GENERAL PRIVACY PRINCIPLES
The processing of personal data is solely performed by processors and persons in charge of the processing, inside and possibly outside the firm organization, after Larimonta verified their competence, adequacy and compliance with applicable legislation. The data controller is Larimonta S.r.l., with registered office in Milan, via Carlo Freguglia 2, Tax and VAT code 07652920963, Companies’ Registrar of Milan number 1974230, Email email@example.com, Phone +39-0331-230612.
Third parties performing any type of support activities in favour of Larimonta, e.g., providing services or products, if they process personal data, shall be contractually bound to comply with security measures and privacy of the processing. Personal data may be communicated to third parties in order to comply with legal obligations, execute orders of public authorities or to claim or defend a right in Court, in any event in compliance with the Privacy Code.
PERTINENCE OF THE COLLECTION PRINCIPLE
Personal data are processed in a lawful and correct way, they are collected and registered for specific, explicit and legitimate purposes; they are correct and, if necessary, updated; they are pertinent, complete and does not exceed the purposes for which they have been collected or subsequently processed; they are kept as long as it is necessary for the collection purposes.
PURPOSE OF THE USE PRINCIPLE
The purposes of personal data processing are disclosed to interested parties at the time of the collection. Any new data processing, if such processing falls outside the stated purposes, is only made following a new notice and new consent. In any event, personal data are not communicated to third parties or disseminated without prior consent of the interested party, except as expressly provided by Section 24 of the Privacy Code. Collected data can be processed through paper, automated or electronic means, in any event only to the extent strictly required by the processing purposes.
Personal data are correct and updated. They are also organized and kept in a way that allows the interested party to know, whether he/she wishes, which data have been collected and recorded, as well as to check their quality and if necessary to ask for their correction, integration, cancellation because of a violation of law or opposition to the processing and to exercise every other right, pursuant to and to the extent provided by Section 7 of the Privacy Code.
Personal data are protected through technical, IT, organizational, logistic and procedural security measures against any risks of destruction or loss, also by accident, and unauthorized access or processing. Such measures are periodically updated based on the technical progress, the nature of the data and the specific characteristics of the processing, which are constantly checked and verified. Personal data protection measures are aimed at reducing any risks of data destruction or loss, also by accident, unauthorized access or processing, or processing not in compliance with the collection purposes. Such security measures must be in compliance with the minimum requirements set forth by applicable law (see Sections 33 through 36 of the Privacy Code).
Larimonta periodically prepares and updates information concerning the types of processing of personal data, the allocation of functions and responsibilities among the offices in charge of the data processing, the analysis of risks on data, the measures that must be adopted in order to guarantee the integrity and availability of data, as well as the protection of areas and spaces pertaining to their supervision and accessibility, the description of criteria and modalities to restore the availability of data after destruction and damages, the training of personnel in charge of the processing in order to educate them about data risks, the measures to prevent damaging events, the aspects of the protection of personal data that are more relevant in relation to each activity, the responsibilities arising therefrom and how to obtain information on the minimum measures adopted by the controller, the description of the criteria that must be adopted in order to ensure the adoption of minimum security measures whenever the processing of personal data is delegated, in compliance with the Privacy Code, to third parties outside the controller’s organization, and, for personal data that may reveal health conditions and sexual life, the identification of criteria that must be adopted to encrypt or segregate such data from other personal data of the interested party.