Contact form information

Dear Data Subject,

SYSTEMCORE SRL, in its capacity as Data Controller pursuant to Article 13 of the European Regulation No. 679/2016 “General Data Protection Regulation (GDPR)” (hereinafter the EU Regulation), which contains provisions regarding the processing of personal data, intends to inform you about the processing of your personal data.

The regulation stipulates that anyone who processes personal data is obliged to inform the data subject regarding the data processed and the elements qualifying the processing, which must in any case be carried out in a lawful, fair, and transparent manner, as well as protect confidentiality and guarantee the rights of the data subject.

It is specified that by processing of data is meant any operation or set of operations concerning the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, and destruction of the data themselves.

1. Data Controller

The Data Controller is SYSTEMCORE SRL, with registered office in Viale Industria, 5 – 20010 Boffalora Sopra Ticino (MI) Tax Code and VAT No. 11346820159, contactable at the following addresses: phone +39 02 9754558, e-mail: info@systemcore.it

2. Nature of Processed Data, Purpose and Legal Basis of Processing

Nature of processed data. In relation to the purposes of processing set out below, it is informed that only “common personal data” will be processed, such as, for example:

• company identification data (name, surname, email, etc.);

Purpose of processing. Your personal data will be processed for the following purposes:

1. respond to your requests: by voluntarily filling out the specific form found in this contact area;
2. fulfill legal obligations;

Legal basis of processing. Personal data, for the purposes referred to in points 2A and 2B, will be lawfully processed to fulfill pre-contractual and contractual obligations between us and the user (Art. 6(1)(b)), to fulfill our legal obligations (Art. 6(1)(c)).

The consent you have given may be revoked at any time, without affecting the lawfulness of processing based on consent before its withdrawal (Art.7 para.3 EU Regulation)

3. Data Recipients and Processing Methods Existence of automated decision-making, including profiling

The processing of your personal data will be guided by the principles of fairness, lawfulness, and transparency and may be carried out using paper and electronic tools by both the staff of the undersigned company, authorized/entrusted with the processing of personal data, and by external subjects called to carry out specific assignments, on behalf of the Data Controller, in the capacity of Data Processors, pursuant to Art. 28 of the EU Regulation, following our letter of assignment which imposes on them the duty of confidentiality and security of personal data processing, and the adoption of suitable security measures to prevent data loss, unlawful and incorrect uses, and unauthorized access, in compliance with current provisions on personal data protection.

For brevity, the detailed list of such figures is available at the Data Controller's office and is at your disposal.

Your personal data will not be disseminated and will not be transferred to third countries or international organizations, nor will they be communicated to third parties except for legal or contractual obligations.

With reference to what is provided by Art. 13 of the EU Regulation at para. 2 lit. f) and Art. 14 of the EU Regulation at para. 2 lit. g), it is hereby informed that the Data Controller, at present, does not use any automated decision-making system or process.

4. Data retention periods

Your personal data will be kept for a period not exceeding the achievement of the purposes for which they are processed, in compliance with the principle of limitation of storage provided by the EU Regulation and/or for the time necessary for legal and contractual obligations or until the specific consent of the data subject is revoked, and therefore

• with reference to the purposes indicated in points 2A-2B, the data will be kept for the time not exceeding the achievement of the purposes for which they are processed and/or for the time strictly necessary for the fulfillment of legal and contractual obligations;

To guarantee the declared retention periods, it is provided that a periodic verification is carried out on an annual basis on the processed data and on the possibility of being able to delete them if no longer necessary for the intended purposes.

5. Access to data (categories of recipients to whom data may be communicated)

We also inform you that the data collected will never be disseminated and will not be subject to communication without your explicit consent, except for necessary communications that may involve the transfer of data to public bodies, consultants, or other subjects for the fulfillment of tax and legal obligations or for the fulfillment of purposes (where authorized), subject to our letter of appointment imposing on them the duty of confidentiality and security of personal data processing.

With reference to Article 13, paragraph 1, letter e) of the EU Regulation, we proceed to indicate the subjects or categories of subjects (duly identified and instructed) who may come to know the user's personal data in their capacity as data processors or data subjects, and we provide below a specific list by category:

• Partners, employees, collaborators, and suppliers of the Data Controller in Italy and abroad, in their capacity as authorized data subjects and/or data processors (e.g., offices: commercial, technical, administrative, legal, press; system administrators, external professionals, various service providers, etc.)
• Partner companies and/or directly linked to the undersigned, as their activities are essential for the completion/execution of what is requested by you.

