CUSTOMER DATA

Pursuant to art. 13 of the 2016/679 EU Regulation

Comas S.r.l., with head office in Arezzo (AR) via Martiri di Civitella n. 11 (hereafter "Company"), pursuant to and in compliance with the provisions of art. 13 of EU Regulation 2016/679, provides the following information on the processing of personal data of its Customers, as Data Controller.

Categories and types of data collected

The Data processed by the Company may include common data collected for the purpose of concluding the contract with the Customer and / or in the context of execution and / or stipulation of the same.
The processing of personal data of third parties communicated by the Customer to the Company is also possible. With respect to this hypothesis, the Customer stands as an independent data controller and assumes the consequent legal obligations and responsibilities, relieving the Company from any objection, claim and / or request for compensation for damage caused by treatment that should reach the Company from third parties .

Purpose of the treatment

The data are stored, collected and processed as part of the Company's activity in compliance with the current privacy legislation and without the need for a specific consent of the Subject:

1. for preliminary requirements for the stipulation of contracts;
2. for the fulfillment of the obligations and the execution of the operations envisaged by the stipulated contracts;
3. for the execution of the obligations and obligations (administrative, fiscal, accounting, etc.) laid down by the legislation in force;
4. for sending memorandums and / or explanatory material on services rendered or requested or for carrying out market research or commercial communication;
5. for the supply of goods and services through a mailing list;
6. for the sending, directly or through third parties, of marketing and communication services, newsletters and communications for direct marketing purposes through email, fax, paper mail, telephone with operator.

Legal basis of the processing and nature of the provision of data

The legal basis of processing for the purposes 1), 2) and 3) above are the art. 6.1.b) and 6.1.c) of the Rules. The provision of data for the aforementioned purposes is optional, but any failure to provide the data and the refusal to supply them would make it impossible for the Company to execute and / or stipulate the contract and provide the services requested by the same.

The legal basis of the processing of personal data for the purposes 4), 5) and 6) is the art. 6.1.a) of the Rules as the treatments are based on consent; it is specified that the Data Controller may collect a single consent for the marketing purposes described herein, pursuant to the Provisions of the Privacy Guarantor on the subject. The conferment of consent to the use of data for marketing purposes is optional and once conferred, it will be stored up to a maximum of 24 months. Should the interested party wish to object to the processing of the Data for marketing purposes performed with the means indicated herein, as well as revoke the consent given, he may at any time do so without any consequence (except for the fact that he will no longer receive marketing communications) the indications in the "Rights of the Interested" section of this Notice.

Method of treatment

The processing can be carried out using manual, automated, computerized, electronic tools for managing, storing and transmitting data and in any case suitable for guaranteeing security and confidentiality. The data being processed are:

• processed lawfully and fairly;
• collected and registered for specific, explicit and legitimate purposes, and used in other processing operations in terms compatible with these purposes;
• exact and, if necessary, updated;
• relevant, complete and not excessive in relation to the purposes for which they are collected or subsequently processed;
• kept in a form that allows identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.

Possible communication and dissemination of data

For the aforementioned purposes, the data may be disclosed to third parties appointed as data controllers pursuant to Article 28 of the Rules and in particular to banks, to companies active in the insurance field, to service providers strictly necessary for the performance of business activities, or consultants of the company, where this is necessary for tax, administrative, contractual or for reasons protected by current regulations or for administrative and / or accounting purposes, according to recitals 47 and 48 and Article 6 of the Rules. Finally, the Data may be shared with authorities, entities and / or subjects to whom the Data must be communicated pursuant to legal provisions or orders of authority. These authorities, bodies and / or subjects will act as independent data controllers. Data will not be disclosed. The updated periodically and complete list of data processors appointed for data processing may be requested by sending an email to the Data Controller at the addresses indicated below.

Data transfer in non-EU countries

Customer Personal Data is stored on servers located within the European Union. Customers acknowledge that, for certain specific operations, and with prior consent or other appropriate legal basis, their Personal Data may be processed within countries outside the European Union.

Data retention period

The Data will be stored on paper and / or computer for only the time necessary for the purposes for which it was collected, respecting the principles of limitation of conservation and minimization referred to in Article 5, paragraph 1, letters c) and e) of Regulation.

The Data will be kept to comply with regulatory obligations and to pursue the above-mentioned purposes, in compliance with the principles of indispensability, non-excess and relevance.

