Privacy (GDRP)

Informative ex art. 13 D.lgs. 196/2003 and 2016/679 ("GDPR")

Tosi snc (hereinafter "Tosi") protecting the confidentiality of personal data and guarantees them the necessary protection from every event that can put them at risk of violation.
As provided for by regulation of the European Union n. 2016/679 ("GDPR"), and in particular by its art. 13, hereinafter shall provide to the user ("concerned") information relating to the treatment of his personal data.

SECTION I
The treatment of the personal data of the person concerned is effected by Tosi in the person of its legal representative Antonio Tosi, sits as in header, that as the owner of the treatment contactable at address Info@tosisnc.net collects and/or receives information that relate to the person concerned, such as:
anagrafci data: name, surname, address fsico, nationality, the province and the municipality of residence, telephone fsso and/or mobile, fax, fscale code/p.iva, address/e-mail, copy of the document of identity, Bank details IBAN and data bank/post (with the exception of credit card number)
Tosi does not require the person concerned to provide data so-called "special", i.e., according to what foreseen by the art. 9 of GDPR, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and genetic data, biometric data intended to uniquely identify a natural person, data concerning health or sexual life or sexual orientation of the person.
For any information or request the person concerned can contact the owner at the following addresses Info@tosisnc.net, Phone: 0587.617514

SECTION II
for what purpose we need the data of the person concerned (Art. 13, 1st subparagraph GDPR)
data serve to the holder in order to respond to the request of birth registration and the contract for the supply of the chosen service, manage and perform contact requests forwarded by the interested party, provide assistance, fulfill the obligations of the law and other regulations to which the holder is held as a function of the activity pursued. In no case Tosi resells the personal data of the person concerned to third parties nor uses them for purposes not declared.
In particular the data of the Party will be treated for:
a) the birth registration and contact requests and/or informative material to
the processing of personal data of the person concerned takes place to give way to the preliminary activities and consequent to the request of birth registration, management of requests for information and contact and/or informative material, as well as for the performance of any other obligation arising.
The legal basis of these treatments is the fulfilment of the performance related to the enrollment request, information and contact and/or for the sending of informative material and the respect of law obligations.
(b) the management of the contractual relationship
the treatment of the personal data of the person concerned takes place to give way to the preliminary activities and consequent to the purchase of a service, the management of the relevant order, the delivery of the service itself, the billing and management of payment, the handling of complaints and/or of reports to the service and the delivery of the service itself, the prevention of fraud as well as the fulfilment of any other obligation arising from the contract.
The legal basis of these treatments is the fulfilment of the performance related to the contractual relationship and the respect of law obligations.
c) promotional activities on products/services similar to those purchased by the interested party (Recital 47 GDPR)
the holder of the treatment, even without the express consent of the person concerned, may use the contact data communicated by the person concerned, for the purposes of direct sale of its own services, limited to the case in which it is of services similar to those covered by the sale, unless the person concerned does not object explicitly.
d) trade promotion activities on different services than those purchased from the concerned
the personal data of the person concerned may be treated, prior consent, also for purposes of commercial promotion, for surveys and market research with regard to services offered by the holder and different from those purchased by the person concerned.
Such treatment may occur in an automated manner, with the following modes:
- e-mail;
- sms;
- telephone contact
and can be carried out:
1. if the person concerned has not withdrawn its consent to the use of the data;
2. in the case in which the treatment is conducted by contact with telephone operator, if the person concerned has not entered in the register of the oppositions referred to the D.P.R. n. 178/ 2010; the
legal basis of these treatments is the consent given by the party concerned prior to the treatment itself, which is revocable by the concerned freely and at any time (see Section III).
e) Security informatica
