Information on the protection of natural persons with regard to the processing of personal data on the Web channel (General Data Protection Regulation (EU) 2016/679, Art. 13)
We inform you that the Ministry of Foreign Affairs and International Cooperation, with registered office in Piazzale della Farnesina 1 – 00135 Rome, (hereinafter, “Data Controller”), in its capacity as Data Controller, informs you pursuant to Articles 13 and 14 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the manner and for the purposes set out below.
- Object of the Processing
The Data Controller processes personal and identification data, such as: name, surname, company name, address, telephone, e-mail, spaces (hereinafter, “personal data”), when communicated by you, for the performance of services related to the activity of the Data Controller.
- Purpose of the processing
Your personal data that you provide through this website may be used A) Without your express consent (art. 6 lett. b), e) of the GDPR) for the following purposes: to conclude any contracts for services that you wish to sign with the Data Controller; to fulfil pre-contractual, contractual and tax obligations arising from any existing relationship with you; to comply with any obligations provided for by law, by a regulation, by EU legislation or by an order of the Authority (such as anti-money laundering); to allow the Data Controller to exercise its rights, such as the right of defence in court. B) Only with your specific and separate consent (art. 7 GDPR), in order to activate services on the basis of your specific personal needs that you want to communicate.
- Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR and precisely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data may be processed both on paper and electronically, but not by automated means. The Data Controller will process the personal data for the time necessary to fulfil the above purposes, and in any case for no more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of the data for the Marketing Purposes.
- Access to data
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B): A) Only to employees, collaborators and companies of the Data Controller, in Italy and abroad, in their capacity as persons in charge and/or Data Processors and/or system administrators.
- Disclosure of data
Without the need for express consent (art. 6 letters b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law, in order to carry out the aforementioned purposes. These subjects will process the data in their capacity as Independent Data Controllers. Your data will not be disseminated in any other way.
- Data Transfer
Personal data is stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will only take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.
- Nature of the provision of data and consequences of refusal to respond
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we will not be able to guarantee you the services of art. 2.A). The provision of data for the purposes referred to in art. 2.B) is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to continue to use the services offered by the Data Controller. In any case, you will continue to be entitled to the services referred to in art. 2.A).
- Rights of the data subject
As an interested party, you have the rights referred to in art. 15 GDPR and specifically the rights to: obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form; Get the indication:
a) the origin of the personal data;
b) the purposes and methods of the processing;
c) the logic applied in the case of processing carried out with the aid of electronic tools;
d) the identification details of the Data Controller, the Data Processors and the Designated Representative pursuant to art. 3, para. 1, GDPR;
e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or persons in charge of the processing; get:
a) the updating, rectification or, when interested, the integration of the data;
b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfilment proves impossible or involves the use of means manifestly disproportionate to the right protected; object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection, upon termination of any relationship with the Data Controller;
Where applicable, you also have the rights referred to in art. 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Data Protection Authority.
- How to exercise your rights
You may exercise your rights at any time by sending: a registered letter with acknowledgement of receipt to the address of the Data Controller; by contacting the Data Protection Officer (DPO) of the Ministry of Foreign Affairs and International Cooperation, Councillor Francesco, by e-mail at: rpd@esteri.it