PRIVACY POLICY
1.OWNER
The Data Controller, i.e. the subject who is responsible for decisions regarding the purposes, methods and security of personal data, is Antica Sartoria S.r.l., via Sabotino19/2 – Milan -, in the person of the legal representative pro tempore, contact email info@anticasartoriapositano.it .
2. CO-OWNERSHIP – ASSIGNMENTS TO THIRD PARTIES
In the case of co-ownership, the Controller shall ensure that compliance with the following principles is guaranteed through the co-ownership agreement. Where personal data processing activities are entrusted to third parties, the Controller shall ensure that compliance with the following principles is guaranteed through the service agreement.
3. ORGANISATION
The Controller organises the resources and processing of personal data in such a way that they comply with the requirements of the GDPR and national sector legislation. Specifically:
a. a. inside
i. i. the organisation of Privacy reflects the operational organisation, the attributions are consistent with the operational tasks, powers and authority attached to them.
ii. The natural persons assigned significant tasks and responsibilities (given the number and categories of personal data and the risks to the rights and freedoms of natural persons) shall be selected, identified and assigned on the basis of objective criteria that define the entity’s needs in terms of knowledge, skills and experience. In the absence of qualifications, requirements and evaluation weights are pre-defined.
iii. iii. Those who process data shall act under the direct authority of the data controller or of a person designated by the data controller. The personnel shall be duly trained and informed in accordance with a continuous training programme that takes into account the
different requirements in relation to the different roles.
iv. The controller directs and supervises all those who process personal data on its behalf.
b. Outside
i. i. the persons entrusted with the processing of personal data are selected and entrusted on the basis of a prior, transparent process that guarantees the objectivity of the choice; the possession by the supplier of the skills and professionalism required by the organisation; the possession by the supplier of sufficient guarantees to put in place adequate technical and organisational measures so that the processing meets the requirements of the GDPR and guarantees the protection of the rights of the data subject.
ii. ii. Relations with third parties that process data on behalf of the data controller are always formalised in writing. The relevant contract complies with the minimum requirements of Article 28 GDPR.
iii. The controller directs and supervises all those to whom he delegates processing activities.
4. THE STAKEHOLDERS
a. The controller processes the personal data of the following categories of natural persons:
– employees
– free professionals
– users
– suppliers
b. Categories of persons indirectly affected:
– family members of employees or users
– creditors of employees
– successors of employees
c. Institutions/entities concerned
– trade unions
d. other
5. THE CULTURE OF PRIVACY
For Antica Sartoria S.r.l., the ability to protect personal data represents not so much and not only a legal obligation, but rather a preferential requirement, a competitive asset. In keeping with the perspective of accountability required by the GDPR, Antica Sartoria S.r.l. approaches the compliance of its personal data processing with respect to the GDPR with a risk-oriented approach to its processing. For Antica Sartoria S.r.l., respect for the rights, freedoms and data of natural persons is an inescapable ethical imperative that guides all the activities it carries out.
ANTICA SARTORIA SRL
6. LICEITY
Antica Sartoria S.r.l. only processes personal data that is based on one of the legal bases referred to in Article 6 GDPR (consent, fulfilment of contractual obligations, vital interests of the data subject or third parties, legal obligations to which the data controller is subject, public interest or exercise of public authority, overriding legitimate interest of the data controller or third parties to whom the data is disclosed).
Antica Sartoria S.r.l. processes special personal data, (i.e. data capable of revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing of genetic data, biometric data intended to uniquely identify a natural person, data relating to a person’s health or sex life or sexual orientation), only if one of the cases provided for in Article 9.2 GDPR exists.
Antica Sartoria S.r.l. processes personal data relating to criminal convictions and offences or related security measures, only on one of the legal bases referred to in Article 6.1 GDPR, and only under the control of the public authority or, if the processing is authorised by Union or Member State law providing appropriate safeguards for the rights and freedoms of the data subjects.
7. CORRECTNESS
Antica Sartoria S.r.l. processes personal data exclusively for determined, explicit and legitimate purposes, without any impropriety or deception towards the persons concerned, strictly adhering to the limits of the legal bases that legitimise the processing.
8. TRANSPARENCY
Antica Sartoria S.r.l. adopts appropriate measures to provide the data subject with all the information referred to in articles 13 and 14 and the communications referred to in articles 15 to 22 and article 34 relating to the processing in a concise, transparent, intelligible and easily accessible form, using simple and clear language.
In particular, Antica Sartoria S.r.l. for each processing it carries out shall make known to the data subject the manner in which personal data are collected, used, consulted or otherwise processed as well as the extent to which personal data are or will be processed.
Information and communications relating to the processing of such personal data must be easily accessible and comprehensible.
9. PURPOSE LIMITATION
Antica Sartoria S.r.l. processes personal data for specified, explicit and legitimate purposes, and ensures that processing is not incompatible with those purposes.
10. DATA MINIMISATION
Antica Sartoria S.r.l. processes personal data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
11. EXACTNESS
Antica Sartoria S.r.l. processes personal data that is accurate and, if necessary, up-to-date; taking all reasonable measures to delete or rectify any data that is inaccurate in relation to the purposes for which it is processed.
12. CONSERVATION LIMITATION
Antica Sartoria S.r.l. stores personal data in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed.
13. INTEGRITY AND CONFIDENTIALITY
Antica Sartoria S.r.l. processes personal data in such a way as to guarantee adequate security of those data, including protection, by means of appropriate technical and organisational measures, from unauthorised or unlawful processing and from accidental loss, destruction or damage.
14. DATA PROTECTION BY DESIGN E BY DEFAULT
Antica Sartoria S.r.l. adopts the methodological approach to any project, according to which the protection of personal data must be considered from the design stage. Therefore, for any project, whether structural or conceptual, the protection of personal data must be considered from the moment of its design, and solutions for the protection of personal data must be provided for Antica Sartoria S.r.l. La Antica Sartoria S.r.l. puts in place appropriate technical and organisational measures to ensure that – by default – only the personal data necessary for each specific purpose of the processing is processed.
ANTICA SARTORIA SRL
15. COMPULSORINESS
Failure to comply with the principles contained in this document, as well as the directives, instructions, requests, orders that may be issued by La Antica Sartoria S.r.l. or for the protection of personal data and compliance with current legislation constitutes a serious breach.
16. REVIEWS
This document is prepared by the Controller, who ensures that it is updated and disseminated.