Subject: information on the processing of personal data pursuant to articles 12 et seq. of Regulation (EU) 2016/679
Introduction - The Regulation (EU) 2016/679 ("General Data Protection Regulation", hereinafter GDPR) provides for the protection of individuals with reference to the processing of personal data. According to this legislation, the processing of personal data relating to a person, specifically to be defined as "interested", is based on principles of correctness, lawfulness and transparency, as well as the protection of the privacy and rights of the interested party.
This is to inform you, in compliance with the aforementioned rules, that in relation to the relationship you have with our structure, as a Customer, our organization is in possession of some data relating to you, which have been acquired, even verbally, directly or through third parties who carry out operations concerning you or who, in order to satisfy your request, acquire and provide us with information.
Pursuant to the GDPR, since this information refers to you to be qualified as "personal data", and therefore benefits from the protection provided by these provisions. According to this legislation, you are the data subject who benefits from the rights to protect your personal data.
Pursuant to art. 12 and ss. GDPR our structure, as Data Controller, will process the personal data you provide in compliance with the law, with the utmost care, implementing effective management procedures and processes to ensure the protection of the processing of your personal data. To this end, the writer, using material and management procedures to safeguard the collected data, undertakes to protect the information communicated, in order to avoid unauthorized access or disclosure, as well as to maintain the accuracy of the data and also to guarantee the use appropriate of the same.

In compliance with this premise, the following information is provided:
Personal data collected - The writer, as Data Controller, uses your personal data to operate in the best possible way in the exercise of his business.
The following data may be requested, even if only partially:
- personal data, tax code, VAT number, name, registered office, residence and domicile and contact details;
- data relating to the contractual relationship describing the type of contract, as well as information relating to its execution and necessary for the fulfillment of the contract itself;
- accounting data relating to the economic relationship, the sums due and payments, their periodic trend, the summary of the accounting status of the relationship;
- data to make the relationship with our structure more defined and our collaboration and operational efficiency more effective;
- data relating to: your employees and / or collaborators, information on the profession carried out or on your company.
Retention times of your data - The data collected for the aforementioned purposes will be kept for the entire duration of the existing contract with Galli Rodolfo e Figli and for 30 years from the date of termination of the relationship.
Mandatory or optional nature of the provision of data and consequences of any refusal - The essential data for the performance of the contractual relationship must be provided to the writer, as well as the data necessary to fulfill obligations established by laws, regulations, community regulations, or by Authority provisions legitimated by the law and by supervisory and control bodies.
Non-essential data for the performance of the contractual relationship must be qualified and considered additional information and their provision, if requested, is optional. Your refusal to provide such data, however, will result in our structure less efficient in carrying out relations with third parties.
In the event that "sensitive data or the processing of which presents specific risks" are essential for the performance of the relationship or for the performance of specific services as well as legal obligations, the provision of such data will be mandatory and since their processing is permitted only with the prior written consent of the interested party (pursuant to articles 9 and 10 of the GDPR), you must also consent to their treatment.
Processing methods - Pursuant to and for the purposes of articles 12 and ss. of the GDPR, we wish to inform you that the personal data communicated by you will be recorded, processed and stored in our paper and electronic archives, in compliance with the appropriate security measures provided for in the GDPR. The processing of your personal data may consist of any operation or set of operations among those indicated in art. 4, paragraph 1, point 2 of the GDPR.
The processing of personal data will take place through the use of tools and procedures suitable for guaranteeing their security and confidentiality and may be carried out, directly and / or through delegated third parties, either manually by means of paper supports, or with the aid of IT or electronic tools. The data, for the purposes of the proper management of the relationship and the fulfillment of legal obligations, may be included in the Owner's internal documentation and, if necessary, also in the records and registers required by law.
