Information pursuant to ARTT. 12 and SS. REG. EU. 2016/679 concerning the processing of personal data
The EU Regulation 2016/679 intends to guarantee that the processing of “personal data” takes place in respect of the rights, fundamental freedoms, and dignity of natural persons, with particular reference to privacy and personal identity.
Credires S.r.l., which carries out credit management and collection activities on behalf of private companies and public administrations, announces that it is essential to process the acquired data in order to carry out the given mandates:
– through communication of their customers;
– verbally, directly at the interested party or through consultation of third party sources (public registers, authorized institutes pursuant to Article 134 T.U.L.P.S. etc.)
With reference to these data, the undersigned company guarantees that:
• the processing is based on the principles of lawfulness and correctness and is carried out in full protection of the rights of the interested party and his privacy;
• the processing of personal data is essential for the performance of extra-judicial credit management and collection;
• the processing is aimed at an effective management of the credit rights claimed by our clients against the interested party;
• at the end of the assignment received, the confidential data of the interested party are kept exclusively to allow our company the correct fulfillment of legal obligations, within the ten-year term of the ordinary civil prescription, and to be able to report, where necessary, on the activity performed. In any case, once the assignment is terminated, the data relating to the interested party are removed from the availability of the appointees, to whom no further consultation is allowed;
• the data is processed by manual means and / or with IT tools and, in any case, our company guarantees the observance of every precautionary measure of their security and confidentiality.
• without prejudice to the right of our company to acquire information through third parties, in compliance with the provisions of the REG. EU 2016/679 and the Provision of the Guarantor for the protection of personal data on debt collection (November 30, 2005), the provision of data by the interested party is optional.
The possible refusal involves, however, the failure of the extra-judicial mandate:
• the data is stored and processed at our company headquarters;
• the data can be communicated to:
a) Customers / Clients
b) any public authorities that request it or need to communicate information in compliance with specific legal obligations;
• under the conditions established by EU Regulation 2016/679, the interested party may exercise the following rights:
– art. 15 Right to access of the interested party;
– art. 16 Right to correction;
– art. 17 Right to cancellation;
– art. 18 Right to limitation of processing;
– art. 20 Right to data portability;
– art. 21 and art. 22: Opposition law and automated decision-making relating to natural persons.
For the purpose of verifying the existence of the conditions and procedures for the exercise of the aforementioned rights, see the full text of the aforementioned provisions, available on the website: www.garanteprivacy.it
We inform you that, if you consider the aforementioned rights violated, the current legislation allows you to raise a complaint to the national Control Authority.
The data controller of the interested party data is the creditor and, with reference to the processing performed after the conclusion of the mandate, the undersigned company.
The Data Protection Officer is available at the email address DPO@credires.it
Further information, including the references of the eventual data processors, may be requested by the interested party through a written communication to be sent to the following addresses:
CREDIRES S.r.l.
Via Don Luigi Sturzo, 4
56025 Pontedera (PI)
tel. +39 0587 467700
tel. +39 0587 484285
fax. +39 0587 467600
VAT number 00935320507
C. SDI M5UXCR1
Information pursuant to ARTT. 12 and SS. REG. EU. 2016/679 concerning the processing of personal data for commercial information purposes
Credires Srl provides a Commercial Information Service to third parties (Clients) that request them for needs related to the establishment and management of commercial, contractual or pre-contractual relationships of an economic and financial nature and / or the protection of their rights / interests.
Quoting the current legislation, the COMMERCIAL INFORMATION SERVICE consists of “the service requested by third parties (clients) concerning the execution of research, collection, registration, organization, analysis, evaluation, processing and communication of information from public sources, from sources publicly and generally accessible by anyone or otherwise acquired by the interested party such as to provide an additional knowledge value to third parties “and can only be performed by those in possession of a prefectural license issued by the competent Prefecture pursuant to art. 134 of the R.D. n. 773/1931.
This information is published based on the principles recognized in art. 5 paragraph 3 of the Code of Conduct for the processing of personal data in the field of commercial information approved by the Guarantor for the protection of personal data with Resolution of 12 June 2019 (register of provision n. 127 of 12/06/2019) available at the following link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9119868, it also concerns exclusively commercial information services as defined above and carried out through information from public sources , from sources publicly and generally accessible by anyone.
