Atitech S.p.A. (hereinafter “Atitech”) protects the confidentiality of personal data and guarantees its necessary protection against any event that may put it at risk of violation.
As provided for by European Union Regulation No. 679/2016 (hereinafter “GDPR”) and, in particular, article 13, personal data are processed under explicit consent obtained by the Data subject for the specific purposes specified in this document. Please find below the information required by law relating to the processing of your personal data.
1 Data Controller Information.
The processing of personal data is performed by Atitech S.p.A. (“Data Controller”), represented with registered offices at Napoli (NA) – Aeroporto di Capodichino, through its legal representative.
For any further information or request the Data Controller can be reached at:
Mail address: email@example.com
Phone: +39 081 36 94 006
Address: Atitech S.p.A. –Aeroporto di Capodichino – 80144 Napoli (NA).
2 Data Protection Officer.
Atitech S.p.A., in compliance with the latest legal provisions, has nominated the “Data Protection Officer” (DPO) ex art. 37 (UE) Regulation 679/2016.
To obtain any further information about the way data are collected and processed by the Data Controller or in order to exercise the rights provided by the law and listed in this document, the Data subject can contact the Data Protection Officer. The Data Protection Officer information are stated here below:
Name: Fabiana Navatti
Phone: +39 081 6849614
Mail Address: firstname.lastname@example.org
3 Data processed.
In the table below are listed the personal data collected and processed by Atitech S.p.A.:
Type of data
Examples of data processed
Name, surname, date and place of birth, nationality, complete hometown address (road, town, region), civil status, other address, phone number, ID Number, Tax code, Passport No.
Personal data can be processed for the following purposes:
accounting, tax and law reporting obligations
management of legal controversy and litigations
Internal checks and monitoring activities
Any data and information are processed by using appropriate security measures to preserve the confidentiality, integrity and availability of personal data and solely for the purposes stated in this document.
5 Communication or transfer of data to third parties.
The personal data of the Data subject are communicated and transferred to third parties in order to meet compliance and legal obligations or in order to execute contracts. Below are listed the types of third parties to which personal data can be communicated and the related purposes:
Types of third parties
Accounting, tax and law reporting obligations
Legal practice firms
Management of legal controversy and litigations
All subjects which belongs to the above-mentioned types will process data as “Data controllers”, or “Joint controllers”, or processors of specific processing activities as stated in the “outsourcing” contracts between the parties.
At last, personal data can be processed by Atitech’s employees qualified as “internal processor” or representatives (employee, consultants, other external companies employees which are appointed with specifics technical and support tasks to be performed in the offices of the Controller).
6 How data are processed?
The processing of personal data can be performed through automated and manual activities by using ITC tools or other devices. Processing activities are not in conflict with the declared purposes as stated in this document and in any case are performed by using appropriate security measures to preserve the confidentiality, integrity and availability of personal data.
Atitech S.p.A. requires to third parties providers and processors to guarantee the same processing methods and performs a continuous monitoring on their processing activities.
7 Where data are stored?
Data are stored in hard copy, electronic and remote archives located by using appropriate security measures in order to preserve the confidentiality, integrity and availability.
Atitech S.p.A. requires to third parties providers and processors to guarantee the same security measures and performs a continuous monitoring on their processing activities.
8 Period for which the personal data will be stored.
Data will be stored for no longer than is necessary for the purposes for which the personal data are processed. Data can be stored for longer period if it is necessary for reasons stated by the law or for the exercise or defense of legal claims.
If the Data subject requires an erasure of the personal data processed by Atitech S.p.A., the data will be stored anyway in compliance with the existing terms set by the National and European regulation exclusively to meet the legal provisions provided by the law.
Moreover, data will be stored in order to meet accounting and tax reporting legal obligations that persists even after the cease of the business relation between parties. In any case data will not be stored for a period exceeding 10 years the cease of the relation between the controller and the subject. For the above-
mentioned purposes the controller will only store the data strictly necessary to meet these obligations.
For further information about the techniques and processing activities used and performed on personal data by Atitiech S.p.A., please refer to the existing “Data protection policy”. It is possible to obtain the “Data protection policy” by sending an e-mail to email@example.com.