Activities possibly outsourced - The Data Controller, in carrying out its business, may occasionally request other operators to perform certain services on its behalf, such as processing services or other services; services necessary for the execution of the operations or services requested; shipments and deliveries; accounting records; administrative activities. In the case of employment relationships, services such as the preparation of pay lists or processing to comply with contributory, tax and administrative obligations could also be commissioned. If the operator delegated by the Data Controller to carry out certain activities was a company that performs payment services, collection and treasury services, banking and financial intermediation, the following services could be carried out: massive operations relating to payments, bills, checks and other securities; transmission, enveloping, transport and sorting of communications; archiving of documentation; fraud control. The above operators will only be provided with information necessary for the provision of the commissioned services and will be required to respect confidentiality, prohibiting the use of the data provided for a purpose other than that agreed. Operators who are not appointed by us for the processing of personal data will be appointed as Data Processors (pursuant to Article 28 of the GDPR) and will process the data within the limits strictly necessary to provide the commissioned service and exclusively for this purpose and they will guarantee themselves that their agents have signed a confidentiality agreement. Although not indicated here, these subjects must provide specific information on the processing of personal data carried out by them.
Transfer of personal data abroad - The data you provide will be processed only in Italy. If, in the course of a contractual relationship, your data are processed in a state that does not belong to the EU, the rights attributed to you by EU legislation will be guaranteed and you will be promptly notified.
Purpose of the processing for which the personal data are intended - The main purpose of the processing of your personal data that the writer intends to carry out is to allow a regular establishment and / or evolution, as well as a correct administration of the relationship specified in the introduction.
In particular, the purposes of the processing are as follows:
- Fulfillment of contractual obligations;
- Customer management (customer administration; administration of contracts, orders, shipments and invoices; reliability and solvency control);
- Management of litigation (contractual breaches; warnings; transactions; credit recovery; arbitration; legal disputes);
- Internal control services (safety, productivity, quality of services, integrity of assets);
- Management of marketing commercial activities (market analysis and surveys);
- Promotional activities;
- Detection of the degree of customer satisfaction.
Personal data will be processed for the fulfillment of legal obligations, as well as to fulfill administrative, insurance and tax obligations provided for by current legislation and also to satisfy accounting and commercial purposes, or to be able to regularly fulfill contractual and legal obligations deriving from from the legal relationship with the interested party. Furthermore, the data provided may possibly also be used to contact the interested party in the context of market research regarding products or services or in the context of offers or commercial campaigns. In any case, the interested party may freely choose not to give his consent for these purposes and also indicate how to be contacted or with which to receive commercial information.
Scope of knowledge of your data - The following categories of persons appointed as responsible or in charge of processing by the writer may become aware of your data:
- Employees or collaborators in general involved in the acquisition and cataloging of documents entrusted to Galli Rodolfo e Figli:
o In charge of maintenance and / or repair;
o In charge of surveys and services;
o Employees in the management of historical archives;
o Accounting and billing staff;
o Offices, services.
- Consultants appointed for consultancy, assistance or services to our structure;
- Executives and directors;
- Members of control bodies.
Personal data may also be known by subjects affiliated with the writer, indicated in the paragraph entitled "Processing methods". The writer can delegate to these subjects the execution of certain obligations or the performance of particular acts due for the execution of the relationship with the interested party.
Communication and dissemination - Your data may be communicated, meaning by this term the disclosure of it to one or more specific subjects, by the writer outside the company to implement all the necessary legal and / or contractual obligations. In particular, your data may be disclosed to:
a) Public bodies or offices or supervisory authorities according to legal and / or contractual obligations;
b) banks and / or credit institutions for the management of payments deriving from the contractual relationship;
c) Your data may be communicated by the writer in the following terms:
- to subjects who can access the data by virtue of the provision of law, regulation or community legislation, within the limits set by these rules;
- to subjects who need to access your data for purposes auxiliary to the relationship between you and us, within the limits strictly necessary to carry out the auxiliary tasks (credit institutions and shippers are mentioned as an indication);
- to our consultants and / or professionals, within the limits necessary to carry out their assignment at our or their organization, subject to our letter of appointment which imposes the duty of confidentiality and security.
In any case, your data will not be disclosed except to operators for the execution of acts concerning the fulfillment of the relationships that may occur with the interested parties to whom the data refers.
Dissemination - The writer will not indiscriminately disclose your data, or in other words, will not disclose it to undetermined subjects, even by making it available or consulting.
