Data Controller




Via Brodolini, 6 – CONCOREZZO (MB) – 20863 Tax ID: 03551530961 – VAT no.: 03551530961 Tel. 0396800139 – Fax 0396884154



(Art. 13 and 14 of EU Regulation 2016/679)


Dear Data Subjects,

We would like to provide you certain necessary information regarding the methods and purposes relating to the processing of your personal data.


1.   Nature and submission of the data

The submission of your personal data to VIBRONORD SRL is required to be able to perform under the contract/engagement. Therefore, should you refuse to provide the necessary data, the contract/engagement cannot be performed, or it shall terminate due to your act/omission and fault.


2.   Processing purposes

Please note that your personal data shall be used for the following processing purposes:


·         Accounts receivable (Quotes, Contracts, Orders, DDT, POA, Billing Statement, Invoices), Data-retention period: 10 Years

·           Redazione documenti di Bilancio e Libro Inventario, Data-retention period: 10 Years

·           Trasmissioni telematiche per adempimenti fiscali, Data-retention period: 10 Years

·           Gestione contabilità ordinaria, incassi e pagamenti, Data-retention period: 10 Years

relating to the discharge of duties imposed by statute or contract:


·         Processing for contract performance to which the Data Subject is privy, or pre- contractual measures on the same

·           Processing for compliance with a legal duty to which the Data Controller is subject

Data Controller VIBRONORD SRL shall process your personal data solely to the extent they are indispensable to the purpose(s) stated supra, in accordance with applicable data-protection laws, and in accordance with the provisions of any general authorisations issued by the Data Protection Authority.




3.   Method of processing

The data subject’s personal data, to wit:


·         Name, Tax ID number, VAT number, contact information, e-mail, credentials, other identifiers – Category of data: Identifiers – Personal data: common

·           Economic and financial data – Category of data: Economic – Personal data: common

·           Bank information – Category of data: Court-related – Personal data: common

·           Real-property equity information – Category of data: Biometric – Personal data: common


shall be handled using a very high security level. All safeguards required under data-protection and other applicable law, as well as those selected at Data Controller’s discretion, have been implemented.

The data shall be processed by the following authorised categories of parties:


  • External Data Supervisor/Vice Supervisor



4.   Data disclosure and transfer

The data collected by the Data Controller may be disclosed, in addition to those parties identified

supra, to:


  • All categories of entities disclosure to whom is strictly necessary, functional, and compatible with the legal basis on which the processing of your data is predicated:

o Internal Revenue Agency



o Banks, credit institutions, post offices

o Municipality

o Interchange system (“SDI”)

o Business register

o Professionals outside our organisation, where disclosure is obligatory to carry out the engagement entrusted to us (e.g. notaries, qualified accountants, auditing firms, HR



As part of the processing performed by the aforementioned parties, your data shall not be transferred outside of Italy

If strictly necessary for the purposes stated supra, such processing may also involve the Data Subject’s images (photographs, videos, audio-visual footage,…). The processing of such images shall take place in compliance with applicable law, with total assurances that the Data Subject’s anonymity be maintained by masking their features. Data Subject’s express consent – including as may be required under copyright law – shall be required for any image processing given that (on an




exceptional basis) images of a person with his/her face obscured may nevertheless allow such person to be identified.


5.   Automated decision-making and profiling

Your data shall not be processed:


  • through the use of automated decision-making processes
  • using any profiling technology



6.   Rights of the Data Subject

As Data Subjects, you have the rights set forth in sections 2, 3 and 4 of Title III of EU Regulation 2016/679 (e.g. to ask any of the following of Data Controller: access to personal data, the correction/deletion of the same; limiting processing on your data; objecting to processing). Data Subjects have the following specific rights:

  • Obtain confirmation from Data Controller on whether any processing is being conducted on your personal data, and in such cases, access such data and the information required under Art. 15 of EU Regulation 2016/679;
  • Obtain the correction of any inaccurate personal data from Data Controller;
  • Secure the deletion of your personal data where they are not longer needed given the purpose for which they were gathered or otherwise processed, or where any other condition under Art. 17 of EU Regulation no. 679/2016 has been met, and provided the conditions under 17, paragraph 3, of EU Regulation no. 679/2016 have not been met;
  • Require the Data Controller to limit processing where: (a) the data subject disputes the accuracy of the personal data in question, for the period needed by the Data Controller to determine the accuracy of such personal data; (b) the processing is unlawful but the Data Subject him/herself objects to deletion, and wishes instead for limits to be imposed, or requests that such data be processed to adjudicate or defend his/her rights in a court of law;
  • Receive their personal data in a structured, commonly used, and machine-readable format; should the Data Subject exercise such right, he/she shall have the option to ask the Data Controller to submit the aforementioned data directly to another Data Controller;
  • Object to the processing of their personal data where the criteria under Art. 21, paragraph 2, of EU Regulation no. 679/2016 have been
  • Lodge a complaint with the supervisory With respect to such personal data, the Data Subject may contact:

Data Controller





Via Brodolini, 6 – CONCOREZZO (MB) – 20863

Tax ID 03551530961 – VAT no.03551530961 Tel. 0396800139 – Fax 0396884154



7.   Data Retention

The personal data you provide us shall be retained for purposes of rendering the agreed-upon service and shall be retained for the time necessary to complete the same. Retention may take place using:

  • Recording within Data Controller’s (and its processors/supervisors) hardware system;
  • Archiving pursuant to the Code of Digital Administration; is such cases, Data Controller shall only subject to accredited parties pursuant to Art. 29 of the CDA where such archiving does not take placed directly within its software



CONCOREZZO, 12/07/2021



(Signature in acknowledgement of policy)





Definitions that assist a person in understanding our firm/office’s operations, and the relationship between these and the data you have provided us. You should therefore take note, pursuant to Art. 4 of EU Regulation no. 679 (2016), of the following definitions:


  • Personal data: any information regarding an identified or identifiable natural person (the “Data Subject”); “identifiable” shall mean any natural person who might be identified – whether directly or indirectly – with particular reference to an identifier such as a first name, ID number, location data, online handle, or one or more defining elements of their physique, physiology, genetic makeup, psyche, economic, cultural or social status;
  • Specific categories of data (or “sensitive data”): personal data that reveal a person’s race or ethnic origin, political opinions, religious or philosophical beliefs, union membership, as well as genetic makeup, biometric data that might unequivocally identify a natural person, data relating to the health or sex life or sexual orientation of a person;
  • Processing: any operation or set of operations, performed with or without the help of automated processes, applied to personal data or to sets of personal data, such as the collection, recording, organisation, structuring, retention, adaptation, amendment, extraction, review, consultation, use, disclosure via transmission, dissemination, or any other method of making such data available, comparison or interconnection, limitation, deletion, or destruction;
  • Data Controller: that natural or legal person, public authority, service, or other entity, which either on its own or together with others, determines the purposes and means of personal-data processing; when the purposes and means of such processing shall be determined by the European Union or Member State law, the Data Controller, or specific criteria applied to its designation may be set by such law;
  • Data Processor: the natural or legal person, public entity, service, or other organisation that handles personal data on Data Controller’s


  • Profiling: any type of automated personal-data processing consisting in the use of such personal data to assess specific personal aspects relating to a natural person, especially to analyse or forecast that person’s professional income, economic status, health status, personal preferences, interests, reliability, behaviour, location, or