Information on the processing of personal data

AGOM INTERNATIONAL S.r.l. con Socio Unico, with registered office in Via Mesero, 12 20010 Ossona (MI), VAT 09796100965 (hereinafter, “Controller), as Data Controller, informs you pursuant to art. 13 D.Lgs. 30.6.2003 no. 196 (hereinafter, “Privacy Code”) and art. 13 UE Regulation no. 2016/679 (hereinafter “GDPR”) that Your data will be processed in the manner and for the following purposes:

1. Treatment object
The data Controller processes personal and identifying data (such as name, surname, Company name, address, e-mail address, telephone number, bank and payment details – hereinafter “personal data” or “data ») reported by you on occasion of the conclusion contracts of the Controller data services.

2. Processing purpose
Your personal data are processed without your express consent (art. 24 letter a) b) c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purpose:
-conclude the contracts for the services of the Controller;
-fulfil the pre-contractual, contractual and fiscal obligations deriving from outstanding relations with you;
-fulfil the obligations established by law, by a regulation, by community legislation or by an Authority order (such as for anti-money laundering);
-exercise the rights of the Controller, for example the right to defense in court.

3. Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4no. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to paper, electronic and/or automated processing.
The Controller will process the personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purpose.

4. Data access
Your data may be made accessible for the purposes referred to the art. 2:
– to employees and co-operators of the Data Controller, as people in charge and/or internal manager of the process and/or system administrators;
– to third-party Companies or other subject (for information only, credit institutions, professional firms, Consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Controller, as external manager of treatment.

5. Data Communication
Without the need of express consent (ex art. 24 let. a), b), d) Privacy Code and art. 6 let. b) and c) GDPR), the data Controller may communicate Your data for the art. 2 to Supervisory Bodies (as IVASS), Judicial Authorities, Assurance Companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of purposes. These subjects will process the data in their capacity as independent data Controllers.
Your information will not be disseminated.

6. Security
The data are kept and checked adopting appropriate preventive security measures, aimed at minimizing the risks of loss and destruction, unauthorized access, and of not permitted treatment and different from the purposes for which the processing is carried out.

7. Data transfer
The management and conservation of personal data will take place in European Union.

8. Interested Party rights
In your capacity of interested party, you have the right pursuant to art. 15 GDPR and precisely the right of:
i. obtain confirmation of the existence or not of your personal data, even if not yet registered, and their communication in an intelligible form;
ii. obtain indication about: a) the origin of personal data b) the purposes and methods of the processing; c) the applied logic in case of treatment carried out with electronic instruments; d) the identification details of the Controller, the manager and the designated person pursuant to art. 5 paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the supervised entities or the categories of supervised entities to whom the personal data may be communicated or may became aware in their capacity of designated person in the territory of the State, of managers or people in charge;
iii. obtain: a) the updating, rectification or integration of data; b) the cancellation, transformation in anonymous form or blocking of processed data unlawfully, including the data where retention is unnecessary for the purpose in which the data were collected or subsequently processed; c) the attestation that the operations referred to the letters a) and b) have been brought to the attention, also for the content, of those who the data have been communicated or disseminated, except in the case where the fulfilment is impossible or involves the use of means manifestly disproportionate compared to the protected right;
iv. to object, in whole or in part, for legitimate reasons, to the processing of your personal data, pertinent to the collection purpose.
Where applicable, you have the rights referred to the articles 16-21 GDPR (rectification right, right to be forgotten, right of treatment limitation, right to data portability, right of object) as well as the right of complain to the competition Authority.

9. Method of exercising the rights
You can exercise your rights at any time sending a communication:
1. by mail to the address: agom@agom.it
2. or by registered letter to: AGOM INTERNATIONAL S.r.l. con Socio Unico, Via Mesero no. 12 – 20010 Ossona (MI)

10. The Controller, the person in charge and the manager
The Data Controller is AGOM INTERNATIONAL S.r.l. con Socio Unico.
The updated list of data people in charge and managers is kept and available for consultation at the Data Controller headquarters.