REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
In accordance to article 13 of the Italian Legislative Decree 196/2003 (hereinafter indicated as “Privacy Code”) and art. 13 of the European Regulation 2016/679 (hereinafter indicated as “GDPR”), we inform you that we are going to process your personal data in accordance to the above mentioned regulations in full respect of correctness, lawfulness and transparency fully complying your rights of privacy.
- Identification details of the Data Controller (and any other subjects)
The Data Controller is C2 Construction & Consultant GmbH located in Hohe Bleichen 8 - 20354 Hamburg - Germany
We process your personal and fiscal data, as well as the economic data that are necessary for the performance of existing or future contractual relationships with your company.
We could obtain personal identifying data from your personnel.
- Processing purposes
All collected data will be used by C2 Construction & Consultant GmbH for following purposes:
- Execution of the contract;
- Fullfillment of the obligations related to the contractual relationship
- Management of the contract, for instance relationships with agents, representatives, customers and/or contractors
- Professional external cooperations for the fulfillment of legal obligations
- Protection of contractual rights
- Treatment methods
The processing of your personal data is regulating by the operations indicated in art. 4 of the Privacy Code and art. 2 of the GDPR: collecting, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The personal data will be processed in paper, electronic and telematic form, by suitable instruments to guarantee security and privacy, and entered in the relevant databases which can be accessed by specific trained personnel.
The personal data processing you provided can be performed, by our company, with the above mentioned modalities and with the same security and privacy standards, from companies, institutions or consortia that provide us specific elaborated services, as well as bodies (public or private) that perform complementary activities to ours, necessary for the performance of operations or services you requested or you are going to request in the future.
- Data retention period
The personal data will be stored for 20 years form the last contractual relation, afterwards they will be deleted and/or destroyed. The legal data will be stored according to law.
- Data communication and distribution
All personal data and information you provide will not be disclosed to any third party. We can communicate your data, intended as giving them to one or more determined subjects, to:
- Subjects who can access the data by legislative provisions, regulation or Community legislation, within the limits set by those rules (Legal Authorities);
- Subjects who need to access your data for auxiliary purposes, linked to our contract, within strictly necessary limits to perform auxiliary duties;
- Our consultants subjects, within the necessary limits to perform their assignment in our enterprise, previous our assignement letter requiring the duty of security and privacy (insurance company for the provision of insurance services).
- Scope of data access
Your data can be made accessible to (according to the Article 3):
- Controller’s formed employees and assistants and/or system administrators;
- third parties (indicatively and not exhaustively, credit institutions, professional firms, consultants, insurance companies for the provison of insurance services, etc.) that will perform outsourcing activities on the behalf of the controller.
- Rights referret to Article 7 of the Legistlative Decree No 196/2003 and to Articles 15, 16, 17, 18, 20, 21 and 22 of the European Union Regulation 2016/679
We inform you that, as data subject, you have the right to complain to the supervisory authority the rights listed below, and you can assert them by submitting the request to the Controller and/or to the Processor, as referred to in point 1.
Article 15- Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the processing information.
Article 16 - Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Article 17 - Right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.
Article 18 Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Article 20 - Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Article 21 - Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
Article 22 Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
8 Procedure for the exercise of any right
You may exercise your rights anytime by sending an e-mail to us >
9 Withdrawing of the consent to processing
Please note that, according to the Article 7 of the European Union Regulation, you have the right to withdraw, on paper, your consent to processing your personal data.
The processing Controller
C2 Construction & Consultant GmbH