Notice on the Processing of Your Personal Data
Art. 13 GDPR – General Data Protection Regulation – EU/2016/679
Dear Client,
We inform you that, for the establishment and execution of the contractual relationship currently in place with you, our company holds your data, acquired verbally, directly or through third parties, some of which may be classified as personal data under EU GDPR 679/2016. In compliance with this Regulation, we kindly invite you to carefully read the following notice.
Nature of the data processed: We process your personal, fiscal, and financial data, necessary for the execution of current or future contractual relationships.
Purpose of the processing and data retention period: Your data are processed for the entire duration of the contractual relationship and, if necessary, subsequently, based on contractual requirements or in compliance with legal and tax obligations, for the effective management of financial and business relationships. The data will be stored in accordance with applicable regulations.
Processing methods: Data processing is carried out using tools and procedures designed to ensure security and confidentiality and may be performed both on paper and with the aid of automated IT systems, suitable for storing, managing, and transmitting the data.
Obligation or option to provide data: Regarding the data we are obliged to collect, failure on your part to provide such data will make it impossible to establish or continue the contractual relationship, to the extent that such data are necessary for its execution.
Access to your data: The following categories of individuals may have access to your data: the Data Controller, the Data Processor, and authorized persons appointed in writing by our company, partners, accounting and billing staff, commercial staff, our consultants acting as external processors within the limits necessary to perform their duties within our organization (subject to our appointment letter and/or contract imposing confidentiality and security obligations), as well as parties who need access to your data for legal advice, for purposes auxiliary to the contractual relationship between you and us, such as the execution of current contracts, strictly within the limits required to perform the tasks assigned to them.
Communication and disclosure: Your data will not be disclosed to unspecified parties; however, they may be communicated, for reasons of competence, to public bodies and, more generally, to any public or private entity where we are under obligation (or have the right under national, EU, or secondary legislation) or necessity to communicate such data.
Your rights: Articles 15 to 22 of EU GDPR 679/2016 grant you specific rights. In particular, you may obtain confirmation of whether personal data concerning you exist, request their deletion, anonymization, or blocking if processed unlawfully, as well as their updating, rectification, or, where relevant to your interest, their integration or provision in an interoperable format. You may also object, for legitimate reasons, to the processing itself and may lodge a complaint with the competent authority.
Furthermore, in the event of a personal data breach, such breach will be notified to the supervisory authority within the terms provided under Art. 33 of EU GDPR 679/2016. Where such breach is likely to result in a high risk to the rights and freedoms of the data subject, it will also be notified to you under the conditions and within the terms provided under Art. 34 of EU GDPR 679/2016.
Your data will, in any case, be deleted from our databases after 10 years of non-use. “Use” is understood as for purposes connected with our relationship with you and/or for legal purposes.
We kindly ask you to promptly notify SPOTLIGHT of any changes to your personal data.
Data Controller: Spotlight s.c.
Data Processor: The Legal Representative