Information on data processing pursuant to EU Regulation 2016/679 – GDPR


Data Controller

We inform you that, pursuant to art. 13 of EU 2016/679 Regulation (hereafter, “Regulations” or “GDPR“) and other Italian data protection laws, your personal data and /or the data of the corporate body you represent and/or the data of third persons are processed by the company APIT SRL (hereafter “Controller”), Via D. Scarlatti 30, Milan 20124, which can be contacted at the following email address:

Purpose, legal basis and optional nature of the processing

Your personal data will be processed for the following purposes:

a) carrying out our professional activity on your behalf, with particular regard to services concerning the managing and handling of administrative practices, assistance in the retrieval of certificates and documents, both public and private, legalisation and translation, administrative and company consultancy;

b) complying with law provisions.

The legal basis of processing for the purposes a) and b) are respectively articles 6.1.b) and 6.1.c) of the Regulations. The provision of your personal data for the purposes a) and b) above is optional, but failing to do so will not make it possible to execute the services.

Your personal data will also be processed with your specific consent, for the following purposes:

c) sending of promotional and information communications concerning our services.

The legal basis of processing for the purpose c) is art. 6.1.a) of the Regulations.

The provision of your personal data for the purposes referred to in letter c) above is optional; there is no consequence in case of your refusal.

Recipients and transfer of personal data

Your data may be shared with:

– natural persons authorised by the Data Controller to process personal data pursuant to art. 29 GDPR for the performance of their job duties (eg employees and system administrators of the owner or affiliate companies, etc.);

– service providers (such as consultants, credit institutes, legal services, credit recovery companies, insurance services, etc.) who typically act as data controllers pursuant to art. 28 of the Regulations;

– subjects, bodies or authorities, independent data controllers, to whom it is mandatory to communicate your personal data in accordance with the provisions of law or orders of the authorities;

– third persons or agencies in charge of carrying out activities that are connected or consequent to provide the services requested, in Italy or abroad, within the European Union or outside the EU, and, in general, to all those public or private entities for whom the communication is necessary for the correct fulfilment of the purposes for which the service was requested and for the same purposes referred to in the previous section

The complete and updated list of recipients of data may be requested from the Data Controller, at the addresses indicated above.

Conservation of personal data

Your Personal Data will be kept only for the time necessary for the purposes for which they are collected, respecting the principle of minimisation referred to in article 5, paragraph 1, letter c) of the GDPR and taking into account the type of service provided. In any case, storage for marketing purposes will not exceed 24 months. In any case, this excludes the further conservation envisaged by the applicable legislation, including that provided for by art. 2946 of the Italian Civil Code. Further information is available from the Controller.

Data processing methods

In relation to the aforementioned purposes, the processing of personal data takes place using manual, computerised and telematic tools with logic strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the data, in addition to compliance with specific obligations sanctioned by the law.

Your privacy rights

You have the right to access your data at any time, pursuant to art. 7 of the Privacy Code and articles 15-22 GDPR.In particular, you may request access (Article 15 of the Regulations), correction (Article 16 of the Regulations), deletion (Article 17 of the Regulations), limitation of processing of the data in the cases provided for by art.18 of the Regulations, to obtain the portability of data concerning you in the cases provided for by art.20 of the Regulations, as well as making a complaint to the competent supervisory authority (Guarantor for the Protection of Personal Data).You also have the right to withdraw your consent at any time, pursuant to Article 7 of the Regulations; it is specified that the withdrawal of consent does not prejudice in any case the lawfulness of the treatment based on the consent prior to the revocation.

You can make a request for opposition to the processing of your data pursuant to art. 21 of the Regulations in which to give evidence of the reasons justifying the opposition: the Data Controller reserves the right to evaluate your request, which would not be accepted if there are legitimate reasons to proceed with the processing that prevail over your interests, rights and freedoms. Requests must be sent in writing to the Data Controller.

This privacy policy has been updated on May 25, 2018.

Our team of professionals is at your complete disposal via telephone, email and skype.