the holder, in line with what is provided for in recital 49 of GDPR treats, also by means of its suppliers (third and/or recipients), the personal data of the person concerned relating to traffic in so far as is strictly necessary and proportionate in order to ensure the security of networks and information, i.e. the ability of a network or an information system to resist, at a given level of safety, to unforeseen events or unlawful acts or malicious actions that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted.
The Holder shall promptly inform the concerned, where there is a particular risk of a breach of their data without prejudice to the obligations arising from the provisions of art. 33 of GDPR concerning notifications of infringement of personal data.
The legal basis of these treatments is the respect of the obligations of the law and the legitimate interests of the holder to carry out treatments related to objective of the protection of company assets and security of the seats and the systems of the Tosi
f) profiling
the personal data of the person concerned may also be treated for fnalità of proflazione (such as analysis of the transmitted data and services selected, propose advertising messages and/or commercial proposals in line with the choices made manifest by the users themselves) exclusively in the case in which the person concerned has given explicit consent and informed. The legal basis of these treatments is the consent given by the party concerned prior to the treatment itself, which is revocable by the Concerned freely and at any time (see Section III).
g) the prevention of fraud (recital 47 and art. 22 GDPR)
- the personal data of the person concerned to the exclusion of those particular (Art 9 GDPR) or judicial proceedings (Art 10 GDPR) will be treated to allow checks with the purpose of monitoring and prevention of fraudulent payments by software systems that carry out a verification in an automated manner and preliminarily to trading services;
- the overcoming of these controls with negative outcome will make it impossible to carry out the transaction; the person concerned may in any case to express its opinion, to obtain an explanation or contesting the decision stating its reasons to contact Info@tosisnc.net;
- Personal data collected for the sole purposes fraud, unlike the data necessary for the proper execution of the required service , will be immediately deleted at the end of the steps of Control.
h) the protection of minors
the services offered by the proprietor are reserved to persons legally able, on the basis of the national legislation of reference, to conclude contractual obligations.
The holder, in order to prevent the illegal access to its services, implementing preventive measures for the protection of the legitimate interest which the control of the tax code and/or other checks, when necessary for specific services, the correctness of the identification data of the identity documents issued by the competent authorities.
Communication to third parties the recipients or categories of recipients (art. 13, 1st subparagraph GDPR)
personal data of the party concerned are communicated to third parties whose activity is necessary for the execution of the contractual relationship established and to respond to certain obligations of law; in specific :
Company Tosi snc: administrative obligations, accounting and related to contractual services,
Third Party Suppliers: Provision of services and the required performance, service, maintenance, supply of additional services related to the provision request
credit institutions and Digital Payment, banking institutions postal /: Management of cash receipts and payments, reimbursements related to the requested performance
professionals/External Consultants and consulting companies: Provision of services and the required performance, law obligations fulfillment, exercise of rights, protection of contractual rights, recovering credit
financial administration, public authorities, competent Judicial Authorities Supervision and control: Provision of services and the required performance, fulfilment of the obligations of law, the defense of the rights; lists and registers kept by public authorities or similar bodies on the basis of specific regulations, in relation to the contractual services
subject formally delegates or having legal title recognized: legal representatives, curators, tutors, etc.
The Holder requires all these subjects and to the responsible of the treatment the respect of safety measures equal to those which he adopted for the treatment of the data of the person concerned; the perimeter of action of the Manager is still restricted to the treatments related to the performance required.
The owner does not transfer personal data of the person concerned in countries in which there is applied the GDPR (extra EU countries) unless specific indications to the contrary for which he will be informed beforehand and if necessary you will be prompted his consent .
The legal basis of these treatments is the fulfilment of the performance related to the established relationship, the respect of the obligations of the law and the legitimate interest of Tosi to perform treatments necessary for these purposes.

