The information required by the GDPR on the processing of your personal data obtained by filling out the “Join us” form is presented below.
- Identity and contact details of the Data Controller
Inticom S.p.a., Tax Code and VAT number 02649140122, with registered office in Via Carlo Noè 22, 21013 – Gallarate (VA), Italy, email address privacy@pianofortegroup.com, certified email address (PEC) privacy@pianofortegroup.com (hereinafter referred to as the “Data Controller”).
- Purposes of the data process, legal bases and data retention period
WHY IS YOUR PERSONAL DATA BEING PROCESSED? WHAT IS THE LEGAL BASIS THAT MAKES THE DATA PROCESSING LAWFUL? HOW LONG WILL YOUR PERSONAL DATA BE RETAINED? The data provided by you by filling out the “Join us” form will be processed to evaluate your request and eventually to contact you. The legal basis for the data processing is the performance of pre-contractual measures adopted at the request of the Data Subject, pursuant to Article 6(1) point b) of the GDPR. For the entire duration of the request evaluation period and, in case of a negative outcome, for a period of 12 subsequent months. Once the aforementioned data retention timeframes have expired, the data shall be destroyed, erased or anonymised, consistently with the applicable erasure and backup technical timeframes.
- Nature of the provision of personal data
Pursuant to Article 13(2) point e) of the GDPR, we hereby inform you that the provision of data marked with an asterisk is mandatory. Any refusal or failure to provide such data shall therefore not allow for the request to be evaluated.
- Categories of recipients
The data may be communicated to third parties operating as independent data controllers, such as public authorities and professional firms.
The data may also be processed, on behalf of the Data Controller, by third parties, designated as Data Processors pursuant to Article 28 of the GDPR, who carry out activities functional to the pursuit of the aforementioned purposes (e.g. IT services, website management, etc.).
Data may also be processed by employees of the Data Controller, working for the company departments responsible for pursuing the aforementioned purposes, who have been expressly authorised to do so and who have received appropriate operating instructions.
- Rights of the Data Subject
The Data Subjects may exercise, in relation to the Company, the rights provided for by Articles 15 to 21 of the GDPR and, in particular:
- the right to request access to data concerning them and to the information pursuant to Article 15 (purpose of the data processing, categories of personal data, recipients or categories of recipients, etc.);
- the right to request erasure of the data in the cases provided for by Article 17 of the GDPR if the Company no longer has the right to process such data1;
- the right to request the rectification of inaccurate data or to have incomplete personal data completed
- the right to obtain the restriction of data processing (i.e. the temporary subjection of data to the mere retention operation), in the cases provided for by Article 18 of the GDPR2;
- should the processing of the data be based on consent or on a contract and carried out by automated means (right “to data portability”), the Data Subject has the right to receive the data in a structured, commonly used and machine-readable format, as well as, if technically feasible, that the same data be transmitted to another data controller without hindrance.
These rights can be exercised by contacting the Data Controller at the contact information indicated in paragraph 1, in particular by sending an email to privacy@pianofortegroup.com
The Data Subjects have the right to lodge a complaint with the Authority for the Protection of Personal Data or with the competent supervisory authority in the Member State where they habitually reside or work or in the State where the alleged infringement has occurred.
- Data Protection Officer (DPO) contact details
The DPO can be contacted at the following email address: dpo@pianofortegroup.com
1The data subject has the right to obtain erasure of his/her data, in particular, in the following cases:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the Data Subject withdraws their consent on which the processing is based, according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
- the Data Subject objects to the processing of the data, pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
2The conditions under which it is possible to obtain the restriction of the data processing are the following:
- the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
- the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;