EGERIA SOCIETA’ AGRICOLA S.R.L. – Piazza Duca d’Aosta, 12 – 20124 Milano

Privacy policy pursuant to Article 13 of the General Data Protection Regulation (EU) 2016/679 and the Privacy Code as amended by Legislative Decree 101/2018

The Company Egeria Società Agricola S.r.l. (hereinafter, for brevity, the “Company” or “the Data Controller”), in its capacity as data controller, wishes to inform data subjects that the personal data collected by the Company will be processed in compliance with the legislative and contractual provisions in force and in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter, the “Regulation” or the “GDPR”) and the Privacy Code as amended by Legislative Decree 101/2018.

  1. DATA CONTROLLER: The Data Controller is Egeria Società Agricola S.r.l., P. IVA 10220830961, REA MI code – 2514315 with fiscal domicile and registered office in Piazza Duca d’Aosta, 12, 20124 Milan – Italy. To contact the Data Controller, please write to the e-mail address privacy@egerialab.com.
  2. PERSONAL DATA SUBJECT TO PROCESSING:

The Controller may process the following data:

  1. Common personal data such as, for example, company details or details of natural persons related to the service contract, personal data of company contact persons including their contact details (e-mail, telephone number), data on the registered office and place of business of the data subject;
  2. Accounting and tax data necessary for the establishment of the contractual relationship
  3. Bank data (e.g. current account no. or IBAN) for making or receiving payments;
  1. PURPOSE AND LEGAL BASIS:

Personal data are freely provided by the data subject and are collected and processed for the following purposes:

  1. The performance of a contract or the establishment of a pre-contractual relationship, including the fulfilment of legal obligations connected therewith;
  2. for purposes connected with obligations laid down by law, as well as by provisions issued by authorities empowered to do so by law
  3. the management of any litigation and protection of the Company’s rights.
  4. for purposes of direct marketing – so-called soft spam – e.g. commercial communications concerning services similar to those covered by the contract;

The legal bases legitimising the processing are:

  • the performance of a contract to which the data subject is party or the performance of pre-contractual measures taken at the request of the same (paragraph 3a)
  • the performance of legal obligations to which the data controller is subject (paragraph 3b);
  • the legitimate interest of the Controller, for direct marketing or for activities related to litigation management (paragraph 3c, 3d);

Where the Controller intends to further process the personal data for a purpose other than that for which it was collected, prior to such further processing, it will provide the data subject with information about that other purpose and any further relevant information.

  1. DATA PROCESSING METHODS AND NATURE OF DATA CONFERMENT

Personal data will be processed by the Company by means of computerised and paper-based systems in accordance with the principles of fairness, loyalty and transparency provided for by the applicable legislation on the protection of personal data. The provision of data with respect to the purposes set forth in paragraphs 3a, 3b and 3c is mandatory. The provision of data with respect to the purposes referred to in paragraph 3d is optional and in any case the data subject may object at any time to any direct marketing activity.

 

  1. RECIPIENTS AND POSSIBLE CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The processed data will not be disseminated, but in certain cases and exclusively for the purposes set out and in compliance with the principles of the Regulation, they may be communicated to: authorised parties appointed by the Data Controller, consultants, professionals and in general qualified third parties who collaborate with the Company (in particular, purely by way of example: accountants; technical consultants, banking institutions, etc.) in their capacity as Autonomous Data Controllers or Data Processors. Furthermore, in order to fulfil specific legal obligations, personal data may be communicated to public bodies or public authorities. The full list of authorised Data Processors may be requested by e-mail from the Data Controller by writing to privacy@egerialab.com.

 

  1. DATA TRANSFER TO THIRD COUNTRIES

Personal data will be stored at the Company’s headquarters and its servers (both located in Italy, at the Data Controller’s premises) and will not be transferred outside the European Union.

Should it be necessary, for technical and/or operational reasons, to make use of subjects located outside the European Union, we hereby inform you that such subjects will be appointed as Data Processors pursuant to art. 28 of the Regulation or as Joint Data Processors pursuant to art. 26 of the Regulation and the transfer of Personal Data to such subjects, limited to the performance of specific Processing activities, will be regulated in compliance with Title V of the Regulation. All necessary measures will therefore be adopted in order to ensure the highest level of protection of Personal Data.

 

  1. DATA PROCESSING METHODS AND STORAGE PERIOD

The data collected will be processed by means of electronic, computerised and telematic instruments, or by means of manual processing with logic strictly related to the purposes for which the Personal Data have been collected and, in any case, in such a way as to guarantee their security.

Personal Data collected for purposes related to the performance of a contract will be processed for the entire period of validity of the service and will be kept on file for a further 10 years in accordance with current legislation and the civil code (art. 2220 civil code). Personal Data collected for purposes attributable to the legitimate interest of the Controller will be retained until such interest is satisfied. The Data Subject may obtain further information on the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller. Personal Data whose retention is not necessary or not required by the applicable regulations will be deleted or encrypted or anonymised.

  1. DATA SUBJECT’S RIGHTS REGARDING DATA PROCESSING

The data subject may at any time exercise the following rights:

– Right to access personal data, Art. 15 GDPR;

– Right to obtain rectification of data, Art. 16 GDPR;

– Right to erasure of data (right to be forgotten), Art. 17 GDPR;

– Right to restriction of processing, Art. 18 GDPR;

– Right to object to processing at any time, Art. 21 GDPR;

– Right to lodge a complaint with the Supervisory Authority if you believe that your Personal Data has been processed unlawfully.

To exercise the aforementioned rights, the Data Subject may contact the Data Controller by e-mail at privacy@egerialab.com or by registered letter a/ r to the following address: Egeria Società Agricola S.r.l. Piazza Duca d’Aosta, 12, 20124, Milano MI