1) CATEGORIES OF INTERESTED PARTIES SUBJECT TO THE TREATMENT (to which this information is addressed):
> Any natural person for whom a commercial information service is required
> Subjects legally and / or economically bound to the natural person for whom a commercial information service is required (*)
> natural persons or other interested parties legally and / or economically (*) connected to the legal entity or organization on which a commercial information service is requested
(*) it must be considered that there is a legal and / or economic link between two or more interested parties and between an interested party and a person other than the natural person (eg company) when one or more of the following situations occurs:
- a) participation of the interested party in a company or a company through the possession or direct or indirect control of a percentage of units or shares, or of voting rights, equal to or greater than the thresholds identified in art. 8 of the Code of Conduct;
- b) exercise, through the office or position held by the interested party, of effective powers of administration, management, management and control of a company or company.
2) WHAT DATA IS PROCESSED
> Data relating to capital, economic, financial, credit, industrial and production aspects with the exclusion of particular categories of personal data pursuant to art. 9, paragraph 1, of EU Regulation 2016/679, that is “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as treating genetic data, biometric data intended for uniquely identify a natural person, data relating to health or sexual life or sexual orientation of the person “
> data relating to criminal convictions and crimes originating from public sources;
> data relating to criminal convictions and crimes spread in the last six months, starting from the date of receipt of the request for the service by the customer, and without any possibility of making changes to the content of such information – unless they are updated – and to use them for the purpose of processing evaluation information.
> valuation information and judgments, also expressed in predictive or probabilistic terms issued on the basis of statistical analysis and processing and evaluations carried out by expert analysts, also on the basis of a classification in predefined categories or classes or overall evaluation of the data acquired.
> further information useful for the purposes of verifying solvency or reliability (typically other companies and economic operators with whom the interested party has or had dealings), such as the cd. payment habits, amount of a credit or a debit, etc. when the possible obligations of information and acquisition of consent have been fulfilled (where the latter is necessary)
3) FROM WHERE THEY COME, data sources
For the purposes of service provision the following date are managed:
> data provided by the Customer: name, address, telephone, e-mail, information on the type of business relationship established or established, etc.
> any data / documents provided directly by the interested party during possible contacts with Credires Srl.
> data available on public sources, ie public registers, lists, deeds or documents available to anyone based on current legislation, including, by way of example but not limited to:
1) company register, budgets and lists of members, inspections and / or chambers of commerce, proceedings and events relating to bankruptcy or other insolvency proceedings as well as the computerized register of protests in the chambers of commerce and the related consortium company InfoCamere;
2) real estate proceedings, prejudicial and hypocatal acts (such as, for example, registration or cancellation of mortgages, transcripts and cancellations of foreclosures, injunctions or judicial documents, and relative annotations) kept in the registers managed by the Revenue Agency (between such as the former land registry and the Land Registry Office), the Public Motor Registry and the population register.
> data from sources publicly and generally accessible by anyone including, by way of example but not limited to: newspapers and newspapers, lists of c.d. categorical and telephone directories and related online services, Internet sites
> third parties where possible in compliance with current legislation
4) WHY THE DATA IS TREATED (purpose of treatment)
The treatments carried out have the following purposes:
> Provide the Customer with Commercial Information Services to enable them to assess an interested party correctly on an economic and commercial level; in some cases the customer requests the information in the form of lists of interested parties (by sector or category), for their subsequent use for marketing, promotional, commercial and advertising purposes, all the information and reporting obligations and possible acquisition of consent by the interested party with regard to the processing performed by him remaining the responsibility of the Customer.
> satisfy any requests of the interested party
> generate / formulate assessments and judgments, also expressed in predictive or probabilistic terms, also on the basis of a classification in predefined categories or classes (scoring and / or rating)
> defend or enforce a right of the Customer, of Credires Srl or of a third party.
4.1) Why data can be processed (legal basis)
Data can be processed:
> as available on sources that are publicly accessible or made public by the interested party (Article 9, paragraph 2, letter e) of EU Regulation 2016/679),
> as necessary to allow the client to pursue a legitimate interest consisting more often in the preventive credit protection (Article 6, paragraph 1, letter f) of EU Regulation 2016/679),
> as necessary to enable the legitimate interest of the Data Controller to be pursued such as fraud monitoring and prevention, guaranteeing the security and reliability of the services provided to customers, the soundness of the management and the correct execution of commercial relations and economic and financial activities between the latter and the person surveyed, as well as the protection of the related rights, in accordance with the provisions of art. 6, paragraph 1, lett. f) of EU Regulation 2016/679,
> for the data acquired directly by the interested party, the consent of the same.
