PRIVACY DISCLOSURE pursuant to EU Regulation 679/2016

The company RankLab Studio in the person of the legal representative pro tempore (P.IVA 01395270513) with registered office in Piazza dei Tedaldi, 10 (hereinafter, “Owner”), as the owner of the processing of personal data pursuant to the articles 4 and 28 of the legislative decree 30 June 2003, n. 196 – Privacy Code (hereinafter the “Code”) and Articles 4, n. 7) and 24 of the EU Regulation 2016/679 of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data (hereinafter, the “Regulation”) informs pursuant to art. 13 of the Code and 13 of the Regulation which will proceed to the processing of personal data referring to customers or to subjects requesting information through forms (where they are natural persons).

Subject of the processing

 The data processed are: personal data; number of the identity card or passport or driving license, etc .; contact information such as phone number, e-mail address, etc. (add or change as needed).

The personal data indicated above will be used exclusively for the provision of the service as requested by the client and for all the activities instrumental to this, including the purposes of establishing and managing contractual relationships of any kind, as defined by the sector legislation.

The provision of the requested data is mandatory as it is necessary to perform the service and any refusal to provide such data could lead to failure to finalize or maintain the contractual relationship; the data will be processed either manually or using computer procedures; the data will not be disseminated.

Purpose of the processing

The data will be processed to allow the activities related to the establishment and management of the requested service to the Owner to be carried out.

The same data will be processed lawfully, fairly and with the utmost confidentiality, mainly with electronic and IT tools and stored both on computer media and on paper supports and on any other type of suitable support, in compliance with the minimum security measures. as required by the Code and the Regulations.

Only if expressly authorized by a special flag / check will the data be used for sending information.

Processing methods

 The processing of personal data is carried out by means of the operations indicated in the art. 4 Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data is processed both on paper and electronic and / or automated.

The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for:

no later than 10 years from the conclusion of the contract;

no more than 2 years from the request for information.

In case of consent to processing for sending commercial information, the email that will be included in the sending list will be used for the aforementioned purposes until the user cancels it and in any case no later than 5 years from the sending of the last email containing commercial information.

Access to data

 The owner may provide access to personal data to the following subjects (for purposes of fulfilling the obligations connected to the established relationship or for the purpose of data storage security):

    to employees and collaborators of the Data Controller in their capacity as authorized persons and / or DPOs and / or system administrators, all formally appointed or appointed;

Data communication

 The Data Controller may communicate the data for the purposes referred to in art. 2 to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom the communication is obligatory by law for the accomplishment of the purposes established by the law. However, the aforementioned data will not be disclosed.

Storage and Data Transfer

 The management and storage of personal data will take place on servers located within the European Union of the Data Controller and / or third-party companies appointed and duly appointed as Data Processors.

Currently the servers are located in Italy.

The data will not be transferred outside the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the location of the other EU countries and / or non-EU countries. In this case, the Data Controller ensures from now on that the extra-EU data will be transferred in compliance with the applicable laws stipulating, if necessary, agreements that guarantee an adequate level of protection and / or