The data processing is performed through paper supports or IT procedures by specially authorized internal subjects. Such internal subjects are allowed access to your personal data to the extent that it is necessary to carry out the processing activities that concern you.
The Data Controller periodically verifies the tools through which your data is processed and the security measures provided for which requests constant updating; verifies, also through the subjects authorized to the treatment, that personal data of which the processing is not necessary or whose purposes are exhausted, is not collected, processed, filed or stored; verifies that the data is stored with the guarantee of integrity and authenticity and their use for the purposes of the treatments actually performed.
The Data Controller guarantees that the data, even after the verifications, are found to be excessive or irrelevant will not be used except for the possible retention, according to the law, of the deed or document that contains them.
The data is stored in paper, computerized and software archives located within the European economic area, and adequate security measures are ensured.
For how long
The personal data processed are kept for the time necessary to carry out the activities related to the management of the contract that you have stipulated with the Data Controller and for the fulfilments, including those required by law, arising therefrom.
- identifying data
- accounting data
- data relating to professional and commercial activity
- data relevant to health fitness
Duration of the contractual relationship Without prejudice to:
- termination of the contract (for any reason)
- the purposes that continue beyond the conclusion of the contract (e.g. bookkeeping, art. 2220 of the Italian Civil Code)
- the prescription terms: from five to ten years from the definition of the relationship and in any case from the moment in which the rights that depend on it can be exercised (articles 2935, 2946 and 2947 of the Italian Civil Code)
- for particular after-sales needs related to the average life of the product up to twenty years after the termination of the relationship. Except in the event of litigation if it involves an extension of the aforementioned terms, for the time necessary to pursue the related purpose
Computer data (access log to systems and to the network and / or IP addresses)
The duration of the storage depends on the presumed and / or detected risk and the prejudicial consequences that derive from it, without prejudice to the measures to make the data anonymous or to limit its treatment.
In any case, the data must be kept (with effect from the knowledge / detection of the hazard event or data breach) for the time necessary to notify the authority of the violation of the data detected through the procedures implemented by the Data Controller and in any case take remedial actions.