The Company may retain Data after termination of the contractual relationship to comply with regulatory and / or post-contractual obligations in relation to the legal requirements (10 years); subsequently, after the aforementioned reasons for the processing have been lost, the Data will be deleted, destroyed or simply stored anonymously.

Upon request, it is possible to have more information from the Company to the contacts indicated below.

Rights of the interested party

Each interested party (an identified or identifiable natural person) has the right to ask the Data Controller, at any time, to access the data concerning him / her, to correct it or, if necessary, to cancel it or oppose its processing; where applicable, the interested party also has the right to request the limitation of processing in the cases provided for by law, to obtain, in a structured format, in common use and readable by automatic device the data concerning him, in the cases provided for by art. 20 of the Regulations; as well as to propose a complaint to the competent supervisory authority (Guarantor for the protection of personal data), if it considers that the treatment of the data is contrary to the law in force.

Without prejudice to the right of the interested party to make a request for opposition to the processing of their data in which he must give evidence of the reasons justifying the opposition, the Controller reserves the right to evaluate this request, which will not be accepted if there are grounds of legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the interested party.

Data controller and contact details

Pursuant to art. 4 of the 2016/679 EU Regulation, the Company is the owner of the processing of data concerning its Customers.

All communications and requests must be sent in writing to the Owner at the e-mail address mail@infocomas.it

Last update: 21 November 2018

Information on the processing of data carried out for credit recovery activities on behalf of third parties.

Pursuant to art. 13 of the 2016/679 EU Regulation

Comas S.r.l. with head office in Arezzo (AR) via Martiri di Civitella n. 11 (hereafter "Company"), pursuant to and by effect of art. 13 of EU Regulation 2016/679, provides the following information on the processing of personal data that will be collected, processed and used by the Company itself in the performance of debt collection for third parties.

Categories and types of data collected

The Data referring to the interested party (hereinafter referred to as "Interested") are provided by the subjects who have entrusted the Company with the task of carrying out the debt collection activities (hereinafter the "Customers"); The clients have collected them in turn directly from the Interested parties, their customers and / or debtors, usually within the contractual relationships to which the credits to be recovered are connected, and acquired also through third parties, as well as in the contacts, also by telephone and letters, of the Company with the same Interested parties.

The Company establishes the activity:

1. as responsible for the processing of the Data pursuant to Article 28 of the GDPR on behalf of the Customers, for which the Company performs the management and recovery of claims by virtue of a public security license issued pursuant to Article 115 of the single text of public security laws. With reference to these treatments, reference is made to the information already provided by the Clients to the Interested parties, typically in the contract;
2. as data controller, for the activities and processing operations carried out by the Company for the purposes indicated below, with regard to which it intends to provide the additional information below.

Method and purpose of the treatment

The data are collected, processed and archived as part of the activity of credit recovery activities carried out by the Company, following a formal written assignment by our customers:

1. regulatory, administrative and accounting fulfillment in relation to obligations under the law, regulations or community legislation;
2. exercise and defense of rights in the event of disputes regarding the Company's operations;
3. fulfillment of all activities related to debt collection;

The Company does not process any particular data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person , data relating to the health or sexual life or sexual orientation of the person.

The processing can be carried out using manual, automated, computerized, electronic tools for managing, storing and transmitting data and in any case suitable for guaranteeing security and confidentiality.

The data being processed are:

• processed lawfully and fairly;
• collected and registered for specific, explicit and legitimate purposes, and used in other processing operations in terms compatible with these purposes;
• exact and, if necessary, updated;
• relevant, complete and not excessive in relation to the purposes for which they are collected or subsequently processed;
• kept in a form that allows identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.

Nature of the contribution

The Company processes the Data of the Interested parties for the aforementioned purposes in order to comply with regulatory obligations related to debt collection activities, whose legal basis for processing is Article 6, paragraph 1, letter b) of EU Regulation 2016/679, and to protect their rights in the case of actions or disputes. In such cases, the consent of the data subjects is not required.

Categories of subjects to whom the data can be communicated

The data can be communicated, in Italy and abroad, only to:

• natural persons authorized by the Company to process data pursuant to article 29 of the EU Regulation 2016/679 due to the performance of their job duties;
• service providers, who typically act as data controllers pursuant to article 28 of 2016/679 EU Regulation;
• the Customers;
• authorities and public bodies.

No data will be disseminated.

Data transfer in non-EU countries

Personal Data for certain specific transactions relating to debt collection in non- EU countries, and prior consent or other appropriate legal basis could be processed within countries outside the European Union by lawyers appointed for this purpose.

