PRIVACY NOTICE pursuant to artt. 13 and 14 of the GDPR 2016/679

We hereby inform you that European Regulation 2016/679 (GDPR) provides for the protection of persons in relation to personal data processing and free movement of data.

Pursuant to the aforementioned legislation, your personal data shall be processed based on the principles of fairness, lawfulness and transparency, as well as protection of your privacy and rights.

Pursuant to artt. 13 and 14 of the GDPR 2016/679, we hereby provide you with the following information

1. Data processing purposes and methods

Your personal data has been provided to us and will be processed solely for purposes strictly connected and instrumental to the fulfilment of the obligations set forth in the existing contract, which determines the legal processing basis:

–          to enter personal data into the company’s IT databases;

–          to keep the accounts;

–          to manage obligations, collections and payments;

–           to fulfil the obligations established by civil and fiscal laws, by regulations, by EU legislation.

Personal data will be processed through hard and soft copies by the data controller, the data protection officer and authorised persons, by taking any precautionary measure to guarantee data safety and confidentiality, as well as timely, accurate and exhaustive processing.


2. Nature of personal data collection and consequences of a failure to provide it

The provision of your personal data is mandatory in order to fulfil the obligations deriving from the contract and, in general, to fulfil legal obligations.

Failure to provide personal data could make it impossible for us to fulfil contractual and legal obligations.


3.Transmission and disclosure of data

For the contract to be executed and for the above-mentioned purposes, your personal data may be transmitted to:

–  all natural and legal persons (legal, accounting, tax, auditing firms; couriers and carriers; data processing centres, etc.) whenever disclosure is necessary for the aforesaid purposes;

–  banks to manage collections and payments;

–  factoring companies or debt collection firms;

–  our specifically authorised collaborators and employees within the scope of their duties;

Your data shall not be transferred to a third country outside the EU.

In any case, collected data shall not be disclosed.


4.Data retention

Your data will be retained only for the time necessary to provide the requested services, unless we are required to keep it for longer periods pursuant to EU laws, regulations and provisions, or if necessary to settle disputes or conduct judicial investigations.

When your data is no longer necessary for the needs listed above, it will be safely destroyed or made permanently unidentifiable.

5.Rights of the data subject

You can exercise your rights against the data controller at any time, pursuant to the articles of the GDPR 2016/679, which are listed below for your convenience:

art. 15 – Right of access by the data subject

art. 16 – Right to rectification

art. 17 – Right to erasure (right to be forgotten)

art. 18 – Right to restriction of processing

art. 19 – Notification obligation regarding rectification

art. 20 – Right to data portability

art. 21 – Right to object

art. 22 – Automated individual decision-making, including profiling

Data subjects can exercise their rights by contacting the data controller or the data protection officer by e-mail:

6. Right to lodge a complaint with the Data Protection Authority (art. 77)

If you consider that your right to the protection of personal data has been infringed, you shall have the right to lodge a complaint with the Data Protection Authority as detailed in and in compliance with the terms set forth under (


7.Data controller

The data controller is GECOM SPA Largo Nicola Spinelli, 5 – 00198 Rome

8.Data Protection Officer

In order to simplify the relationships between you, as the Data Subject, namely the “identified or identifiable natural person” who the Personal Data refers to pursuant to article 4, point 1) of the Regulation (hereinafter referred to as the “Data subject”) and the Data Controller, the Regulation provides, in some specific cases, for the appointment of a supervisory and support position to act as a point of contact with the Data subject, among other entrusted tasks.

With regard to this, pursuant to art. 37 of the Regulation, Gecom S.p.a. has appointed Guido Miano as the “Data Protection Officer” (hereinafter referred to as the “DPO”).  As required by article 38 of the Regulation, you may freely contact the DPO with regard to any issue related to the Processing of Your Personal Data and/or to the exercise of your rights as set out in point 5 of this Notice, by e-mailing and/or by writing to Gecom spa Data Protection Officer, at Gecom s.p.a Largo Nicola Spinelli, 5 – 00198 Rome.