We inform you that, pursuant to EU Regulation No. 2016/679 (below: “Regulation“), your Personal Data are processed by Sugarmusic S.p.A., with registered office at Galleria del Corso 4, Milan, [Italy], in its role as data controller (“Data Controller“).
Purposes, legal basis and optional nature of the processing
The Data Controller processes your Personal Data (name, surname, email address, message contents) for the following purposes:
- Managing sending the information requested via the contact form on the Data Controller’s Website
The legal basis for the processing is the execution of a contract to which the Data Subject is a party or the execution of pre-contractual measures implemented on request by the same [Art. 6(1) (b) of the Regulation].
Providing your Personal Data for the purpose indicated above is optional, but failure to do so will prevent the request for information from being managed.
Intended recipients of the Personal Data
Your Personal Data may be shared with:
- natural persons authorized by the Data Controller to process the Personal Data as a result of their work task and upon signing of a confidentiality agreement (e.g. employees and system administrators);
- third-party entities on a contract basis, some of which act in their role as Data Supervisors (Art. 28 of the Regulation). (“the complete and up-to-date list of Data Supervisors is on the Website https://www.sugarmusic.com/privacy/” or write to firstname.lastname@example.org for “the complete and up-to-date list of Data Supervisors.
- subjects, institutions or authorities to whom it is mandatory to disclose your Personal Data in virtue of legal provisions or orders from the authorities.
With regard to the possible transfer of the Data to third-party countries, the Data Controller informs you that the processing will be carried out according to one of the methods allowed by the law in force, such as for example consent by the Data Subject, the execution of a contract concluded between the Data Subject and the Data Controller or the execution of pre-contractual measures implemented on request by the Data Subject; the conclusion or execution of a contract stipulated between the Data Controller and another natural or legal person in favour of the Data Subject; the implementation of standard clauses approved by the European Commission, the selection of subjects belonging to international programmes for the free circulation of data (e.g. EU-USA Privacy Shield) or operating in countries considered to be secure by the European Commission. More information is available from the Data Controller by sending a request to the contacts above.
Data processing methods
In relation to the purposes indicated, Personal Data are processed using manual, computer and electronic tools with logics strictly associated with the purposes themselves and in any case, using methods that ensure the security and confidentiality of the data, in addition to compliance with the specific legal obligations.
Storing Personal Data
Your Personal Data are stored only for the time required for the purposes for which they were collected, in compliance with the principle of minimisation set forth in Article 5(1)(c) of the GDPR. In any case, your Personal Data are stored for the time required to provide the Services set forth in the contract. The further storage envisaged by the applicable legislation, including the legislation set forth in Art. 2946 of the [Italian] Civil Code, being understood. More information is available from the Data Controller.
Your privacy rights (pursuant to Articles 15 of the Regulation, as integrated and amended)
You have the right to ask the Data Controller, at any time, for access to your data, the rectification or the erasure of them, to object to the processing of them or to request the restriction of the processing, or to obtain the data concerning you in a format that is structured, common and readable by an automated device, in the cases set forth by Art. 20 of the Regulation.
Requests are to be made in writing and emailed to the Data Controller at email@example.com.
In any case, you always have the right to make a complaint to the competent Supervisory Body (Data Protection Authority) pursuant to Art. 77 of the Regulation should you feel your data have been processed contrarily to the legislation in force.
Version 2 – 20 January 2020