GENERAL DATA PROTECTION REGULATION (Art. 13 European Parliament 2016/679)

Identity and contact details of the Data Controller

The Data Controller is ISA S.p.A. in Via Leonardo da Vinci, 4, 61036 Calcinelli (PU). For any need regarding the processing of personal data, you can send an email to the address privacy@isainfissi.com

Purpose and legal basis of the processing

ISA S.p.A. processes personal data of third parties, in compliance with the principles of correctness, lawfulness and transparency, for the following purposes:

1. Carrying out of pre-contractual activities aimed at signing business contracts (processing necessary for the execution of pre-contractual measures)
2. Execution of the services to be carried out under the contract concerning the performance of the business activity (treatment necessary for the execution of a contract of which the interested party is a party)
3. Administrative and tax obligations related to the contracts referred to in letter b) (processing necessary to fulfill a legal obligation)
4. Other administrative activities necessary for the fulfillment of regulatory obligations relating to the business activity (processing necessary to fulfill a legal obligation)

Data processing is carried out by internal personnel authorized to process and, on behalf of the Data Controller, by external subjects, formally appointed as Data Processors, of which it is possible to request a list. The data are not transferred to third countries; in the event of subsequent transfer of data to third countries, the Data Controller undertakes to communicate this to the interested parties, as far as this may be possible.

Recipients of personal data

As part of the treatments listed above, personal data can be communicated in paper and/or electronic format to the following categories of recipients:

• Public bodies in the administrative, economic and fiscal fields
• Professional associations and their service companies
• Banks, insurance companies, debt collection companies
• Customers and/or suppliers of the company
• Subjects managing the IT system

Obligation to provide data

The provision of data may be necessary for the performance of pre-contractual activities, for the management of contractual relationships or for the fulfillment of regulatory obligations and consequently their failure to supply or incompleteness create difficulties in carrying out the services borne by Isa spa, within the contracts of which the interested party is a party directly or indirectly, up to making it impossible to stipulate or perform the contractual relations themselves.

Data retention period

Personal data held by ISA S.p.A. are kept for as long as necessary for the management of the pre-contractual or contractual relationships that constitute its prerequisite and in any case for the duration foreseen by legal obligations.

Rights of the interested party

Interested parties can request by e-mail at privacy@isainfissi.com access to their personal data, rectification, cancellation, limitation or opposition of the processing as well as data portability (articles 15 et seq. of EU Regulation 2016/679), but this request cannot be satisfied if the processing is imposed by legal obligations or necessary for the protection of a right of the Data Controller.

Right to propose a complaint with the supervisory Authority

The interested parties, if they believe that the processing of data concerning them violates the 2016/679 Regulation, can propose a complaint with the Guarantor Authority for the protection of personal data.