Trust and confidentiality - The writer considers the trust shown by the interested parties who have consented to the processing of their personal data to be precious and for this he undertakes not to sell, rent or rent personal information to others.
Rights referred to in articles 15 et seq. GDPR - Pursuant to art. 15 and ss. GDPR You have the right to obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form. You have the right to obtain confirmation:
a) the origin of the personal data;
b) the purposes and methods of the processing;
c) the categories of personal data;
d) the data retention period;
e) of the logic applied in case of treatment carried out with the aid of electronic instruments;
f) the identification details of the owner, of the managers, of the designated representative and of the data protection officer;
g) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.
You also have the right to obtain:
a) updating, rectification or, when interested, integration of data;
b) the cancellation (oblivion), transformation into anonymous form or blocking of data processed in violation of the law or its limitation, including those that do not need to be kept for the purposes for which the data were collected or subsequently treated;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is proves impossible or involves the use of means that are manifestly disproportionate to the protected right;
d) The right to data portability is not applicable to the context in which the processing entrusted to the writer takes place.
For the data processed for which your consent is required, you may withdraw your consent at any time and in this case the Data Controller will immediately delete any personal data referable to you concerning the scope of the consent you have expressed.

You have the right to object, in whole or in part:
a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection;
b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.

To exercise these rights, you can contact our Structure "Data Controller" by email or by calling 031-876547 or by sending a message to Via del Caminanz 6, 23842 Bosisio Parini, Lecco. The Data Controller will reply to you within 30 days of receiving your formal request.
Identification of the owner.

The data controller is Galli Rodolfo e Figli Srl whose personal data are:
Galli Rodolfo and Figli Srl,
Registered office: Via Del Caminanz, 23842 Bosisio Parini, Lecco
Tel. +39 031 876547
VAT number: 00814820130
Data Processors - External companies with which a contractual relationship has been established and which need to receive your personal data to fulfill these agreements play the role of Data Processors.
It is intended to clarify that the aforementioned Managers would not in any case deal with the requests for reply to the interested parties pursuant to art. 15 and ss. of the GDPR. This activity is carried out exclusively by the writer as the Data Controller.
Representative established in the territory of the State - We inform you that our organization pursuant to art. 27 and ss. GDPR, not recurring any circumstances provided for by the aforementioned GDPR, has not appointed any Representative established in the territory of the State for the purposes of applying the regulations on the processing of personal data.
Data Protection Officer: Galli Rodolfo e Figli is not required to appoint the Data Protection Officer
Processing without the need for the consent of the interested party - It should be noted that the writer, even in the absence of your consent, will be entitled to process your personal data if this is necessary to:
- fulfill an obligation established by law, by a regulation or by community legislation;
- perform obligations deriving from a contract of which you are a party or to fulfill, before the conclusion of the contract, your specific requests.
Furthermore, your express consent is not required when the processing:
1) concerns data from public registers, lists, deeds or documents that can be known by anyone, without prejudice to the limits and methods that the laws, regulations or community legislation establish for the knowledge and publicity of data or data relating to the performance of activities economic, processed in compliance with current legislation on business and industrial secrecy;
2) it is necessary for the protection of the life or physical safety of a third party (in this case, the owner is required to inform the interested party of the processing of personal data through the information also after the processing itself, but without delay. In this case, therefore, the consent is expressed following the presentation of the information);
3) with the exclusion of dissemination, it is necessary for the purpose of carrying out the defensive investigations referred to in the law of 7 December 2000, n. 397, or, in any case, to assert or defend a right in court, provided that the data are processed exclusively for these purposes and for the period strictly necessary for their pursuit, in compliance with current legislation on business and industrial secrecy;
4) with the exclusion of disclosure, it is necessary, in the cases identified by the Guarantor on the basis of the principles established by law, to pursue a legitimate interest of the owner or a third party recipient of the data, also with reference to the activity of banking groups and companies controlled or connected, if the fundamental rights and freedoms, dignity or legitimate interest of the data subject do not prevail.