PRIVACY NOTICE

informs you that by art. 13 of the EU Regulation n. 2016/679 (hereinafter “GDPR ”) that your data will be processed in the manner and for the following purposes:

1. Scope of the Processing
The Data Controller processes personal data, such as name, surname, company name, address, telephone number, e - mail address, bank and payment details) - hereinafter "personal data" or "data" - you have provided signing the contract or the request of service from the Data controller.
2. Purpose of the processing
Your personal data are processed:
- A) without your consent pursuant to art. 6 lett. b), e) GDPR, for the following Service Purposes:
  - - design, construction and installation of metal stairs for interiors and exteriors, light carpentry works
  - - to fulfill the pre-contractual, contractual and to comply to fiscal obligations deriving from our relations;
  - - to fulfill the obligations established by law, regulation, by EU legislation or by an order of the Authority (such as for “anti-money laundering”);
  - - to exercise the rights of the owner, for example the right to defense in court;
- B) Only under your specific and distinct consent by art. 7 GDPR), for the following Marketing Purposes:
  - - to send you by e - mail, mail and / or text message and / or telephone and / or newsletter: commercial communications and / or advertising material about products or services offered by the Data Controller and for detecting your degree of satisfaction with the quality of our services;
  - - to send you by e - mail, mail and / or text messages and / or telephone: commercial and / or promotional activities by third parties (for example, business partners, insurance companies, other companies of the same group).
  Please note that if you are already a customer, we may send you commercial communications relating to our services and products similar to those you have already used, unless you exercise your right to dissent.
3. Processing methods
The processing of your personal data is carried out by the means indicated in art. 4 n. 2) GDPR and more precisely: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Your personal data are subject to both paper and electronic and / or automated processing.
4. Duration of the processing
Your personal data will be kept for the time strictly necessary to carry out the purposes described above and to fulfill the obligations established by law. In any case for a period not exceeding ten years
5. Access to data
Your data may be made accessible for the purposes listed in art. 2.A) and 2.B) GDPR:
- - to employees and collaborators of the Data Controller or other companies of the group in Italy and abroad, as persons in charge of the processing and / or internal processors and / or system administrators;
- - to third-party companies or other subjects (e.g. banks and credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Data Controller, as external processors.
6. Recipients of the data
Furthermore, your data may be disclosed to third parties, for technical and operational requirements strictly related to the purposes set out above,in particular to the following categories of subjects:
- a) to authorities, professionals, companies or other structures appointed by us, in charge of data processing for the fulfillment of administrative, accounting and management obligations related to the ordinary administration of our activity and also for purposes of credit collection;
- b) to public authorities and administrations for the purposes connected to the fulfillment of legal obligations or to the persons entitled to access it by virtue of provisions of law, regulations, EU regulations;
- c) to banks, financial institutions or other subjects to whom the transfer of the aforesaid data is necessary to perform our company activities, in order to comply to the contract signed with you.
- d) to installers, assistance and maintenance services that are functionally connected and necessary to perform the services covered by the Contract.
7. Data transfer
Personal data is stored on servers located within the European Union. In any case it is understood that the Data Controller, if necessary, will have the right to move the servers, even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
8. Nature of the provision of data and consequences of refusal
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we can not guarantee the services listed in art. 2.A). 3 The provision of data for the purposes referred to in art. 2.B) is optional. You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material concerning the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in art. 2.A).
9. Rights of the interested party
Pursuant to articles 13, paragraph 2, and from 15 to 21 of the Regulations, we inform you that in relation to the processing of your personal data you can exercise the following rights:
- a) Right to obtain access to your personal data and the following information:
  - - confirmation that the processing of your personal data is currently underway;
  - - the purposes of the processing;
  - - the categories of personal data;
  - - the recipients or categories of recipients to whom the personal data have been or will be communicated;
  - - if the data are not collected directly from the data owner, all information available on their origin;
  - - the existence of an automated decision-making process, including profiling;
  - - a copy of the personal data being processed.
- b) Right of rectification and integration of your personal data;
c) Right to delete data ("right to be forgotten") if one of the following reasons exists:
- 1. personal data are no longer necessary regarding the purposes for which they were collected or otherwise processed;
- 2. the interested party revokes the consent to the processing of data and there is no other legal basis for the processing;
- 3. the party opposes the processing and there is no legitimate overriding reason to proceed with the processing;
- 4. personal data have been processed unlawfully;
- 5. personal data must be deleted to fulfill a legal obligation under European Union law or the law of the Member State to which the Data Controller is subject;
The Data Controller, if he has disseminated personal data and is obliged to delete it, must inform the other owners who process the personal data of the request to delete any link, copy or reproduction of the data.
d) Right to limitation of processing in the event that:
- 1. The owner of the data contests the accuracy of his data, for the period necessary for the Data Controller to verify the accuracy of such personal data;
- 2. The processing is illegal and the owner opposes the cancellation of personal data and asks instead that its use is limited;
- 3. Although the data controller no longer needs it for processing purposes, personal data are necessary for the owner to ascertain, exercise or defend a right in court;
- 4. The owner of the data opposed the processing, pending verification of the possible prevalence of legitimate reasons of the Data Controller with respect to those of the owner.
e) Right to lodge a complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority www.garanteprivacy.it.
f) Right to data portability:
or the right to receive, in a structured, commonly used and automatically readable form, personal data concerning him / her provided to a Data Controller and possibly transmit them to another Data Controller, if the processing is based on consent or a contract and is carried out by automated means. If technically possible, the data owner has the right to obtain direct data transmission from one Data Controller to another.
g) Right to oppose:
at any time to the processing of personal data, including to the profiling operations, in particular in the case where:
- 1. processing is carried out on the basis of the legitimate interests of the owner of the data, after having clarified the reasons for the opposition;
- 2. personal data are processed for direct marketing purposes.
h) Right not to be subjected to a decision based solely on automated processing, including profiling, except in cases where the decision:
is necessary for the conclusion or execution of a contract between the data owner and a Data Controller, is authorized by the law of the Union or the Member State to which the Data Controller is subject or based on the explicit consent of the data subject.
i) Right to withdraw consent at any time;
obviously with every consequence deriving from the impossibility of being able to fulfill legal or contractual provisions if the treatment is established by these provisions.The exercise of rights is not subject to any form constraint and is free.

10. How to exercise rights
You can exercise your rights at any time by sending: -a registered letter a.r. to:
P.M. SAS DI MASTELLA ROBERTO E C. – Via G. Galilei 7/b – 35020 SAN PIETRO VIMINARIO ITALY an e-mail to: This email address is being protected from spambots. You need JavaScript enabled to view it.

11. Data controller
P.M. SAS DI MASTELLA ROBERTO E C.
The updated list of Data Controllers is kept at the registered office of the Data Controller.