SOS Bonifiche logo
Contacts

Privacy policy

Privacy Policy for the Processing of Personal Data

Pursuant to Article 13 of European Regulation No. 679/2016

Dear Data Subject,
S.O.S. Bonifiche Srl, acting as Data Controller pursuant to Article 13 of European Regulation No. 679/2016 "General Data Protection Regulation (GDPR)" (hereinafter "EU Regulation"), which sets out provisions on the processing of personal data, wishes to inform you about the processing of your personal data.

The regulation provides that anyone carrying out personal data processing activities is required to inform the data subject about the data processed and the key elements of such processing, which must in all cases be carried out in a lawful, fair and transparent manner, while protecting the privacy of and guaranteeing the rights of the data subject.

It is noted that data processing means any operation or set of operations concerning the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination and destruction of data.
 
1. Data Controller
The Data Controller is S.O.S Bonifiche Srl, with registered office at Via San Crispino, 12 – 35129 Padova (PD) and operational offices at Via Makallè, 73 – 35138 Padova (PD) and Piazza Dante, 17 – 25045 Castegnato (BS), Tax Code and VAT No. 01543200289, contactable at the following details: telephone +39 049 9903228, email: amministrazione@sosbonifiche.it
 
2. Nature of Data Processed, Purposes and Legal Basis for Processing
Nature of data processed. In relation to the processing purposes set out below, it is noted that only "common personal data" will be processed, such as:
  • company identification data (name, surname, email, etc.)
Purposes of processing. Your personal data will be processed for the following purposes:
  • to respond to your requests: by voluntarily completing the dedicated form found in this contact area;
    to fulfil legal obligations.
Legal basis for processing. Personal data, for the purposes referred to in points 2A and 2B, will be processed lawfully in order to fulfil pre-contractual and contractual obligations between us and the user (Art. 6(1)(b)), and to fulfil our legal obligations (Art. 6(1)(c)).
 
3. Recipients of Data and Processing Methods — Existence of Automated Decision-Making, Including Profiling
The processing of your personal data will be carried out in accordance with the principles of fairness, lawfulness and transparency, and may be performed using paper-based and electronic tools both by the company's own personnel, duly authorised to process personal data, and by external parties appointed to carry out specific tasks on behalf of the Data Controller, acting as Data Processors pursuant to Article 28 of the EU Regulation, following a letter of appointment from us requiring them to maintain confidentiality and security in the processing of personal data, and to adopt appropriate security measures to prevent data loss, unlawful or improper use, and unauthorised access, in compliance with current data protection legislation.

For the sake of brevity, the detailed list of such figures is available at the Data Controller's office and is at your disposal.

Your personal data will not be disclosed and will not be transferred to third countries or international organisations; they will not be communicated to third parties except where required by law or by contract.

With reference to the provisions of Article 13(2)(f) and Article 14(2)(g) of the EU Regulation, it is hereby noted that the Data Controller does not currently use any automated decision-making system or process.
 
4. Data Retention Periods
Your personal data will be retained for no longer than necessary to achieve the purposes for which they are processed, in accordance with the principle of storage limitation set out in the EU Regulation and/or for the time necessary to fulfil legal and contractual obligations, or until the data subject withdraws their specific consent, and therefore:
  • with reference to the purposes indicated in points 2A–2B, data will be retained for no longer than necessary to achieve the purposes for which they are processed and/or for the time strictly necessary to fulfil legal and contractual obligations.
To ensure compliance with the stated retention periods, an annual review of the data processed will be carried out to determine whether they can be deleted if no longer necessary for the intended purposes.
 
5. Access to Data (Categories of Recipients to Whom Data May Be Communicated)
We also inform you that the data collected will never be disclosed and will not be communicated without your explicit consent, except for necessary communications that may involve the transfer of data to public bodies, consultants or other parties for the fulfilment of tax and legal obligations or for the fulfilment of the stated purposes (where authorised), following a letter of appointment from us requiring them to maintain confidentiality and security in the processing of personal data.

