Customer policy

INFORMATION ON DATA PROCESSING

ART. 13 AND 14 OF REGULATION (EU) 2016/679

Interested Parties: Customers

Dear Customer,
ACHILLI S.R.L., in its capacity as Data Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679 (hereinafter referred to as "GDPR"), hereby informs you that the aforementioned regulation provides for the protection of individuals with regard to the processing of personal data. This processing will be carried out based on principles of fairness, lawfulness, transparency, and the protection of your privacy and rights.

To manage the relationship effectively, the Data Controller may need to collect personal data such as name, surname, telephone or mobile number, address, email, tax code/VAT number, and other data or information relevant to the requested service. Only data strictly necessary for the stated purposes will be processed, in adherence to the principle of "minimization."

Your personal data will be processed in accordance with the provisions of the applicable legislation and the confidentiality obligations provided therein.

Purpose and Legal Basis of Processing

Your data will be processed for purposes strictly related to the following obligations:

• Fiscal and accounting obligations: Legal basis: compliance with legal obligations.
• Management of electronic payments (if applicable): Legal basis: compliance with legal obligations.
• Obligations required by applicable laws: Legal basis: compliance with legal obligations.
• Administrative management: Legal basis: execution of contractual obligations.

Consequences of Non-Disclosure

The processing of your data is necessary to respond to your requests and provide the services indicated. Any failure to provide required information or incorrect data may prevent the Data Controller from fulfilling the requested services.

Methods of Processing

The processing of your personal data will be conducted using manual, computerized, and telematic tools to ensure security, integrity, and confidentiality. These tools adhere to organizational, physical, and logical measures prescribed by current regulations to minimize risks such as destruction, loss, unauthorized access, unauthorized modification, or disclosure, in compliance with Articles 5 and 32 of the GDPR.

Recipients of Data

To perform certain activities or provide operational support, your data may be disclosed or communicated to recipients, categorized as follows:

Third Parties

• Banking institutions for managing collections and payments.
• Companies managing traditional or digital postal services, if necessary for the stated purposes.
• Consultants and professionals, including associated firms, for legal, fiscal, and administrative advice, as independent controllers.
• Entities or authorities entitled by law to access your data under legal provisions.

Data Processors

• Companies or individuals contracted for managing mandatory fiscal, administrative, and accounting obligations or for providing legal advice.
• IT, web service, or other technical suppliers necessary to achieve the stated purposes.

Internal Personnel

Within ACHILLI S.R.L., only authorized personnel will process your data. This personnel will operate under confidentiality agreements and may include the following departments:

• Administration.
• Secretariat.

Dissemination of Data

Your personal data will not be disseminated in any form.

Transfer of Data to Third Countries

The Data Controller does not transfer personal data to non-EU countries. If such a transfer becomes necessary, you will be informed in advance. Appropriate safeguards will be adopted, including:

• Verifying adequacy decisions for the recipient country issued by the European Commission.
• Signing standard contractual clauses.
• Implementing additional measures, as outlined in Recommendation 01/2020 by the EDPB. In specific cases, transfers may occur under exceptions (ref. Article 49 of the GDPR) if supported by a contract, pre-contractual measures, or explicit consent.

Retention Period

In compliance with the principles outlined in Article 5 of the GDPR, your personal data will only be retained for as long as necessary to achieve the purposes for which it was collected. Specifically:

• For service provision or contractual performance, your data will be retained until the contract’s expiration or termination.
• Where applicable, data may be retained for an additional period (approximately one year) to manage any service-related issues or disputes.
• In cases of legal or tax obligations, data will be retained for at least 10 years, in accordance with applicable laws.

Data Controller

The Data Controller is ACHILLI S.R.L., with its registered and operational office at Via Montescudo, 148 – 47924 Rimini (RN), VAT number 02343350407. For further information, you may:

• Email: info@achilli.com
• Fax: +39 0541 389058 Further details on our privacy policies are available on our website: www.achilli.com.

Rights of the Data Subject (Articles 15-23 of the GDPR)

As a data subject, you have the right to:

1. Access your personal data to confirm whether it is being processed and to obtain an intelligible copy.
2. Obtain information about:
• The origin of the personal data.
• The purposes and methods of processing.
• The logic applied in electronic processing.
• Identification details of the Data Controller, Data Processors, and designated representatives.
• The recipients or categories of recipients to whom the data may be disclosed.
3. Request the following actions:
• Updating, rectification, or integration of your data.
• Deletion, anonymization, or blocking of data processed unlawfully or no longer necessary.
• Certification that these actions have been communicated to all recipients, except where this is impossible or involves disproportionate effort.
• Portability of your data.
4. Object to processing, in whole or in part:
• On legitimate grounds, even if the processing is relevant to the collection purpose.
• For direct marketing purposes, including profiling related to marketing activities.

Complaints

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with the relevant supervisory authority. For additional information or to exercise your rights, please contact the Data Controller using the contact details provided above.