NOTICE ON DATA PROCESSING AND REQUEST FOR CONSENT TO

THE PROCESSING OF PERSONAL DATA

Pursuant to Article 13 of EU Regulation 679/2016 – for customers

Structura Ingegneria S.r.l., with registered office in Rome (RM), Via Montevideo n.4, 00198, in its capacity as Data Controller pursuant to Article 24 of the GDPR – General EU Regulation on the protection of personal data No. 2016/679, in force in Italy since May 25, 2018 – hereby informs, pursuant to Article 13 of the Regulation, that it will process the personal data provided, relating to your company’s personnel, for the purposes indicated below.

Methods of Processing

The Data Controller, whose details are indicated above, will process the data using paper and/or electronic tools, according to procedures strictly related to the stated purposes. The data will be recorded and stored in paper archives under the exclusive control of the Data Controller and protected against risks of destruction, alteration, deletion, and unauthorized access through effective physical, logical, and organizational security measures.
Data will be processed in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity, and confidentiality.

Purposes of Processing

The purposes are connected with the performance of the underlying supply contract, including any pre-contractual phase, and specifically:

  • managing communications of various kinds through different channels (telephone, mobile phone, SMS, email, fax, postal mail);
  • submitting or responding to requests received; exchanging information necessary for the execution of the contractual relationship, including pre- and post-contractual activities; fulfilling any legal obligations. Data may also be processed for internal statistical purposes and market research.

Legal Basis

The legal basis for the processing described above is the legitimate interest of the Data Controller (Recital 47 GDPR). The personal data provided will be processed for the performance of a contract concluded with the customer or for the implementation of pre-contractual measures taken at the customer’s request.
The Data Controller does not transfer personal data to third countries or international organizations.

Data Recipients

The data provided may be disclosed to third parties for technical and operational requirements strictly related to the purposes stated above, and in particular to the following categories:

a) entities, professionals, companies, or other structures entrusted with processing connected to the fulfillment of

administrative, accounting, and management obligations related to the ordinary conduct of

our business activities, including debt collection and audits by external certification or procurement bodies;

b) public authorities and administrations for purposes connected with compliance

with legal obligations or to parties entitled to access such data under laws, regulations, or EU provisions;

c) banks, financial institutions, or other entities to whom the transfer of such data is necessary for the performance

of our company’s activities and contractual obligations;

d) suppliers of installation, support, and maintenance services for IT and telematic systems and other functionally related

services necessary for the performance of contractual obligations.

Data Retention Period

Data will be retained for the time necessary to fulfill the purposes arising from the requested services, namely for the duration of the contractual relationship and for an additional period of 36 months to comply with legal obligations.
Where information relates to online transactions, such data may be retained for accounting and tax reporting purposes for a period of 10 years.

Rights of Data Subjects

Data subjects may exercise the following rights at any time:

a) Right of access, including:

– confirmation as to whether personal data are being processed;

– purposes of processing;

– categories of personal data;

– recipients or categories of recipients;

– origin of the data where not collected directly;

– existence of automated decision-making, including profiling;

– a copy of the personal data undergoing processing.

b) Right to rectification and completion of personal data

c) Right to erasure (“right to be forgotten”) where one of the legal grounds applies.

1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

2. the interested party withdraws consent to the processing of data and there is no other legal basis for the processing;

3. the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

4. the personal data have been unlawfully processed;

5. the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

public and is required to delete it, the data controller must inform other controllers processing the personal data of the request to delete any links to, copies or replications of, that data.

d) Right to restriction of processing in the cases provided by law.

1. the data subject contests the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the personal data;

2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

3. although the data controller no longer needs the personal data for the purposes of the processing, they are required by the data subject for the establishment, exercise or defence of legal claims;

4. the data subject has objected to the processing, pending verification whether the legitimate grounds of the data controller override those of the data subject.

e) Right to lodge a complaint with a Supervisory Authority

f) Right to data portability, namely to receive personal data in a structured, commonly used,

machine-readable format

and transmit them to another controller,

where processing is based on consent or contract and carried out by automated means.

g) Right to object at any time to processing, including profiling, in particular where processing is based on legitimate interest or for direct marketing purposes.

1. the processing is based on the legitimate interest of the owner, subject to the explicit explanation of the reasons for the opposition;

2. Personal data are processed for direct marketing purposes.

h) Right not to be subject to automated decision-making, including profiling,

except where permitted by law.

i) Right to withdraw consent at any time. Where no other legal basis applies, the data must be erased.

Exercise of rights is free of charge and not subject to formal requirements, except in cases of manifestly unfounded or excessive requests, where a fee may be charged not exceeding actual costs incurred.

Consequences of Refusal to Provide Data

Providing the data is legally required, and refusal to provide them will make it impossible to comply with legal obligations. Furthermore, providing the data is necessary for the conclusion of the contract; refusal will therefore make it impossible to perform the contract.

HEADQUARTER:

STRUCTURA INGEGNERIA S.r.l.
Via Montevideo, 4 – 00198 Roma (RM) – Italia
C.F. / P.Iva: 12348641007
SDI: KRRH6B9

SECONDARY OFFICE:

MMWP+R97 Office 23
Tahlia St, Aknaz Center – Al Riyadh, SAUDI ARABIA
T: +966 54 1480935

CONTACTS

Phone: +390645509017
E-mail: info@structuraingegneria.it
E-mail: gare@structuraingegneria.it
E-mail: segreteria@structuraingegneria.it

FOLLOW US ON LINKEDIN

CERTIFICATIONS

ISO9901:20215
ISO9901:20215
ISO14001:2015
ISO14001:2015
PARITA' DI GENERE
PARITA' DI GENERE
LEED AP
LEED AP
CAM
CAM

MEMBERSHIP

OICE
OICE
EFCA
EFCA
GBCI
GBCI