5) HOW DATA IS PROCESSED AND WHO PROCESSES DATA (treatment tools)
In relation to the aforementioned purposes, the processing of personal data may be carried out using paper, computer and electronic tools and will include – in full compliance with the principles recognized by the aforementioned Code of Conduct – all operations or series of operations necessary for the processing in question, including communications in the field referred to in point 8.
More in detail the information:
> can be collected either manually or with the help of electronic means and electronically, either directly or through mediation, in public entities or other private suppliers (which in turn provide a commercial information service), both in Italy that abroad on the basis of specific agreements with the latter and, in any case, in compliance with the forms and limits established by the regulatory provisions governing the knowledge, usability and publicity of the documents and data contained therein,
> can be integrated and used for the preparation of reports and files according to the level of service requested by the Customer.
The data may be processed on behalf of the owner exclusively by duly authorized and trained subjects as well as by companies / consultants, appointed as managers pursuant to art. 28 EU Reg. 2016/679, which need to access the data for functional services to the treatments referred to in this document (eg: management / maintenance of IT systems, corresponding Agencies, etc.) always and only within the limits of what is actually necessary to perform its functions.
6) HOW LONG THEY ARE STORED
The data in question could be kept for the period of time in which they remain knowable and / or published in the public sources from which they come, in order to facilitate the provision of the Service and without prejudice to the obligation to update. Without prejudice to any more restrictive terms set forth by specific laws, information from public sources and concerning negative events could be kept in compliance with the following time limits:
- a) information relating to bankruptcy or insolvency proceedings for a period of time not exceeding 10 years from the date on which the bankruptcy proceedings are opened; once this period has elapsed, the aforementioned information may be further used by the supplier, only when other information relating to a subsequent bankruptcy is found or a new bankruptcy or insolvency procedure has been initiated with reference to the person surveyed or to another connected person, in which case, the processing may extend for a maximum period of 10 years from their respective openings;
- b) the information relating to prejudicial and hypocatastal acts (mortgages and foreclosures) for a period of time not exceeding 10 years from the date of their transcription or registration, except for their eventual cancellation before this deadline, in which case it the annotation of the cancellation will be been kept for a period of 2 years.
That being said, Credires Srl did not deem it necessary to have its own database, consequently, once provided by the Customer, except for special needs, it does not keep the information beyond the necessary time to prove the correctness of its work.
7) TO WHOM THEY MAY BE COMMUNICATED (subjects or categories of subjects)
Personal data may not be disclosed but only communicated or made available upon specific request:
> to the Customer, a private or public entity that requests the commercial information service, established in Italy or abroad, from the supplier.
> to subjects who can access the data according to the law, regulation or community legislation, within the limits set by these rules,
> to corresponding commercial information agencies.
> to suppliers of commercial information.
8) WHEN IT IS MANDATORY TO COMMUNICATE DATA
The communication of the data requested directly to the interested party by Credires Srl obviously has an entirely optional nature. In the absence of such data, Credires Srl could find it impossible to give as much as possible to the information report with obvious disadvantage for all the parties involved.
9) WHO IS THE DATA CONTROLLER
The data controller is Credires Srl – VAT number 00935320507
Registered office Via Don Luigi Sturzo, 4 – Pontedera (PI)
Phone: +39 0587 467700 – e-mail: info@credires.it
Contact details of the Data Protection Manager: DPO@credires.it
10) HOW TO EXERCISE THE RIGHTS RESERVED FOR THE INTERESTED PARTY
With reference to the treatments referred to in this document, the interested parties have the right:
> to ask the data controller to access personal data and to correct or delete them or limit the processing of personal data concerning them and to oppose their processing,
> if the processing is carried out by automated means (computer) and on the basis of one’s consent, to receive the personal data concerning him / her and / or to obtain direct transmission to another data controller in a structured, commonly used and automatically readable format, if technically feasible
> to revoke his consent at any time (without prejudice to the lawfulness of the processing based on the consent before the revocation), obviously this for the processing carried out on the basis of this assumption
> to raise a complaint with a supervisory authority: Guarantor for the protection of personal data – Piazza di Monte Citorio n. 121 00186 ROME [Fax: (+39) 06.69677.3785 – Telephone: (+39) 06.696771 – E-mail: garante@gpdp.it – certified mail posta@pec.gpdp.it – https: //www.garanteprivacy .com /]
Requests should be addressed to the Controller – through the contact details indicated in paragraph 9 above and in the contact area of the site, always bearing in mind that it will not be possible to respond to requests received by telephone if there is no certainty about the identity of the applicant.