Your personal data may also be communicated to external subjects who are recipients of the practices concerning you, in the performance of activities, and to external subjects who interact with the undersigned, always and exclusively for activities functional to the purposes described above, external subjects called to perform specific tasks, on behalf of the Data Controller, in the capacity of Data Processors, pursuant to Article 28 of the EU Regulation.

For brevity, the detailed list of such figures is available at our headquarters and is at your disposal.

6. and 7. Communication and transfer of data

Without the need for explicit consent (Article 6, paragraph 1, letters b), c) and f) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in points 2A to 2B to supervisory bodies, judicial authorities, as well as to those subjects to whom communication is mandatory by law for the fulfillment of the purposes indicated above.

Such subjects will process the data in their capacity as autonomous data controllers.

Personal data is stored on devices located at the premises of the Data Controller or at providers, within the European Union.

Your data will not be disclosed.

To ensure the security of such transfers, we only use subjects who offer the necessary guarantees to implement adequate technical and organizational measures so that the processing carried out complies with EU Regulation 679/2016.

Both for data present on their own devices and for any data present at providers, the Data Controller has implemented adequate technical and organizational measures to ensure a suitable level of security, in full compliance with the indications in the EU Regulation.

8. Consequences of failure to communicate data

The personal data referred to in points 2A-2B of this notice are necessary; without such data, it would be impossible to proceed and fulfill contractual and legal obligations.

9. Rights of the data subject

In your capacity as data subject, you have the rights set out in Articles 15 to 22 of the EU Regulation below and specifically have the right to:

• obtain confirmation of the existence and processing of personal data concerning you and, in such case, obtain access to your data (so-called right of access);
• obtain information regarding the purposes of the processing, the categories of data in question, the recipients or categories of recipients to whom the data have been or will be communicated, in particular if recipients of third countries or international organizations, the envisaged period of data retention or the criteria used to determine such period; and if the data are not collected from the data subject, obtain all available information on their origin;
• obtain the rectification of data concerning them (so-called right to rectification)
• obtain the erasure of data concerning them (so-called right to be forgotten);
• obtain the restriction of processing (so-called right to restriction of processing);
• obtain data portability, i.e. to receive them from a data controller in a structured, commonly used and machine-readable format and transmit them to another data controller without hindrance (so-called right to data portability);
• object to processing at any time (so-called right to object). Specifically, as required by Article 21 of the EU Regulation, if personal data are processed for direct marketing purposes (including profiling), the data subject has the right to object at any time to the processing of personal data concerning them carried out for such purposes and if the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes;
• be informed (with the possibility to object) of the existence of automated decision-making concerning individuals, including profiling;
• withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
• lodge a complaint with a supervisory authority (Data Protection Authority).

It is specified that there may be conditions or limitations to the rights of the data subject. Therefore, it is not certain that, for example, one has the right to data portability in all cases; this depends on the specific circumstances of the processing activity.

Another example: if you decide to object to the processing of data, the Data Controller has the right to evaluate your request, which may not be accepted in the event of the existence of compelling legitimate grounds for processing which override your interests, rights and freedoms.

10. Exercise of Rights Modality

Without any formalities, You may at any time exercise Your rights in a clear and explicit manner by sending:

– a registered letter with acknowledgment of receipt to the undersigned;

– an e-mail to the address info@systemcore.it

Or by directly contacting the Data Controller at the number: +39 02 9754558.

11. Minors

What is offered by the Data Controller and the subject of the relationship with You in force does not provide for the intentional acquisition of personal information relating to minors. In the event that information on minors is inadvertently recorded, the Data Controller will delete it promptly, upon request or report from the data subject.

12. Appointees/Authorized Persons – Data Processors

Below we provide you with some information that is necessary to bring to your knowledge, not only to comply with legal obligations, but also because transparency and correctness towards the Data Subjects is a fundamental part of our activity.

Appointees/Authorized Persons. The updated list of appointees/authorized persons for processing is kept at the data controller's office.

Data processors.

For brevity, the detailed list of such figures is available at our headquarters.