Privacy Policy

Privacy Policy

This privacy policy describes how personal data provided through our application form is collected, used, and processed.

DATA PROTECTION PRIVACY NOTICE

Considering art. 12 of EU Regulation 679/2016 for those who, having already received information regarding web navigation at the time of connecting to this site, submit requests through forms or directly to the indicated email addresses, the following privacy notice has been prepared:

1. The Data Controller is Officine Milanesi.
2. Data processing is carried out for the legitimate interest of the Data Controller to conduct its commercial activities and for the purpose of conducting pre-contractual or contractual phases with users expressing interest – all pursuant to art. 6, para. 1, letters b and f of EU Regulation 679/2016 with reference to Considerations 44 and 47 of the same Regulation.
3. The data received through the relevant email servers are processed by the Data Controller and may be disclosed to consultants in partnership, collaborators, and/or system administrators in relation to specific themes and needs.
4. The retention period of personal data, not being determinable a priori in standardized terms, respects the needs for responding to or fulfilling the established relationship for the specific request, requirement, or communication in harmony with corresponding legal provisions.
5. At any time, the data subject can request access to personal data and the correction or deletion of such data or the limitation of the processing of personal data concerning them or object to their processing, in addition to the right to data portability.
6. At any time, the data subject has the right to lodge a complaint with a supervisory authority.
7. The communication of personal data, even limited to the email address, is a necessary requirement for establishing relationships, responding to requests, and for the possible initiation of pre-contractual and/or contractual procedures leading to the conclusion of a contract.
8. The transfer of personal data abroad, or to a non-EU country or international organization, is limited to Google services, MyBusiness, as well as Social platforms such as Facebook, Instagram, YouTube. Given the impact of the “Schrems II judgment” on the Privacy Shield for the transfer of the data in question, “derogations in specific situations” under art. 49 of EU Regulation 679/2016 are invoked.

Right of Data Subject Access

The data subject has the right to obtain confirmation from the data controller whether personal data concerning them is being processed and, in such cases, to access the personal data and the following information:

1. The purposes of the processing.
2. The categories of personal data involved.
3. The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations.
4. Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
5. The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing.
6. The right to lodge a complaint with a supervisory authority.
7. Where the personal data is not collected from the data subject, any available information as to their source.
8. The existence of automated decision-making, including profiling, referred to in Articles 22(1) and (4) of EU Regulation 679/2016, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
9. Where personal data is transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards pursuant to Article 46 of EU Regulation 679/2016 relating to the transfer.
10. The data controller provides a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information is provided in a commonly used electronic format.
11. The right to obtain a copy as referred to in the preceding paragraph must not adversely affect the rights and freedoms of others.

Note: This privacy policy has been formulated based on the specifics of the service provided through this website and in relation to the Data Controller’s Privacy Management System.

Revision date: March 31, 2024