Data retention period

The Data will be stored on paper and / or computer for only the time necessary for the purposes for which it was collected, respecting the principles of limitation of conservation and minimization referred to in Article 5, paragraph 1, letters c) and e) of Regulation.

The Data will be kept to comply with regulatory obligations and to pursue the above-mentioned purposes, in compliance with the principles of indispensability, non-excess and relevance.

The Company may retain Data after termination of the contractual relationship to comply with regulatory and / or contractual obligations in relation to the legal requirements (10 years) ; subsequently, after the aforementioned reasons for the processing have been lost, the Data will be deleted, destroyed or simply stored anonymously.

Upon request, it is possible to have more information from the Company to the contacts indicated below.

Rights of the interested party

Each interested party (lost physique identified or identifiable) has the right to request the Data Controller, at any time, access to data concerning him, correction or, where appropriate, the cancellation of the same or to oppose their treatment; where applicable, the interested party also has the right to request the limitation of processing in the cases provided for by law, to obtain, in a structured format, in common use and readable by automatic device the data concerning him, in the cases provided for by art. 20 of the Regulations; as well as to propose a complaint to the competent supervisory authority (Guarantor for the protection of personal data), if it considers that the treatment of the data is contrary to the law in force.

Without prejudice to the right of the interested party to make a request for opposition to the processing of their data in which he must give evidence of the reasons justifying the opposition, the Controller reserves the right to evaluate this request, which will not be accepted if there are grounds of legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the interested party.

Data controller and contact details

Pursuant to art. 4 of the 2016/679 EU Regulation, the Company is the owner of the processing of data concerning its Customers.

All communications and requests must be sent in writing to the Owner at the e-mail address mail@infocomas.it

Last update: 21 November 2018

INFORMATION TO CANDIDATES pursuant to EU Regulation 2016/679

Pursuant to art. 13 of the 2016/679 EU Regulation

Comas S.r.l., with head office in Arezzo (AR)), via Martiri di Civitella n. 11 (hereafter "Company"), pursuant to and by effect of art. 13 of EU Regulation 2016/679, provides the following information on the processing of personal data of Candidates (hereinafter "Interested") who have expressed an interest in employment opportunities or collaboration with the Company, Data Controller.

Types of data processed. Purpose of the treatment

The Company processes the personal data of the Interested parties for the following purposes:

• management of personnel search and selection procedures, aimed at the possible establishment of a working or collaboration relationship;
• fulfillment of obligations imposed by national and international legislation, including on equal opportunities in employment;
• protection of the rights of the Company, including in court.

To the extent strictly necessary for the pursuit of the aforementioned purposes, the data included in the curriculum vitae of the data subjects and, in particular, common data, such as identification and contact data (for example, name, surname, e-mail address, telephone number, bank account details, etc.) are processed as well as data on the education and professional experience of the subjects.

In relation to the special categories of data pursuant to art. 9 of the Privacy Regulation, the Company will only collect those relating to the possible belonging of the Interested parties to protected categories (susceptible to treatment even without express written consent from the interested party, within the limits of the General Authorization issued by the Guarantor); therefore, it is forbidden for the interested parties to include in their curricula further data belonging to the aforementioned special categories (including data on health, political opinions, religious opinions, trade unions).

The provision of personal data by the interested party is mandatory, because - in case of failure to provide - the selection procedure cannot take place.

Legal basis of the processing

The legal basis for processing personal data consists of:

• the legitimate interest of the Company to the management of the selection procedure;
• the need to implement pre-contractual measures to be taken at the request of the party concerned;
• the law or the implementing measures of the public authorities that are competent from the point of view of the discipline of the employment relationship (including the applicable provisions of the Guarantor for the protection of personal data).

Communication of personal data

Personal data processed may be communicated to the subjects designated by the Company as external data processing managers, in compliance with the provisions of the Regulations.

The personal data of the Interested parties may also be disclosed to other subjects, independent data controllers (including public subjects), in the event that this is required by the applicable legal provisions.

Personal data being processed are not widespread.

Location of personal data

The personal data of the data subjects are stored on servers located within the European Union.

Retention period of personal data

The personal data being processed are kept for a period equal to the duration of the selection procedure and for the following 24 months, except in cases where the preservation for a subsequent period is required for any disputes, requests by competent authorities or pursuant to of the applicable legal provisions.

