Privacy policy pursuant to article 13 of UE Regulation No. 2016 /679
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter "GDPR"), concerning the protection of individuals with regard to the processing of personal data, the Data Controller informs its customers (hereinafter "Customer/s") about the processing of personal data provided to them.
Data Controller
The Data Controller is AGILE LAB S.r.l. AGILE LAB S.r.l. with headquarters in MILAN, Via Alessandro Manzoni 30, agilelab@pec.it (hereinafter referred to as "Data Controller") with registered office in Milan, via Pietro Rubens 19, VAT number 09183000158.
Subject of the processing
The Data Controller processes personal data, both identifying and non-sensitive, such as personal details (name, surname, company name) and contact details (e-mail, telephone number) as well as payment details (hereinafter "personal data" or "data"), provided by you when finalizing the contractual relationship, including those of the individual customer and the legal representative of the legal entity customer (who signs the contract on behalf of the latter).
Purpose and Method of processing
The data will be processed to allow the performance of activities related to the establishment and management of the contractual relationship between the writing company and each Customer.
Your personal data will be used to:
facilitate direct contact (legal basis: execution of a contract to which the data subject is a party);
fulfill pre-contractual, contractual, and fiscal obligations arising from existing relationships with you (legal basis: execution of a contract to which the data subject is a party or execution of pre-contractual measures adopted at the request of the data subject);
comply with obligations established by law, a regulation, EU legislation, or an order from the Authority (e.g., anti-money laundering) (legal basis: to fulfill a legal obligation to which the Data Controller is subject);
defend a right in litigation (legal basis: legitimate interest of the Data Controller).
Providing data is mandatory. Failure to communicate will make it impossible to conclude the contract or provide customer service.
Data will be processed in accordance with Art. 6 GDPR lawfully, fairly, and with the utmost confidentiality, mainly using electronic and computer tools and stored both on computer media and on paper.
Data retention
The data you provide will be stored for the entire duration of the contractual relationship. Once this relationship has ended and after the period necessary for the fulfillment of any obligations connected or arising from the termination of the professional relationship, the data will be destroyed or made anonymous, compatible with technical deletion and backup procedures.
Data communication
Your data may be made accessible for the purposes mentioned above to employees and collaborators of the Data Controller as well as to third-party companies or affiliates of AGILE LAB or other entities (e.g., consultants) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
The list of external managers can be requested by sending an email to compliance@agilelab.it.
Transfer to other countries/international transfer
Personal data may be transferred to recipients, who may therefore process them, both inside and outside the EU. AGILE LAB may subcontract the processing to, or share your personal data with, third parties located in countries other than your country of residence. Therefore, AGILE LAB may transfer your personal data to an entity, including third parties and affiliates of AGILE LAB, located outside the EU, and in particular, may transfer personal data collected to the United States to serve its legitimate interests or for any other legal basis defined in this document. Where it is necessary to transfer your personal data to an entity located outside the EU, AGILE LAB will ensure that, with regard to privacy, rules, certifications, contractual safeguards, or adequate measures are put in place to ensure that your personal data is protected and transferred in compliance with current personal data protection regulations.
Rights of the data subject
Obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
Obtain information: a) on the origin of personal data; b) on the purposes and methods of processing; c) on the logic applied in case of processing carried out with the aid of electronic tools; d) on the identity of the Data Controller, the managers, and the designated representative pursuant to Art. 5, paragraph 2 of the Privacy Code and Art. 3, paragraph 1, GDPR; e) on the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers, or agents;
Obtain: a) updating, rectification, or, when interested, integration of data; b) deletion, transformation into anonymous form, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also regarding their content, of those to whom the data has been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the protected right;
Object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, using automated call systems without human intervention by email and/or using traditional marketing methods by telephone and/or paper mail. It should be noted that the right of opposition of the data subject, set out in the previous point b), for direct marketing purposes using automated methods extends to traditional ones, and the data subject's right to object remains intact even in part. Therefore, the data subject can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
The Data Controller can be contacted, also for the exercise of the rights mentioned above, at the following addresses:
PEC: agilelab@pec.it
E-mail: compliance@agileb.it and dpo@agilalab.it