POWERGLAX s.r.l.,
Località Maso Ariòl, 8
38070 Covelo TN,
P.IVA IT 02410000224

POWERGLAX SRL, registered office Località Maso Ariòl 8, 38070 Covelo TN, Italy, VAT number IT 02410000224 (hereinafter “data controller”), pursuant to Article 13 of Legislative Decree 30.6.2003 n. 196 (hereinafter “Privacy Code”) and to Article 13 of Regulation (EU) 2016/679 (hereinafter “GDPR”) informs you that your data will be processed in the following manner and for the following purposes:

1. What data are processed

The data controller processes personal identification data (e.g., name, surname, business name, address, telephone number, email address, bank details, payment details – hereinafter “personal data” or “data”) provided by you upon conclusion of a contract for the data controller’s services.

2. Why data are processed

Your personal data may be processed without your express consent (Article 24(1)(a), (b) and (c) Privacy Code and Article 6(1)(b) and (e) GDPR), for the following purposes:

– to conclude contracts for the services of the data controller;
– to fulfil pre-contractual, contractual and tax obligations deriving from any existing relationship with you;
– to fulfil obligations established by law, regulation, EU legislation or by order of the Authorities (such as with regard to anti-money laundering);
– to exercise the rights of the data controller, for example the right to defend itself in legal proceedings.

3. Processing methods

The processing of your personal data involves the processes highlighted in Article 4 Privacy Code and Article 4(2) GDPR, specifically: the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Your personal data are subject to both paper and electronic processing which may be automated.

The data controller will process personal data for the time necessary to complete the purposes stated above and in any case for no more than 10 years from the termination of the relationship of service provision.

4. Access to data

For the purposes referred to in section 2 above, your data may be made accessible:
– to employees and collaborators of the data controller in their capacity as persons in charge of processing and/or data processors and/or system administrators;
– to third-party companies or other subjects (for example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the data controller, in their capacity as external data processors.

5. Communication of data

Without the need for express consent (pursuant to Article 24(1)(a), (b) and (d) Privacy Code and Article 6(1)(b) and (c) GDPR), the data controller may communicate your data for the purposes referred to in section 2 to supervisory bodies (such as IVASS – Institute for the Supervision of Insurance), judicial authorities, insurance companies for the provision of insurance services, as well as to those to whom disclosure is required by law for the fulfilment of said purposes. Said subjects will process the data in their capacity as independent data controllers. Your data will not be disseminated.

6. Security

Data are stored securely with appropriate preventive security measures in place to minimise the risk of loss or destruction, unauthorized access, unauthorized processing or processing other than for the stipulated purposes.

7. Data transfer

The management and storage of personal data will take place within the European Union.

8. Rights of the data subject

As the data subject, and pursuant to Article 15 GDPR, you shall have the right to:

i. obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data in an intelligible form;
ii. obtain details regarding: a) the source of the personal data; b) the purposes and methods of processing; c) the logic applied to the processing if carried out using electronic means; d) the identity of the data controller, data processors and designated representative pursuant to Article 5(2) of the Privacy Code and Article 3(1) GDPR; e) the entities or categories of entity to whom or which the personal data may be communicated or who may have access to said data as designated representative within the state, data processors or persons in charge of processing;
iii. obtain a) the updating, rectification or integration of data; b) the erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
iv. object, in whole or in part, on legitimate grounds, to the processing of personal data concerning you, even though they are relevant to the purpose of the collection. Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right to rectification, Right to erasure (‘right to be forgotten’, Right to restriction of processing, Right to data portability, Right to object), as well as the right to lodge a complaint with the Supervisory Authority.

9. How to exercise your rights

You can exercise your rights at any time by sending notification:

1. by email to: info@powerglax.eu
2. by recorded delivery to: POWERGLAX SRL, Località Maso Ariòl 8, 38070 Covelo TN

10. Data Controller, Data Processor, and persons in charge of processing

The Data Controller is Paolo Decarli.

The updated list of Data Processors and persons in charge of processing is kept and can be consulted at the offices of the Data Controller.