NOTICE EX ARTT. 13 – 14 REG. UE N. 679/2016
FOR THE PROCESSING OF CUSTOMERS’ PERSONAL DATA

AESSE PROJECTS s.r.l., in the person of its legal representative pro tempore, as DATA CONTROLLER, informs you pursuant to articles. 13 and 14 of EU Regulation no. 2016/679 (hereinafter “GDPR”) that the data you provide will be processed in the following ways and for the following purposes:

1. Object of the treatment
   The Controller, for the establishment and management of contractual relationships, deals with:
   1. any data of natural persons who operate on behalf of the legal entity that assigned the task (e.g. data contained in the emails of employees and administrators). Non-particular personal, identification, contact and tax data are processed (for example: name, surname, company name, address, telephone, e-mail, etc.).
2. Purpose of processing and legal basis
   The personal data of natural persons operating in the name and on behalf of legal entity clients are processed:
   1. Without express consent (art. 6 GDPR) for the following purposes:
      • Conclude contracts for the Data Controller’s services;
      • Fulfill pre-contractual, contractual and tax obligations deriving from existing relationships with you.
3. Nature of the provision of data and consequences of failure to provide it
   The provision of data for the purposes referred to in point 2.a) is mandatory and does not require consent. In the absence of such data we will not be able to provide our services.
4. Data access
   The data may be made accessible for the purposes referred to in point 2:
   • To the employees and collaborators of the Data Controller in their capacity as data processors and/or system administrators;
   • To third-party companies or other subjects (for example: professional firms, consultants, software houses that provide management software, credit institutions, insurance companies, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data controllers;
5. Data communication
   The Data Controller may communicate your data to the Public Administration, Supervisory Bodies and/or Judicial Authorities as well as to all other subjects to whom communication is mandatory or necessary by law. Your information will not be disseminated.
6. Data transfer
   We inform you that we generally try to avoid data transfers outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to transfer the data to non-EU countries. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses envisaged by the Commission. European and/or binding corporate rules.
7. Data retention
   All personal data provided will be processed in compliance with the principles of lawfulness, correctness, relevance and proportionality, only with the methods, including IT and telematics, strictly necessary to pursue the purposes described above.
   The personal data processed for the purposes referred to in point 2.a) will be kept for 10 (ten) years from the date of the last registration (also in compliance with the provisions of art. 2220 of the civil code). It should be noted that the information systems used to manage the information collected are configured, from the outset, in such a way as to minimize the use of personal data.
8. Rights of the interested party
   Pursuant to articles 15 to 22 of EU Regulation no. 679/2016, the interested party is given the possibility to exercise specific rights. In particular, the interested party has the right to: a) obtain confirmation of the existence of processing of personal data concerning him and, in this case, access to such data; b) obtain the rectification of inaccurate personal data and the integration of incomplete personal data; c) obtain the deletion of personal data concerning him, in cases where this is permitted by the Regulation; d) the limitation of processing, in the cases provided for by the Regulation; e) obtain communication, to the recipients to whom the personal data have been transmitted, of requests for rectification/deletion of personal data and limitation of processing received by the interested party, unless this proves impossible or involves a disproportionate effort; f) receive, in a structured format, commonly used and readable by an automatic device, personal data provided to the Data Controller, as well as the transmission of the same to another data controller, and this at any time, even upon termination of any relationships maintained with the Data Controller; g) object at any time, for reasons related to your particular situation, to the processing of personal data concerning you pursuant to Article 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him/her carried out for such purposes, including profiling to the extent that it is connected to such direct marketing; h) not be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which similarly significantly affects him.
9. Methods of exercising rights
   You may exercise your rights at any time by contacting the Data Controller at the following e-mail address: privacy@aeeseprojects.com
10. External processors and authorized individuals
    The updated list of external data processors and authorized individuals is kept at the registered office of the Data Controller.
11. Right to lodge a complaint with the guarantor authority
    If you believe that the processing violates your rights in some way, you can lodge a complaint with the Guarantor Authority for the protection of personal data, as required by art. 77 of the GDPR, checking the methods on the website www.garanteprivacy.it.