personal data, for the aforementioned purposes only, can also take place without your explicit consent as:

The provision of personal data is a necessary requirement for the establishment or execution of the supply / collaboration contract. Failure to provide the data will therefore make it impossible for the Owner to conclude and / or execute the contract.

In any case, your personal data will be processed for the duration of the supply / consultancy relationship and / or your relationship of dependence / collaboration with the supplier / consultant-legal person and, beyond this date, exclusively for the period of time necessary. to comply with current legislation (including the ten-year ordinary prescription of rights).

4. How your personal data will be processed

The processing of your personal data will take place, in compliance with the provisions of the GDPR, by means of paper, IT and telematic tools, with logic strictly related to the purposes indicated and, in any case, with methods suitable for guaranteeing their security and confidentiality in accordance with the provisions set forth. from article 32 GDPR.

5. To which subjects your personal data may be disclosed and who can learn about them
For the pursuit of the purposes described in the previous point 3, your personal data will be known by the employees and collaborators of the Data Controller who will operate as authorized subjects and / or data processors.

Your personal data may be communicated, for the aforementioned purposes, to banking institutions, public administrations, social security institutions, for the fulfillment of the obligations established by law, as well as to the categories of subjects and external companies that perform on behalf of the Data Controller. various types of services, such as, by way of example only: IT system management services, accounting services, goods or correspondence shipping services, documentation archiving services, etc. Your data may also be transferred to other companies contractually linked to the Data Controller exclusively for the achievement of the stated purposes or in order to comply with contractual or legal obligations.

The subjects belonging to the above categories operate, in some cases, in total autonomy as separate Data Controllers, in other cases, as Data Processors specifically appointed by the Data Controller in compliance with Article 28 of the GDPR.

The communication of your data to the subjects belonging to the above categories does not require your consent, being based, depending on the third party considered, on legal obligations or on the overriding legitimate interest of the Data Controller, given that such communications are necessary for the pursuit of the purposes mentioned in the previous paragraph 3.

The complete and updated list of the subjects to whom your personal data may be communicated can be requested at the registered office of the Data Controller.

The personal data processed by the Data Controller are not subject to disclosure. In any case, we inform you that, for administrative purposes, your data may be disclosed to the other companies belonging to the Owner on the basis of the overriding legitimate interest of the Owner, for organizational and administrative needs.

Transfer of personal data outside the European Union

The Data Controller does not intend to transfer your data to a country outside the European Union. However, if, in execution of the purposes listed above, GF SRL were to proceed with the transfer of your data outside the European Union, the Data Controller will proceed to transfer your data only after having ascertained the existence of one of the guarantees provided for by the articles 44 and ss. GDPR, in order to guarantee an adequate level of protection for your data.

6. What rights do you have as an interested party

In relation to the treatments described in this Notice, as an interested party you may, under the conditions provided for by the GDPR, exercise the rights enshrined in articles 15 to 21 of the GDPR and, in particular, the following rights:

right of access: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, to obtain access to your personal data - including a copy of the same - and the communication, among others, of the following information :

  1. purpose of the treatment;
  2. categories of personal data processed;
  3. recipients to whom these have been or will be communicated;
  4. data retention period or the criteria used;
  5. rights of the interested party (rectification, cancellation of personal data, limitation of processing and right to object to processing;
  6. right to lodge a complaint;
  7. the right to receive information on the origin of my personal data if they have not been collected from the interested party;
  8. the existence of an automated decision-making process, including profiling;

right of rectification: right to obtain the correction of inaccurate personal data concerning you and / or the integration of incomplete personal data;

right to cancellation (right to be forgotten): right to obtain the cancellation of personal data concerning you, when:


The right to erasure does not apply to the extent that the processing is necessary for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest or for the ascertainment, exercise or defense of a right. in court;

right to limitation of treatment: right to obtain the limitation of processing, when:


right to object: right to object to the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing;

right to data portability: the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to transmit them to another Data Controller without impediments, if the processing is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data be transmitted directly from the Data Controller to another Data Controller if this is technically feasible;

propose a complaint to the Guarantor Authority for the protection of personal data, Piazza Venezia n. 11, 00187, Rome (RM).
The above rights may be exercised against the Data Controller by contacting the references indicated in point 1 above.

The exercise of your rights as an interested party is free pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetition, the Data Controller may charge you a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.


G .F. S.r.l.
(As the Data Controller)