At the end of the retention period the data will be deleted, anonymised or aggregated.

Rights of the interested parties

Each interested party (an identified or identifiable natural person) has the right to ask the Data Controller, at any time, to access the data concerning him / her, to correct it or, if necessary, to cancel it or oppose its processing; where applicable, the interested party also has the right to request the limitation of processing in the cases provided for by law, to obtain, in a structured format, in common use and readable by automatic device the data concerning him, in the cases provided for by art. 20 of the Regulations; as well as to propose a complaint to the competent supervisory authority (Guarantor for the protection of personal data), if it considers that the treatment of the data is contrary to the law in force.

Without prejudice to the right of the interested party to make a request for opposition to the processing of their data in which he must give evidence of the reasons justifying the opposition, the Controller reserves the right to evaluate this request, which will not be accepted if there are grounds of legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the interested party.

Data controller and contact details

Pursuant to art. 4 of the 2016/679 EU Regulation, the Company is the owner of the processing of data concerning its Customers.

All communications and requests must be sent in writing to the Owner at the e-mail address mail@infocomas.it

Last update: 21 November 2018

Extended information on the use of cookies

This website uses technical cookies to ensure the proper functioning of the procedures and to improve the experience of using online applications. This document provides information on the use of cookies and similar technologies, how they are used by the site and how to manage them.

Definitions

Cookies are small text files that the sites visited by users send to their terminals, where they are stored before being re-transmitted to the same sites on the next visit. Cookies of "third parties" are, however, set by a website other than the one the user is visiting. This is because on each site there may be elements (images, maps, sounds, specific links to web pages of other domains, etc.) that reside on servers other than the site visited.

Types of cookies

Based on the characteristics and use of cookies we can distinguish different categories.

Technical cookies

Technical cookies are those used for the sole purpose of "transmitting a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service ". They are not used for other purposes and are normally installed directly by the owner or operator of the website. They can be divided into navigation or session cookies, which guarantee the normal navigation and use of the website; analytics cookies, similar to technical cookies when used directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site; functional cookies, which allow the user to navigate according to a series of selected criteria in order to improve the service rendered to the same. For the installation of these cookies, the prior consent of users is not required, while the obligation to provide information that the site manager, if he only uses such devices, will be able to provide in the most suitable way.

More precisely, the site uses the following:

Session cookies:

ASP_SessionId: cookie used by ASP to store a unique identifier for the session

Profiling cookies

Profiling cookies are not used

"Third-party" cookies

By visiting this website you may receive cookies from sites managed by other organizations ("third parties"). The presence of the plugin implies the transmission of cookies to and from all sites managed by third parties. The management of the information collected by "third parties" is governed by the relative information to which reference is made. To ensure greater transparency and convenience, the following are the web addresses of the pieces of information and how to manage cookies:

Cookie Google Analytics

• privacy policy: https://www.google.com/intl/it/policies/privacy/
• manage or disable cookies: https://support.google.com/accounts/answer/61416?hl=it

Cookie Google Adwords

• privacy policy: https://www.google.com/intl/it/policies/privacy/
• manage or disable cookies : https://www.google.com/settings/ads/plugin

Cookie Bing

• privacy policy, manage or disable cookies https://privacy.microsoft.com/it-it/privacystatement

Cookies Duration

Some cookies (session cookies) remain active only until the browser is closed or when a logout command is executed. Other cookies "survive" when the browser is closed and are also available in subsequent visits by the user. These cookies are called persistent and their duration is set by the server when they are created. In some cases a deadline is set, in other cases the duration is unlimited.

Cookie Management

The user can decide whether or not to accept cookies using the settings of his browser.
Please Note: with the total or partial disabling of technical cookies could compromise the optimal use of the site. The disabling of "third-party" cookies does not affect the navigability in any way.
The setting can be defined specifically for different websites and web applications. In addition, the browsers allow you to define different settings for cookies "owners" and those of "third parties". As an example, in Firefox, through the menu Tools-> Options-> Privacy, you can access a control panel where you can define whether or not to accept the different types of cookies and proceed with their removal. In the Internet it is easy to find documentation on how to set the cookie management rules for your browser, as an example you will find some addresses related to the main browsers:

Chrome: https://support.google.com/chrome/answer/95647?hl=it

Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie

Internet Explorer: http://windows.microsoft.com/it-it/windows7/how-to-manage-cookies-in-internet-explorer-9

Opera: http://help.opera.com/Windows/10.00/it/cookies.html

Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT