PRIVACY POLICY
Information pursuant to and for the purposes of the European Regulation – GDPR 2016/679 –
(personal data protection)

Dear Sir/Madam,
Below we provide some information about the processing of your personal data.

The personal data controller is Mases s.r.l., which can be contacted at:

e-mail address: privacy@masesgroup.com

Type of data collected

The processing concerns the following personal data pursuant to Article 4, No. 1, GDPR:

• personal and identification data (full name, physical address, tax code);
• contact data (e-mail, PEC).

Purposes and legal bases of processing

Your data is processed for the following purposes:

	Purpose	Legal basis for data processing
a)	Complying with the legislation related to electronic billing	Processing necessary to fulfil a legal obligation to which the data controller is subject (Article 6, paragraph 1, letter c, GDPR).

Necessity or Optionality of the Processing

The provision of personal data for the purposes indicated above is necessary in order to send the electronic bill.

Recipients of personal data

Personal data may be communicated, strictly related to the purposes indicated above, to the following entities or categories of entities:

1. Individuals authorised in writing by the Company/data controller pursuant to Article 29 of the Regulation due to the performance of their work duties (e.g. employees in the General Secretariat, Administration, IT);
2. entities in relation to which the current legislation (for example tax and accounting) involves the obligation of communication, including, by way of example, public bodies (Tax Offices);
3. entities that provide management services for the company’s IT infrastructure.

Processing methods

Personal data is collected at the time of the request for electronic billing, in written or electronic form. The processing is carried out with paper methods and IT tools in compliance with the provisions regarding the protection of personal data and, in particular, the appropriate technical and organisational measures pursuant to Article 32.1 of the Regulation, and with the observance of every precautionary measure that guarantees its integrity, confidentiality and availability.

Personal data stored on a computer database is accessible only to the individuals identified (the manager and their appointees), through personal access keys.

Data retention period

Your data will be kept for 10 years from the date of issuing the electronic bill, that is until the expiry of the ordinarily prescribed terms.

In the event that a dispute arises between the Company/data controller and the data subject, the retention period will be extended for the entire duration of this dispute and for the 10 years following its definitive resolution (e.g. settlement agreement or final ruling).

Rights of the data subject pursuant to Articles 15-22 of EU Regulation – GDPR 2016/679

Pursuant to the relevant legislation, your rights and the way these are exercised are listed below.

• Right of access – The data subject can ask at any time what kind of data the data controller possesses; the origin, the purposes, the categories of data; the recipients; the existence of a profiling process; the retention period.
• Right of rectification – The data subject may request the rectification and/or integration of their data at any time, and the data controller will be obliged to communicate these changes to third parties to whom the data has been transmitted.
• Right to be forgotten – The data subject may request the deletion of data at any time if: the purpose of the processing has been concluded; consent has been revoked; there has been opposition to the processing; it has been processed in violation of the law. The data controller will be obliged to communicate these changes to third parties to whom the data has been transmitted.
• Right to limitation of processing – The data subject may at any time request limitation of the processing: in the case of inaccurate data until rectification; in the case of dispute until clarification; on request, as an alternative to deletion.
• Right of objection – The data subject has the right to object to the use of personal data for automated processing.
• Right of portability – The data subject can exercise this right only regarding data processed for contractual purposes and with automated means, and except when it damages the rights and freedoms of others.

Data subject request procedures

The data subject may exercise the above rights at any time by sending an e-mail to: privacy@masesgroup.com.

The data subject has the right to complain to the Data Protection Authority on the basis of the indications referred to in the link https://www.garanteprivacy.it/garante/doc.jsp?ID=4535524 or to any other supervisory authority.