Data Processing

PURSUANT TO REGULATION (EU) 2016/679 ("GDPR"), D.Lgs. 196/2003, D.Lgs. 101/2018

1. Introduction

Pursuant to art. 13 of Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data ("GDPR"), we provide you with the requested information on the processing of personal data concerning you ("Data") carried out by Zanchi Giovanni Di Zanchi Maurizio & C. Snc

2. Contact details of the Data Controller

Zanchi Giovanni Di Zanchi Maurizio & C. Snc
Registered Office: Via Giuseppina N. 60 46012 Bozzolo Mantova
e-mail address:
address P.E.C.:
(hereinafter referred to as "Company")

3. Personal Data Processed

"Data" means those relating to natural persons processed by Zanchi Giovanni Di Zanchi Maurizio & C. Snc in the management of relations with their interlocutors. In particular, the following types of data are processed for the relations with the users of the website.

4. Purposes of Processing and Legal Basis

Purpose: Establishment and execution of the contractual relationship between the users of the website and the Company.
Legal basis: Performance of the contract. Legitimate interest in the Data users of the website, involved in the activities referred to in the contract.
Retention period: For the duration of the contract [and, after termination, for ten years]. In the case of litigation, for the duration of the same, until the exhaustion of the time limits for the availability of appeals.

Purpose: Fulfillment of obligations under regulations and applicable national and supranational legislation.
Legal basis: Need to comply with legal obligations.
Retention period: For the duration provided for by applicable regulations and national and supranational legislation.

Purpose: Taking of civil, criminal and/or administrative procedural initiatives to protect Zanchi Giovanni Di Zanchi Maurizio & C. Snc
Legal basis: Legitimate interest.
Retention period: For the entire duration of the litigation, until the exhaustion of the terms of the appeal proceedings.

Purpose: Out-of-court debt recovery
Legal basis: Legitimate interest.
Retention period: For the time needed to manage out-of-court debt collection.

After the above-mentioned retention periods, the Data will be destroyed, deleted or anonymized, compatible with the technical procedures of deletion and backup.

5. Methods of Processing

The processing of Data is based on the principles of correctness, lawfulness, transparency and minimization of data (privacy by design); it can be carried out both manually and through automated methods to store them, to process and transmit them, and shall take place through appropriate technical and organisational measures, taking into account the state of the art and the costs of implementation. Zanchi Giovanni Di Zanchi Maurizio & C. Snc guarantees the security, confidentiality, integrity, availability and resilience of systems and services, avoiding the risk of loss, destruction, unauthorized access or disclosure or, in any case, illegal use, and by reasonable measures to delete or rectify inaccurate data in a timely manner with respect to the purposes for which they are processed.

6. Data Subject Rights (Art. 15- 22 GDPR)

6.1 Data subjects are granted the rights referred to in art. 15 to 22 of the GDPR, where applicable.

6.2 In particular, data subjects may ask the Data Controller for access to the Data, the correction of inaccurate Data, the integration of incomplete Data, the cancellation of Data, as well as the limitation of processing in the cases provided for by art. 18 of the GDPR.

6.3 The data subjects have the right to object at any time, in whole or in part, to the processing of the Data necessary for the pursuit of the legitimate interest of the Data Controller.

6.4. The interested parties, moreover, in the cases provided for by art. 20 of the GDPR for the exercise of the right to portability, have the right to receive in a structured format, commonly used and readable by automatic device, the Data provided to the Data Controller, as well as, if technically feasible, to transmit them to another holder without hindrance.

6.5 Data subjects have the right to revoke the consent given at any time for marketing and/or profiling purposes, as well as to oppose the processing of data for marketing purposes, including profiling related to direct marketing. It remains without prejudice to the possibility for the data subject who prefers to be contacted for the aforementioned purpose exclusively through traditional methods, to express his opposition only to receiving communications through automated means.

6.6 Data subjects have the right to lodge a complaint with the competent supervisory authority (in particular in the Member State in which they habitually reside or work or in the State in which the alleged infringement occurred).

6.7 These rights may be exercised, by registered mail or PEC, at the address of the Data Controller or the Data Protection Officer, as identified in point 2.

7. Privacy Management Model

7.1 The Company, as Data Controller, has prepared a model for the protection of personal data, identifying roles and responsibilities in the field of data protection by identifying, in particular, the heads of corporate organizational units, limited to the processing of own competence, as responsible for the execution of the model in compliance with the applicable regulatory requirements ("Privacy Referents").

7.2 The Data may be processed by the employees of the company functions designated for the pursuit of the purposes indicated above (hereinafter, "Authorized Employees"). These Authorised Employees have been appointed in charge of the Processing and have received, in this regard, appropriate operational instructions.

8. Categories of recipients to whom the data may be disclosed as data controllers or who may become aware of the data as data controllers

8.1 The Data may be communicated to external parties operating as data controllers, by way of example, authorities and supervisory and control bodies and in general subjects, public or private, entitled to request the Data.

8.2 The Data may be processed, on behalf of the Data Controller, by external parties designated as data processors, who carry out on behalf of the Data Controller specific activities, for example, accounting, tax and insurance obligations, shipment of correspondence, management of receipts and payments, etc.

9. Extra EU Data Transfer

9.1 Data may be transferred abroad to non-European countries, and in particular:

Hypothesis 1) "whose level of data protection has been deemed adequate by the European Commission pursuant to art. 45 of the GDPR"
or Hypothesis 2) "after signing of the standard contractual clauses (Standard Contractual Clauses) adopted/approved by the European Commission pursuant to art. 46, 2, lett. c) and d)"
or Hypothesis 3) "after adoption of the other guarantees referred to in art. 46 and 47 of the GDPR"
or Hypothesis 4) "subject to the presence of one of the exceptions referred to in art. 49 of the GDPR".