Privacy Policy

INFORMATION ON PERSONAL DATA PROCESSING PURSUANT TO ARTICLE 13 OF LEGISLATIVE DECREE NO. 196 OF 30.6.2003 (HEREINAFTER, PRIVACY CODE) AND ARTICLE 13 OF EU REGULATION NO. 2016/679 (HEREINAFTER, GDPR)

LB SRL with registered office in Bergamo, via del Celtro 6, Tax Code and VAT no. IT04258280165 (hereinafter, ‘Data Controller’), in its capacity as data processor, informs you, pursuant to Article 13 of Legislative Decree no. 196 of 30.6.2003 (hereinafter, ‘Privacy Code’) and Article 13 of EU Regulation no. 2016/679 (hereinafter, ‘GDPR’), that your data will be processed in the following ways and for the following purposes:

1. Data subject to processing: the Data Controller processes personal, identifying data (e.g., name, surname, company name, address, telephone, e-mail, bank and payment references) hereinafter ‘personal data’ or also ‘data’ communicated by you in connection with the conclusion of contracts for the services of the Data Controller.

2. Purpose of processing: your personal data are processed:

   • Without your express consent (art. 24 - letters a), b), c) Privacy Code and art. 6 letter b), e) GDPR), for the following Service Purposes: to conclude contracts for the Controller's services; to fulfil pre-contractual, contractual and tax obligations arising from existing relations with you; to fulfil obligations provided for by law, by a regulation, by Community legislation or by an order of the Authority (such as anti-money laundering); to exercise the rights of the Controller, for example the right to defence in court;
   • Only with your specific and distinct consent (Articles 23 and 130 Privacy Code and Art. 7 GDPR), for the following Marketing Purposes: to send you via e-mail, post and/or text messages and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Controller and detection of the degree of satisfaction on the quality of services; to send you via e-mail, post and/or text messages and/or telephone contacts commercial and/or promotional communications of third parties (e.g. business partners). We would like to point out that if you are already one of our customers, we may send you commercial communications relating to the Controller's services and products similar to those you have already used, unless you disagree(art. 130 c. 4 Privacy Code).
3. Processing methods: your personal data is processed by means of the operations indicated in Art. 4 of the Privacy Code and Art. 4 no. 2) GDPR, namely: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data shall be subject to both paper and electronic and/or automated processing. The Controller will process your personal data for the time necessary to fulfil the above purposes and, in any case, for no longer than 10 years from the termination of the relationship for Service Purposes and for no longer than 2 years from the collection of the data for Marketing Purposes.
4. Data access: your data may be accessible for the purposes set forth in Articles 2.A) and 2.B): to employees and collaborators of the Data Controller or of the companies of the group both in Italy and abroad, in their capacity as persons in charge and/or internal data processors and/or system administrators; third party companies or other entities (by way of example: credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
5. Data communication: without the need for express consent (pursuant to art. 24 letters a), b), d) Privacy Code and art. 6 letter b) and c) GDPR), the Data Controller may communicate your data for the purposes set out in art. 2.A) to Supervisory Bodies, Judicial Authorities, Debt Collection Companies, Insurance Companies for the provision of insurance services, as well as to those entities to which communication is mandatory by law for the fulfilment of the aforementioned purposes. These subjects will process the data in their capacity as autonomous data controllers. Your data will not be disseminated.
6. Data transfer: personal data are stored on servers located within the European Union. It is in any case understood that the Data Controller, if necessary, shall have the right to move the servers where most appropriate, without the explicit consent of third parties. In this case, the Data Controller assures, as of now, that any data transfer will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.
7. Nature of data provision and consequences of refusal to reply: the provision of data for the purposes set out in article 2.A) is compulsory. Without it, we will not be able to provide you with the Services as per art.2.A). The provision of data for the purposes of art. 2.B) is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Owner. However, he/she will continue to be entitled to the Services referred to in Art. 2.

8. Data subject rights: in your capacity as interested party, you have the rights set forth in art. 7 of the Privacy Code and art. 15 GDPR and specifically the rights to:

   • Obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
   • To obtain information on: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing with the aid of electronic instruments; d) the identity of the owner, manager and the representative appointed under Art. 5, paragraph 2 Privacy Code and Art. 3, paragraph 1, GDPR; e) the subjects or categories of persons to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or agents;
   • Obtain: a) the updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification that the operations in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves a manifestly disproportionate effort compared to the right protected;
   • Object, in whole or in part: a) for legitimate reasons the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or mail. Please note that the data subject’s right to object, as set out in point b) above, for the purposes of direct marketing using automated methods is extended to traditional methods and that, in any case, the data subject may exercise his/her right to object in whole or in part. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither of the two types of communication. Where applicable, he/she also has the rights referred to in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Privacy Authority.
9. Procedures for exercising rights: you may exercise your rights at any time by sending a registered letter to the Controller.
10. Data Controller, Data Processor and Persons in Charge: The Data Controller is LB SRL with registered office in Bergamo Via del Celtro 6, Tax Code and VAT number IT04258280165 in the person of its legal representative. The updated list of data processors and persons in charge of processing is kept at the registered office of the Data Controller.
    I EXPLICITLY AGREE TO THE PROCESSING OF ALL MY DATA FOR THE FOLLOWING PURPOSES: To conclude contracts for the Controller's services; to fulfil pre-contractual, contractual and tax obligations deriving from existing relations with you; to fulfil the obligations provided for by the law, by a regulation, by Community legislation or by an order of the Authority (such as, for example, in the matter of anti-money laundering); to exercise the rights of the Controller, such as the right to defence in court.