MACROFARM SRL

INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to Articles 13-14 of the EU Regulation 2016/679

Pursuant to Article 13 of the EU Regulation 2016/679, hereinafter referred to as GDPR (General Data Protection Regulation), we inform you of the following:

Data Controller:

Macrofarm srl
Via P.Bucci snc Rende (CS) ZIP 87036
c/o Department of Pharmacy and SSN UNICAL
Contact details: info@macrofarmsrl.com

Purpose of Processing

The personal data you provide will be processed exclusively for the following purposes:

  1. Conclusion and execution of the contract/professional assignment received and all related activities, such as, by way of example, invoicing, credit protection, administrative, managerial, organizational, and functional services for the execution of the assignment.
  2. Commercial contacts and newsletters.
  3. Fulfillment of the obligations provided for by law, regulations, applicable legislation, and other provisions issued by authorities empowered by law and supervisory and control bodies.

Mandatory or Optional Nature of Providing Data and Consequences of Refusal to Provide Personal Data

The data requested for the purposes referred to in the preceding letters a) and b) must be provided to fulfill legal obligations and/or for the conclusion and execution of the contractual relationship and the provision of the requested services. Therefore, your refusal, even partial, to provide such data would make it impossible for the Provider to establish and manage the relationship and provide the requested service.

Data Processing Methods

The processing of personal data is carried out using the operations indicated in Art. 4 of the Privacy Code and Art. 4 No. 2) GDPR, for the above purposes, both on paper and electronically, by means of electronic or automated tools, in compliance with current regulations, in particular regarding confidentiality and security, and in accordance with the principles of fairness, lawfulness, transparency, and protection of the rights of the Client.

The processing is carried out directly by the Data Controller’s organization, its managers, and/or appointees.

Communication and Dissemination

Your personal data may be communicated, within the limits strictly relevant to the obligations, tasks, and purposes mentioned above, and in compliance with the applicable regulations, to the following categories of subjects:

  1. Subjects to whom such communication must be made to fulfill or demand compliance with specific obligations provided by laws, regulations, and/or EU legislation;
  2. Companies belonging to the Data Controller’s Group or controlling, controlled, or affiliated companies pursuant to Art. 2359 of the Civil Code, which act as data processors or for administrative and accounting purposes (purposes related to the performance of internal organizational, administrative, financial, and accounting activities, in particular, functional to the fulfillment of contractual and pre-contractual obligations);
  3. External natural and/or legal persons who provide instrumental services to the Data Controller’s activities for the purposes referred to in the previous point 1 (e.g., suppliers, consultants, companies, entities, professional firms). These subjects will operate as data processors. Personal data will not be disseminated in any way.

Period of Retention of Personal Data

Personal data will be retained for the entire duration expressed by the contract concluded with the Data Controller, after which the data will be retained for the completion of the terms provided for by law for the retention of administrative documents, after which they will be deleted.

Transfer of Data

Personal data is stored on servers located within the European Union. It is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EEA. In such a case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

Rights of the Data Subject

As a data subject, you have the rights provided for by the GDPR and, specifically, the rights to:

  1. Obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
  2. Obtain the indication of: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic tools; d) the identification details of the Data Controller, the managers, and the designated representative pursuant to Art. 3, Paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as a designated representative in the State’s territory, managers, or appointees;
  3. Obtain: a) the updating, rectification, or, when interested, the integration of data; b) the deletion, anonymization, or blocking of data processed in violation of the law, including those for which conservation is not necessary for relation to the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also concerning their content, of those to whom the data have been communicated, except in cases where such compliance is impossible or involves a manifestly disproportionate use of means concerning the protected right;
  4. Oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for sending advertising material or direct sales or for conducting market research or commercial communication, by the use of automated call systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the data subject’s right to object, set out in the previous point b), for direct marketing purposes using automated methods, extends to traditional ones and that, in any case, the possibility for the data subject to exercise the right to object even only in part remains unaffected. Therefore, the data subject can decide to receive only communications through traditional methods or only automated communications or neither of the two types of communication. Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right to Rectification, Right to Be Forgotten, Right to Restriction of Processing, Right to Data Portability, Right to Object), as well as the right to lodge a complaint with the Supervisory Authority. For the exercise of the rights mentioned above or for questions or information regarding the processing of your data and the security measures adopted, you can send a request to our company at the following address: info@macrofarmsrl.com.