The English version of the text below is provided for illustrative purposes.
In case of conflict, the Italian version prevails.
Pursuant to Article 13 of EU Regulation No. 2016/679 (hereinafter "GDPR 2016/679"), REDAT S.p.A. VAT number 00492420013, with registered office in Via Donati 14 – 10121 Turin, in its capacity as Data Controller (hereinafter "Controller"), wishes to inform you about the purposes and methods of processing your personal data.
1. Source, Subject, and Purpose of Processing
The Controller processes your common identifying personal data (name, surname, company name, address, tax code, VAT number, email, telephone numbers), as well as the data necessary to perform the requested services and financial transactions (e.g., bank details), directly provided by you during the pre-contractual/contractual phase.
The Controller processes the aforementioned personal data in the course of its business activities, lawfully and fairly, for purposes related to the fulfillment of contractual or legal obligations.
2. Legal Basis
The legal basis for the processing is the contract concluded between the parties (pursuant to Article 6(1)(b) of EU Regulation 679/2016) and the legal obligations that the Controller is required to observe (Article 6(1)(c)).
3. Processing Methods
The processing of your personal data is carried out through the operations indicated in Article 4(2) of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data.
Your personal data is processed both on paper and electronically.
4. Nature of Data Provision and Consequences of Refusal
Providing your data for the purposes referred to in Article 1 is necessary as it is related to the management of the contractual relationship. Without such data, the Controller will not be able to perform the requested services.
5. Data Access
Your data may be made accessible for the purposes referred to in Article 1:
- to employees and collaborators of the Controller, in their capacity as Appointed Persons and/or Persons Designated for processing and/or System Administrators;
- to companies and/or professional firms or consultants with whom the Controller has contractual or collaborative relationships (e.g., for support activities or service management), who carry out outsourcing activities on behalf of the Controller, in their capacity as External Data Processors (e.g., accountants, IT consultants, etc.).
6. Data Disclosure
The Controller may disclose your data for the purposes referred to in Article 1 to public authorities (e.g., Supervisory Bodies, Revenue Agency, etc.) as well as to all other entities to whom communication is mandatory by law to achieve said purposes.
Your personal data will not be disseminated.
7. Data Transfer
The Controller does not transfer your personal data abroad. The management and storage of personal data take place on servers located within the European Union, either owned by the Controller and/or by third-party companies duly appointed as Data Processors.
Should it become necessary, the Controller reserves the right to relocate the servers. In such cases, the Controller ensures that, if data is transferred to non-EU countries, such transfer will comply with applicable legal provisions, by stipulating, if necessary, agreements that ensure an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.
8. Data Retention Period
The Controller will process personal data for the time strictly necessary to fulfill the aforementioned purposes. After the relationship has ended, data will be retained, in compliance with the principles of proportionality and minimization, solely to fulfill legal, accounting, or tax obligations, other mandatory regulations, or for the protection of the Controller's interests (e.g., handling potential disputes).
9. Data Subject Rights
As the data subject, you may exercise your rights at any time as expressly recognized by Articles 15 to 22 of the GDPR. These include:
- the right to access personal data,
- the right to rectification,
- the right to erasure,
- the right to restriction and objection to processing,
- the right to data portability,
- the right not to be subject to automated decision-making, including profiling,
- the right to withdraw consent without affecting the lawfulness of processing based on consent before its withdrawal,
- the right to lodge a complaint with the Supervisory Authority if you believe that processing violates EU Regulation 679/2016 or national regulations on personal data processing.
10. How to Exercise Your Rights
You may exercise your rights at any time by sending a registered letter with return receipt to REDAT S.p.A., Via Calcatelli 3 – 10029 Villastellone (TO), Italy, or by email to amministrazione@redat.com, or certified email (PEC) to amministrazione@pec.redat.com.
11. Data Controller, Processors, and Appointed Persons
The Data Controller is REDAT S.p.A., VAT number 00492420013, with registered office in Via Donati 14 – 10121 Turin, Italy, tel. +39 011/9691111, email amministrazione@redat.com, or PEC amministrazione@pec.redat.com.
The updated list of Data Processors and Appointed Persons is available at the Controller’s registered office.