With reference to Article 13(1)(e) of the EU Regulation, the following categories of individuals or entities (duly identified and instructed) who may have access to the user's personal data as processors or authorised persons are listed below:
  • Partners, employees, collaborators and suppliers of the Data Controller in Italy and abroad, in their capacity as authorised persons and/or data processors (e.g. commercial, technical, administrative, legal and press offices; system administrators, external professionals, various service providers, etc.)
Your personal data may also be communicated to external parties who are recipients of matters concerning you, in the course of relevant activities, and to external parties who interact with us, always and exclusively for activities related to the purposes described above — external parties appointed to carry out specific tasks on behalf of the Data Controller, acting as Data Processors pursuant to Article 28 of the EU Regulation.

For the sake of brevity, the detailed list of such figures is available at our office and is at your disposal.
 
6 and 7. Communication and Transfer of Data
Without the need for express consent (Art. 6(1)(b), (c) and (f) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in points 2A to 2B to supervisory bodies, judicial authorities, as well as to those parties to whom communication is required by law for the fulfilment of the purposes indicated above.

Such parties will process the data in their capacity as independent data controllers.

Personal data are stored on devices located at the Data Controller's premises or with providers, within the European Union.
Your data will not be disclosed.

To ensure the security of such transfers, we only engage parties that offer the necessary guarantees to implement appropriate technical and organisational measures to ensure that processing complies with the provisions of EU Regulation 679/2016.

With regard to both data held on its own devices and any data held with providers, the Data Controller has implemented appropriate technical and organisational measures to ensure an adequate level of security, in full compliance with the EU Regulation.
 
8. Consequences of Failure to Provide Data
The personal data referred to in points 2A–2B of this notice are necessary; without such data it would be impossible for us to proceed and fulfil our contractual and legal obligations.
 
9. Rights of the Data Subject
As a data subject, you have the rights set out in Articles 15 to 22 of the EU Regulation, specifically the right to:
  • obtain confirmation of the existence and processing of personal data relating to you and, where applicable, to obtain access to such data (right of access);
  • obtain information about the purposes of processing, the categories of data concerned, the recipients or categories of recipients to whom the data have been or will be communicated, in particular where they are recipients in third countries or international organisations, the envisaged retention period or the criteria used to determine it; and where data have not been collected from the data subject, to obtain all available information about their origin;
  • obtain the rectification of data relating to you (right of rectification);
  • obtain the erasure of data relating to you (right to erasure / right to be forgotten);
  • obtain restriction of processing (right to restriction of processing);
  • obtain data portability, i.e. to receive data from a controller in a structured, commonly used and machine-readable format and to transmit them to another controller without hindrance (right to data portability);
  • object to processing at any time (right to object). It is specifically noted, as required by Article 21 of the EU Regulation, that where personal data are processed for direct marketing purposes (including profiling), the data subject has the right to object at any time to the processing of their personal data for such purposes, and that where the data subject objects to processing for direct marketing purposes, the personal data may no longer be processed for such purposes;
  • be informed (with the possibility to object) of the existence of any automated decision-making process relating to natural persons, including profiling;
    withdraw consent at any time without affecting the lawfulness of processing based on consent given prior to withdrawal;
    lodge a complaint with a supervisory authority (Garante per la Protezione dei Dati Personali — Italian Data Protection Authority).
It is noted that there may be conditions or limitations on the data subject's rights. It is therefore not certain that, for example, the right to data portability applies in all cases; this depends on the specific circumstances of the processing activity.

As a further example: should you decide to object to the processing of your data, the Data Controller has the right to assess your request, which may not be accepted where there are compelling legitimate grounds for the processing that override your interests, rights and freedoms.
 
10. How to Exercise Your Rights
Without any formality, you may at any time exercise your rights in a clear and explicit manner by sending:
Or by contacting the Data Controller directly by telephone at: +39 049 9903228.
 
11. Minors
The services offered by the Data Controller and subject to the relationship with you do not involve the intentional collection of personal information relating to minors. Should information relating to minors be inadvertently recorded, the Data Controller will delete it promptly upon request or notification by the data subject.
 
12. Authorised Personnel and Data Processors
Below we provide certain information that it is necessary to bring to your attention, not only to comply with legal obligations, but also because transparency and fairness towards data subjects are a fundamental part of our activities.

Authorised Personnel. The updated list of authorised persons is kept at the Data Controller's registered office.

Data Processors. For the sake of brevity, the detailed list of such figures is available at our office.
Contact our experts
We are ready to provide all the information you need. Please fill out the form below and one of our specialists will contact you to answer your requests.