9 Data subject rights.
In relation to your personal data, you can exercise, at any moment, the following rights, as stated in the UE Regulation 2016/679, by sending a request to the following addresses:
E-mail address: firstname.lastname@example.org; email@example.com
Mail box: Atitech S.p.A. –Aeroporto di Capodichino – 80144 Napoli (NA).
In the request, the Data subject must declare his personal identity, by indicating his full name and by specifying the rights that he want to exercise.
Right of access by the Data subject
The Data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed.
In order to exercise this right the Data subject can access to the personal data and to the information as provided by the UE Regulation 2016/679 such as, the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations.
Where personal data are transferred to a third country or to an international organization, the Data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
Atitech S.p.A. provide a copy of the personal data undergoing processing without any charging the Data subject that requires them. If further copies or electronic copies of data are needed, Atitech S.p.A may charge a reasonable fee based on administrative costs.
Right to rectification
The Data subject has the right to obtain from Atitech S.p.A., without undue delay, the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Atitech S.p.A., only if possible, must notify to each of the third parties to which personal data have been transferred, the rectification that has been done.
Right to be forgotten
The Data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies as stated in the art. 17 of the UE Regulation 2016/679.
The right to be forgotten does not apply if the processing is needed, for example, for compliance with a legal obligation which requires processing by Union or Member State law, for reasons of public interest or the establishment, exercise or defense of legal claims.
Atitech S.p.A. informs third parties controllers, which are processing the personal data, that the Data subject has requested the erasure where the effort sustainable, taking into account the available technology and the cost of implementation.
Right to restriction of processing
The Data subject shall have the right to obtain from the controller restriction of processing where one of the following applies (as stated in article 18):
the accuracy of the personal data is contested by the Data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful, and the Data subject opposes the erasure of the personal data and requests the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by the Data subject for the establishment, exercise or defense of legal claims;
the Data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the Data subject.
Where processing is restricted personal data shall, with the exception of storage, only be processed with the Data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Atitech S.p.A. informs third parties controllers, which are processing the personal data, the restriction on the processing, where it is possible and the effort is sustainable.
Right to data portability
If the processing is based on consent pursuant to point a of Article 6 (explicit consent) or on a contract pursuant to point b of article 6 (processing necessary to execute a contract) or the processing is carried out by automated means, the Data subject has the right to receive from Atitech S.p.A. the personal data concerning him or her, in a structured, commonly used and machine-readable format. Upon an explicit request provided by the Data subject, Atitech S.p.A. transmits data to other controllers as defined by the Data subject himself.
Right to object
If the processing activities are not necessary, to perform tasks carried out in the public interest or for the purposes of the legitimate interests pursued by the controller or by a third party processing the Data subject shall have the right to object, at any time to processing of personal data concerning him or her. In the case of a legitimate interests pursued by the controller, the controller must demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data subject or for the establishment, exercise or defense of legal claims. The right is intended also for the profiling activities.
Right to withdraw the consent
The Data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. It shall be as easy to withdraw as to give consent.
Right to lodge a complaint with the Italian Data protection supervisory authority
Without prejudice to any other administrative or judicial remedy the Data subject shall have the right to lodge a complaint with a supervisory authority if the Data subject considers that the processing of personal data relating to him or her, as made by Atitech S.p.A, infringes the (UE) Regulation 2016/679.
The Data subject can send the claim by giving it by hands to the Supervisory authority (Garante per la protezione dei dati personali) or by sending:
a) registered letter to the Supervisory authority – Garante per la protezione dei dati personali, Piazza Venezia n. 11, 00187 Roma;
b) a certified e-mail to firstname.lastname@example.org.
10 Failure to provide data.
Collection and processing of personal data are necessary to start the business relationship. If the Data subject will not provide the explicit consent to process his/her personal data for the above-mentioned purposes, the controller will not be able to execute effectively the contract.
11 Data subject obligations.
We kindly ask, on behalf of Atitech S.p.A. and as far as you are concerned to:
Fullfill and meet the principles on data processing activities as stated in the UE Regulation 2016/679, and respect all the other legal obligations provided by national law
Be advised that, in the event of a lack of respect of the requirements provided by the UE Regulation 2016/679, Atitech S.p.A. can suspend any existing relationship between the parties.