Privacy policy

Larimonta S.r.l. (“Larimonta”) undertakes to strictly implement and ensure compliance with the legislation for the protection of personal data (in particular, Legislative Decree n. 196/2003, hereinafter “Privacy Code”). This document (“Privacy Policy”) summarizes the inspiring principles for the processing of personal data by Larimonta and its affiliates.

GENERAL PRIVACY PRINCIPLES

RESPONSIBILITY PRINCIPLE

The processing of personal data is solely performed by processors and persons in charge of the processing, inside and possibly outside the firm organization, after Larimonta verified their competence, adequacy and compliance with applicable legislation. The data controller is Larimonta S.r.l., with registered office in Milan, via Carlo Freguglia 2, Tax and VAT code 07652920963, Companies’ Registrar of Milan number 1974230, Email info@larimonta.it, Phone +39-0331-230612.
Third parties performing any type of support activities in favour of Larimonta, e.g., providing services or products, if they process personal data, shall be contractually bound to comply with security measures and privacy of the processing. Personal data may be communicated to third parties in order to comply with legal obligations, execute orders of public authorities or to claim or defend a right in Court, in any event in compliance with the Privacy Code.

TRANSPARENCY PRINCIPLE

Personal data are collected and processed pursuant to principles set forth by applicable law and summarized in this Privacy Policy. At the moment of data supply, according to Section 13 of the Privacy Code, the interested party is provided with a notice concerning purposes and modalities of the processing, mandatory or optional nature of such data supply, consequences of denial to supply the data, individuals or categories of individuals to whom the data can be communicated and the scope of their dissemination, as well as the rights provided by Section 7 of the Privacy Code (access, integration, updating, correction, cancellation for violation of the law, opposition to the processing, etc.), identity and registered office of the data controller and data processor/s. The interested party is then required to give his/her informed consent, free and specifically expressed, which is recorded in the form provided by law. If the supply of personal data is performed in subsequent stages, integrations can be provided to the privacy notices already given and new consents to the processing can be asked.

PERTINENCE OF THE COLLECTION PRINCIPLE

Personal data are processed in a lawful and correct way, they are collected and registered for specific, explicit and legitimate purposes; they are correct and, if necessary, updated; they are pertinent, complete and does not exceed the purposes for which they have been collected or subsequently processed; they are kept as long as it is necessary for the collection purposes.

PURPOSE OF THE USE PRINCIPLE

The purposes of personal data processing are disclosed to interested parties at the time of the collection. Any new data processing, if such processing falls outside the stated purposes, is only made following a new notice and new consent. In any event, personal data are not communicated to third parties or disseminated without prior consent of the interested party, except as expressly provided by Section 24 of the Privacy Code. Collected data can be processed through paper, automated or electronic means, in any event only to the extent strictly required by the processing purposes.

VERIFICATION PRINCIPLE

Personal data are correct and updated. They are also organized and kept in a way that allows the interested party to know, whether he/she wishes, which data have been collected and recorded, as well as to check their quality and if necessary to ask for their correction, integration, cancellation because of a violation of law or opposition to the processing and to exercise every other right, pursuant to and to the extent provided by Section 7 of the Privacy Code.

SECURITY PRINCIPLE

Personal data are protected through technical, IT, organizational, logistic and procedural security measures against any risks of destruction or loss, also by accident, and unauthorized access or processing. Such measures are periodically updated based on the technical progress, the nature of the data and the specific characteristics of the processing, which are constantly checked and verified. Personal data protection measures are aimed at reducing any risks of data destruction or loss, also by accident, unauthorized access or processing, or processing not in compliance with the collection purposes. Such security measures must be in compliance with the minimum requirements set forth by applicable law (see Sections 33 through 36 of the Privacy Code).

Larimonta periodically prepares and updates information concerning the types of processing of personal data, the allocation of functions and responsibilities among the offices in charge of the data processing, the analysis of risks on data, the measures that must be adopted in order to guarantee the integrity and availability of data, as well as the protection of areas and spaces pertaining to their supervision and accessibility, the description of criteria and modalities to restore the availability of data after destruction and damages, the training of personnel in charge of the processing in order to educate them about data risks, the measures to prevent damaging events, the aspects of the protection of personal data that are more relevant in relation to each activity, the responsibilities arising therefrom and how to obtain information on the minimum measures adopted by the controller, the description of the criteria that must be adopted in order to ensure the adoption of minimum security measures whenever the processing of personal data is delegated, in compliance with the Privacy Code, to third parties outside the controller’s organization, and, for personal data that may reveal health conditions and sexual life, the identification of criteria that must be adopted to encrypt or segregate such data from other personal data of the interested party.