Why this information

1. Who is the data controller? How to contact them?

The data controller is JP CONCEPT SRL with registered and business office In Seregno via Marconi, 14 in the person of its pro-tempore Legal Representative, who may be contacted for any information by e-mail privacy@jpconcept.it or telephone No. 0362 22196.

2. Type of data that can be processed.

Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person- Contractors/users data

3. Purpose of processing, legal basis, period of data retention and nature of data provision.

A) Fulfilment of pre-contractual and contractual obligations, and administrative, accounting and legal purposes related to the establishment, execution and termination of the contractual relationship Data processing is necessary for the adoption of pre-contractual measures taken by the controller at the request of the data subject or for the performance of a contract or (C44) Art. 6(1)(b) GDPR 10 years Article 2220 of the Italian Civil Code, unless contractual or extra-contractual issues arise and unless otherwise required by law The provision of personal data is necessary for the pre-contractual purposes and contractual purposes.
Failure to provide the necessary personal data will make it impossible to establish a contractual relationship with you.
B) Prevention and conduct of disputes and other legal and defense aspects in the event of judgment for labor disputes The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. (C47-C50). Art. 6 para. 1 letter f) GDPR 10 years, unless opposition and unless time is necessary for defense in court The provision of data is necessary. The refusal will have to be balanced against the legitimate interest of the controller indicated in the purposes of this point.
C) Processing of your requests and requests of other data subject, pursuant to art. 15 et seq. of the GDPR (rights of the interested pa The processing is necessary for fulfilling a legal obligation to which the data controller is subject (C45) Art. 6 par. 1 lett. c) of the GDPR 5 years from the closing of the application, unless disputed The provision of data is necessary. The refusal will have to be balanced against the legitimate interest of the controller indicated in the purposes of this point. The provision of personal data is mandatory, as it is indispensable to be able to execute the obligations of law

 4. Recipients or categories of recipients

Personal data will not be disseminated. Personal data will be communicated to subjects who will process the data as independent Data Controllers, or Data Processors (Article 28 GDPR) and processed by natural persons (art. 29 GDPR) acting under the authority of the Data Controller and the Processors on the basis of specific instructions on the purposes and methods of processing, for specific purposes based on the area of reference. The data will be disclosed to the following categories of recipients:

  • subjects based in Italy who manage/support/assist, even occasionally, the Data Controller in the administration of the Information System and telecommunications (including e-mail, and web platform and Cloud);
  • entities provided for by current legislation on accounting and tax matters as recipients of mandatory communications;
  • banking and equivalent institutions;
  • subjects with whom the Data Controller has stipulated economic agreements for contracts;
  • bodies and companies for certifications;
  • customers based in Italy, in EEA or Extra EEA countries;
  • for direct marketing to subjects for the management of marketing activities and communications;
  • competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, upon request. The list of Data Processors art. 28 is available by writing to the above adresses.

The subjects belonging to the aforementioned categories perform the function of data processing manager, or operate in total autonomy as separate data controllers. The list of data processors art. 28 is available by writing to privacy@jpconcept.it or to the other addresses indicated above.

5. Will data be transferred to non-eea countries??

Personal data will be transferred to countries outside the EEA, for purposes indicated above. In this context, the processing will be carried out in accordance with the guarantees provided for in Chapter V of the GDPR. For further information, please contact Data Controller as indicated above.

6. Is there an automated decision-making process?

Personal data will be subject to traditional manual processing, electronic and automated. Please note that we do not carry out fully automated decision-making processes.

7. What are your rights? How can you exercise them?

You may assert your rights as stated in art. 15 et seq. of GDPR, by contacting the Data Controller at the e-mail address privacy@jpconcept.it or at the contacts above. You have the right, at any time, to obtain access to your personal data (art.15), their rectification (art.16), their erasure (art.17), restriction of processing (art.18).
The Data Controller shall (art. 19) communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed. Data Controller shall inform the data subject about those recipients if the data subject requests it. In the cases provided for, you have the right to the portability of your data (Art. 20), in which case they will be provided to you in a structured, commonly used and machine -readable format.
You have the right to object (art.21), at any time, to the processing of your data based on legitimate interest, and in cases where the legal basis is consent, you have the right to withdraw the consent given, without prejudice to the lawfulness of the processing based on the consent given prior to the revocation.
If you believe that the processing of personal data carried out by the, Data Controller is in breach of the provisions of Regulation (EU) 2016/679, you have the right to lodge a complaint with the Supervisory Authority, in particular in the Member State in which you normally reside or work or in the place where the alleged breach of the Regulation has occurred (Privacy Guarantor), or to take appropriate legal action.

8. Changes to the information

The Data Controller reserves the right to modify, update this information or to add or remove parts of it. In order to facilitate the verification and modification of the text, the policy will contain the date of its updating.

Up dated: 05/05/2023