INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO
EU REGULATION 2016/679
Dear Customer,
pursuant to current legislation on the protection of personal data (EU Regulation no. 679 of 2016), we wish to
inform you that the processing of your personal data is carried out with correctness and transparency, for lawful
purposes and protecting your privacy and your rights.
Contacts of the Data Controller and Data Processors
The Data Controller is BLACK SHIRE SRL, with registered office located in Località Ornati n. 2, 12065 Monforte
d'Alba (CN).
The updated list of subjects appointed as Data Processors pursuant to Article 28 of the GDPR is available at the
company headquarters and can be obtained through a specific request formulated in the manner indicated below.
Categories of personal data processed and Purpose of processing
BLACK SHIRE SRL, as Data Controller, informs that it uses particular data of its customers.
The personal data processed by the Data Controller may be used for the following purposes:
a) To execute contractual agreements;
b) To fulfill current administrative, accounting and tax obligations.
We inform you that, with reference to the purposes highlighted in points a) and b), the provision of your correct
data is mandatory. Any refusal and/or the provision of inaccurate or incomplete information would prevent the
carrying out of the activities listed above.
Treatment methods
The processing of your data will be carried out using suitable paper, electronic and/or telematic tools, with logic
strictly related to the above purposes and, in any case, in such a way as to guarantee the security and
confidentiality of the data themselves.
Your personal data are processed with the aid of IT tools in a lawful and correct manner for the fulfillment of the
purposes indicated above and are protected with appropriate security measures which guarantee their
confidentiality, integrity, accuracy, availability and updating.
Personal data will be processed exclusively by personnel authorized to process directly appointed by the Data
Controller, BLACK SHIRE SRL, who has put in place all the IT security measures necessary to minimize the risk
of violation of users' privacy by third parties, updated constantly and whenever it proves indispensable.
Recipients or Categories of recipients of personal data
The personal data processed by the Data Controller may be communicated to specific subjects considered
recipients of such personal data. Article 4 in point 9) of the Regulation defines the recipient of personal data as
"the natural or legal person, public authority, service or other body that receives communication of personal data,
whether or not it is a third party". ”.
From this perspective, in order to correctly carry out all the processing activities necessary to pursue the purposes
set out in this information, the following recipients may be in a position to process the data on behalf of the Data
Controller:
- Third parties who carry out part of the processing activities and/or related and instrumental activities. Such
subjects have been appointed data controllers;
- Individuals, employees and/or collaborators of the Data Controller who are entrusted with specific and/or
more processing activities on your personal data. Specific instructions have been given to these
individuals regarding the security and correct use of personal data;
- Subjects, public and private, who can access the data pursuant to legal provisions, regulations or community
legislation, within the limits established by such regulations. For example: social security institutions and
bodies, associations of local authorities, public administrations and bodies, associations, foundations,
associative and/or insurance bodies or organisations;
- Subjects who need to access the data for purposes auxiliary to the relationship between the parties, within
the limits strictly necessary for carrying out auxiliary activities, for example: banks and credit institutions,
service provision companies, carriers and transport companies shipments.
The data will not be disclosed, with this term meaning giving knowledge of it to indeterminate subjects in any way,
including by making it available or consulting it, unless specific, free and informed consent is granted for each
type of processing.
Duration of processing and criteria used for storing personal data
For the purposes referred to in points a) and b), your data will be processed only for the time necessary to carry
out the purposes for which they were collected and stored for the necessary time imposed by legal obligations.
Rights of the interested party
At any time, the interested party may exercise, pursuant to art. 7 of Legislative Decree 196/2003 and articles 15
to 22 of EU Regulation no. 2016/679, the right to:
a) request confirmation of the existence or otherwise of personal data;
b) obtain information regarding the purposes of the processing, the categories of personal data, the recipients
or categories of recipients to whom the personal data have been or will be communicated and, when
possible, the retention period;
c) obtain the rectification and deletion of data;
d) obtain the limitation of processing;
e) obtain data portability, i.e. receive them from a data controller, in a structured format, commonly used and
readable by an automatic device, and transmit them to another data controller without impediments;
f) oppose the processing at any time and also in the case of processing for purposes of
direct marketing;
g) oppose an automated decision-making process relating to natural persons, including the
profiling;
h) ask the data controller to access personal data and to rectify or cancel them or limit the processing that
concerns them or to oppose their processing, in addition to the right to data portability;
i) withdraw consent at any time without prejudice to the lawfulness of the processing based on
consent given before revocation;
j) Pursuant to art. 13, paragraph 2, letter. d), of Regulation 679/2016, the subjects to whom the data refers
personal have the right to lodge a complaint with a supervisory authority.
To exercise the aforementioned rights, you can write to the Owner's email address blackshire.srl@legalmail.it
preferably indicating "Privacy - exercise of GDPR rights" in the subject, or by writing to the address Località Ornati
n. 2 – 12065 Monforte d'Alba (CN).
Pursuant to art. 13, paragraph 2, letter. d), of Regulation 679/2016, the subjects to whom the personal data refer
have the right to lodge a complaint with a supervisory authority.
The Data Controller
Black Shire S.r.l.