INFORMATION ON THE PROCESSING OF PERSONAL DATA Pursuant to Article 13 of Regulation (EU) 2016/679
Cyber Guru S.p.A. informs that the personal data of its contractual counterparts (and in particular of their respective legal representatives, contact personnel, and references – “Data Subjects”) collected for the purpose of establishing and executing contractual relationships will be processed in compliance with the relevant legislation. Pursuant to Article 13 of Regulation (EU) 2016/679 (“Regulation”), Cyber Guru S.p.A. provides the following information regarding the aforementioned processing:
TYPES OF PERSONAL DATA COLLECTED
The personal data collected, as provided during contractual relationships or by the Data Subjects (“Data”), exclusively relate to:
- identifying data (for example: name, surname, etc.);
- contact data (for example: address, phone, fax, email, etc.);
- tax data (if required by law - for example tax code, VAT number, etc.);
- additional common data that may be collected during the execution of contractual relationships.
DATA CONTROLLER
The data controller is Cyber Guru S.p.A., located in Rome, Viale della Grande Muraglia 284. The Data Subject can contact the data controller at any time by writing to the email address: privacy@cyberguru.it, also to exercise the rights listed in section 7 of this information notice.
PURPOSES, LEGAL BASIS, AND METHODS OF PROCESSING
The purposes of processing the Data are as follows:
- completion and management of the contract. The legal basis for processing is constituted by Article 6 (1)(b) of the Regulation as it is necessary for the conclusion and execution of the contract or of which the Data Subject is a part considering the role held.;
- compliance with legal obligations. The legal basis for processing is constituted by Article 6 (1)(c) of the Regulation as it is necessary to comply with legal obligations.
The Data will be processed in paper, computerized, and telematic form, and entered into the relevant databases which can be accessed exclusively by the Data Controller and its appointed staff.
Regarding the Data processed electronically, appropriate security measures have been adopted to protect the rights, freedoms, and legitimate interests of the Data Subject pursuant to Article 32 of the Regulation.
The Data Controller informs that the Data are not processed through automated decision-making processes.
DATA COMMUNICATION AND TRANSFERS
The Data may be communicated to: (i) subjects who are recognized the right and interest to access the personal data of users by law or secondary regulations; (ii) companies, associations, or professional firms that provide services and activities on behalf of the Data Controller as Data Processors for the fulfillment of legal obligations, as well as for any organizational and administrative needs necessary to provide the requested services (“Processors”). The names of the Processors are listed in a list available upon request at the above contact. The Data will not be disseminated.
The Data are not transferred to non-EU countries or international organizations.
DATA RETENTION
The Data will be processed for the time necessary to execute the contractual relationship. Once completed, the Data will be retained for the time necessary to fulfill legal obligations (for example in tax, accounting, administrative matters) and document the activities carried out. In these cases, the Data will be anonymized or deleted within the terms provided by the aforementioned regulations.
MANDATORY OR OPTIONAL NATURE OF DATA PROVISION
The provision of the Data and its processing are mandatory in relation to the management of contractual aspects, including those related to tax obligations; consequently, any refusal to provide the data for these purposes may result in the inability of the data controller to proceed with the same professional relationships and legal obligations.
RIGHTS OF THE DATA SUBJECTS
The Data Subjects can exercise at any time the rights provided by the Regulation, including:
- request information on: (i) the origin of the Data; (ii) the purposes and methods of processing; (iii) the logic applied in case of use of electronic tools; (iv) the identification details of the Data Controller and Processors.
- obtain: (i) access, updating, rectification, or integration of the Data; (ii) deletion, transformation into anonymous form, or blocking of Data processed in violation of the law; (iii) limitation of Data processing; (iv) a copy of the Data in standard format.
- object, in whole or in part, to processing in the cases provided by Article 21 of the Regulation;
- withdraw, at any time, the consent given and on which the processing is justified, without prejudice to the lawfulness of the processing carried out on the consent given before the withdrawal.
To exercise these rights, the Data Subjects can contact the Data Controller at the email address: privacy@cyberguru.it,
If they believe that the processing of the Data violates the regulations, the Data Subjects may also lodge a complaint with the supervisory authority of the Member State in which they habitually reside or work or of the place where the alleged violation occurred.
The Italian supervisory authority can be reached at the contacts available on its website, www.gpdp.it.
Automatic Translation Notice
This Privacy Notice is drafted in Italian and English. Both versions are considered official and have equal legal value. Any versions in languages other than Italian and English, made available through automatic translation tools (including those integrated into digital platforms), are not considered official versions and have no legal value. Such translations are provided for informational purposes only.