Pursuant to European Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016, on the protection of natural persons with regard to the processing of personal data (in short “GDPR”)
PhotoSì S.p.A Unipersonale (hereinafter referred to as “PhotoSì”), in the person of its legal representative pro-tempore, in his capacity as Data Controller of the personal data collected directly from the person concerned, provides you with this information notice in accordance with Article 13, GDPR (in short “Information notice”).
In any case, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be ensured by taking all the necessary suitable technical and organizational measures to ensure their security.
Data Controller’s identity and contact details
Registered office in via Carpegna 22,
Riccione (47838 - RN)
Tax code and VAT number 03550860401
Tel 0541/609903 – email@example.com
Purposes of personal data processing and legal basis
Your personal data will be processed:
(i) without your mandatory consent for the following purposes:
The above processing modes comply respectively with the following legal bases:
The provision of the data marked in the form with (*), for the purposes referred to in the previous section (i), is mandatory and the lack of data and/or any express refusal to process the data will make it impossible for the Data Controller to implement the contract or the pre-contractual measures, and it will make it impossible for the interested party to fulfil the obligation, which might even result in the penalties provided for by the legal system.
(ii) with your prior consent (Article 7, GDPR) for the following purposes:
The provision of data for the purposes referred to in the previous section (ii) is optional, with the result that you may decide not to give your consent or to revoke it at any time. For these processing modes automated processes are used through the use of software that require in any case the human decision-making intervention aimed at avoiding unwanted consequences for the interested party, always and in any case limited to receiving communications from the Data Controller.
Categories of recipients of personal data
For the purposes referred to in the previous paragraph, the personal data you have provided may be transferred or made accessible to:
The complete updated list of the Data Processors is available upon written request to the address firstname.lastname@example.org.
Storage and transfer of personal data abroad
The management and storage of personal data occur on Cloud and on servers located inside and outside the European Union owned by and/or available for the Data Controller and/or third-party companies in charge of that, duly appointed as Data Processors.
The transfer of data abroad to non-EU countries occurs exclusively in the context of the management of information systems for requirements strictly related to the performance of business activities and, in any case, in compliance with the provisions contained in Chapter V, GDPR.
Your personal data will not be disclosed.
Storage period for personal data
Personal data collected for the purposes indicated in the previous paragraph (c), section (i) will be processed and stored for the entire duration of any contractual relationship established.
From the date of termination of this relationship, for any reason or cause, the data will be stored for the duration of the limitation period applicable ex lege, that is 10 years.
While pictures and photographs are processed for the period of time necessary for their processing and stored for the period of 1 month, after which they are automatically deleted and destroyed, unless otherwise specified (for example by storing a project in your reserved area).
The personal data collected for the purposes indicated in the previous paragraph (c), section (ii) will be processed and stored for the time necessary to fulfil such purposes and, in any case, for a period of no more than 24 months for marketing and no more than 12 months for profiling from the date in which we will receive your consent.
After this storage period, the data will be destroyed or anonymised.
In compliance with the provisions of Chapter III, Section I, GDPR, you may exercise the rights indicated therein, and more specifically:
You may exercise these rights by simply sending a request per e-mail to the Data Controller’s address email@example.com.