SECTION III
What happens if the person concerned does not provide its data indicated as necessary for the execution of the required service? (Art. 13, paragraph 2, lett. And GDPR)
the collection and treatment of personal data is necessary to give effect to the required performance as well as for the provision of the service. If the person concerned does not provide the personal data expressly provided as needed within the order form the Proprietor cannot follow up to the treatments related to the management of the performance required and/or contract and services connected to it, nor to the implementations that depend on them and therefore in substance cannot give the course to the contract nor deliver the performance required.
What happens if the person concerned does not provide your consent to the processing of personal data for trade promotion activities on different services than those purchased ?
In the case where the person concerned does not lend your consent to the processing of personal data for these purposes, said treatment will not be carried out for the purposes thereof, without this involving effects on the provision of the required performance, nor for those for which the person concerned has already given their consent, if required.
In the case in which the person concerned has given the consent and were subsequently revoke it or oppose to treatment for trade promotion activities, your data will not be treated more for these activities, without this involving consequences or harmful effects for the person concerned and for the required performance.
How we treat the data of the person concerned (Art. 32 GDPR)
the holder has the use of appropriate security measures in order to preserve the confidentiality, integrity and availability of personal data of the person concerned and imposes to third party suppliers and Managers similar security measures.
Where we treat the data of the concerned
the personal data of the Party concerned are preserved in the archives, informatics and telematics located in countries in which there is applied the GDPR (EU countries).
For how long are stored the data of the concerned? (Art. 13, paragraph 2, lett. A GDPR)
Unless they explicitly expresses its willingness to remove, the personal data of the Party will be kept up to that will be needed with respect to the legitimate purposes for which they were collected.
In particular, will be retained for the duration of his birth registration and in any case not more than a maximum period of 12 (twelve) months of his inactivity, i.e. if within this period are not associated with the Services by the Registry itself.
In the case of data supplied to the holder for the purposes of commercial promotion for services other than those already acquired by the person concerned, for which initially he has consented, these will be retained for 24 months, except withdrawal of consent given.
In the case of data supplied to the holder for the purposes of profiling, these will be retained for 12 months, except always revocation of consent given.
You should also add that, in the case in which a user forwards in Tosi personal data is not required or is not necessary for the execution of the required service or to the provision of a service to it closely connected Toai, cannot be regarded as the holder of these data, and will see to their cancellation in the shortest possible time.
Apart from the determination of the person concerned to their removal, personal data will be in any case kept according to the terms laid down by the legislation currently in force and/or by national regulations, for the exclusive purpose of ensuring the specific obligations, own of some services (but not limited to, Certified Mail, replacement conservation - in this respect see the relevant section).
Also, the personal data will be in any case kept for the fulfilment of obligations (e.g. tax and accounting) that persist even after the cessation of the contract (Art. 2220 c.c.); for such purposes the Proprietor will only retain the data necessary to its pursuit.
Are without prejudice to the cases in which you had to assert in the judgment the rights arising from the contract and/or from the birth registration, in which case the personal data of the person concerned, only those needed for such purposes, will be processed for the time necessary for their achievement.
What are the rights of the person concerned? (Arts. 15 - 20 GDPR)
the person concerned has the right to obtain from the holder of the treatment as follows: (
a) confirmation as to whether or not an ongoing treatment of personal data that concern him and in this case, to obtain access to personal data and with the following information:
1. The purpose of the treatment;
2. categories of personal data in question;
3. The recipients or categories of recipients to whom the personal data have been or will be
communicated, in particular if the recipients of third countries or international organizations;
4. When possible, the period of storage of personal data provided or, if this is not
possible, the criteria used to determine this period;
5. the existence of the right of the person concerned to ask the holder The treatment of the correction or
deletion of personal data or the limitation of the treatment of personal data that
concern him or to oppose their processing;
6. the right to lodge a complaint to a supervisory authority;
7. where the data are not collected from the data subject, all available information about
their origin;
8. the existence of a decision-making process automated, including profiling, and, at least
in these cases, significant information on the logic used, as well as the importance and the expected effects of this treatment for the person concerned.
9. adequate guarantees that provides the third country (non-EU) or an international organization
for the protection of any data transferred
b) the right to obtain a copy of the personal data treatment object, provided that this right will not infringe the rights and freedoms of others; In the case of further copies requested by the party concerned, the holder of the treatment may charge a reasonable fee based on administrative costs.
c) the right to obtain from the holder of the treatment the rectification of personal data incorrect which concern him without undue delay;
d) the right to obtain from the holder of the treatment the deletion of personal data that concern him without undue delay, if the reasons provided by the GDPR at art. 17, among which, for example, in the case in which they are no longer needed for the purpose of treatment or if this is assumed as the wrongful and always if they meet the conditions laid down by law; and in any case if the treatment is not justified by another reason equally legitimate;
e) the right to obtain from the holder of the treatment The treatment limitation, in the cases provided for by art. 18 of GDPR, for example where tu ne has challenged the accuracy for the period necessary to the holder for accuracy. The person concerned must be informed in a reasonable timeframe, even when the period of suspension is accomplished or because of the limitation of the treatment has failed, and therefore limiting same revoked;
f) the right to obtain communication by the holder of the recipients which were transmitted requests for any corrections or deletions or limitations of treatment carried out, unless this proves impossible or involves a disproportionate effort.
g) the right to receive in a structured format, of common use and readable by automatic device personal data that concern him and the right to transmit such data to another holder of the treatment without hindrance from the part of the holder of the treatment which it has supplied in cases Foreseen by the art. 20 of GDPR, and the right to obtain the direct transmission of personal data by a holder of the treatment to another, if technically feasible.
For any further information and anyway to send your request you must go to the holder at the address Info@tosisnc.net. In order to ensure that the rights mentioned above are exercised by the person concerned and not by unauthorized third parties, the Proprietor may request the same to provide any additional information necessary for the purpose.
As and when the party concerned can oppose the handling of your personal data? (Art. 21 GDPR)
for reasons relating to the particular situation of the person concerned, the same can oppose in any moment to the processing of personal data if it is based on the legitimate interest or if it happens for trade promotion activities, by sending the request to the data controller at address Info@tosisnc.net
the interested party has the right to cancellation of personal data if there is a legitimate reason prevalent of the holder relative to that which gave rise to the request, and in any case in which the person concerned is opposed to the treatment for trade promotion activities.
Who can lodge a complaint the concerned? (Art. 15 GDPR)
Without prejudice to any other action in administrative or judicial, the person concerned may submit a complaint to the competent control authority on Italian territory (Authority for the protection of personal data) i.e. that performs his duties and shall exercise its powers in the Member State where it was the violation of GDPR.
Each update of this information will be communicated in due time and by suitable means and also will be notified if the owner to conduct a treatment of data of the person concerned for purposes other than those referred to in this Privacy Statement before you do so and as a result of the manifestation of the relevant consent of the person concerned if necessary.


Iscr. n. 8631 Reg. Soc. tribe. of Pisa - C.C.I.A.A. n. 86119 Pisa - C.F. e P.IVA 00875120503