Privacy Policy

INFORMATION AS REQUIRED BY ART. 13 AND 14 OF REGULATION (EU) 2016/679 (GDPR) OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016 RELATING TO THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA, AS WELL AS THE FREE CIRCULATION OF SUCH DATA.
SORIT Società Servizi e Riscossioni Italia S.p.A. (briefly SORIT S.p.A.), as "Data Controller", informs you about the use of your personal data and your rights.

SOURCE OF PERSONAL DATA
Personal data held by SORIT S.p.A. are usually collected from the loading lists delivered by the credit institutions for the spontaneous and / or compulsory collection of their credits or from public registers, lists, deeds and documents known by law, or directly from the interested party or from third parties in the cases permitted by law (such as for example enforcement procedures with the third party or out-of-court declarations made by the third party, payment extensions, suspension for the purposes of Article 1, paragraphs 537 to 544, of Law no.228 / 2012).

PURPOSE OF THE PROCESSING TO WHICH THE DATA ARE INTENDED
Personal data are processed as part of the institutional duties of SORIT S.p.A. exclusively for purposes connected and instrumental to the spontaneous and / or compulsory collection activity carried out on behalf of local public entities and various entities, as well as for purposes related to the obligations established by laws, regulations or provisions issued by Authorities legitimated by the Law and by supervisory and control entities.

DATA PROCESSING METHOD
In relation to the aforementioned purposes, the processing of personal data takes place both on paper and with the aid of electronic devices and, in any case, in order to guarantee their security, confidentiality, integrity and availability.

NATURE OF THE TREATMENT
The provision of data by the interested party is optional, not precluding, however, any refusal to continue the collection activity carried out by the writer in compliance with an obligation of law, regulation or convention.

SUBJECTS TO WHOM PERSONAL DATA MAY BE COMMUNICATED OR WHO MAY BECOME KNOWLEDGE
Personal data may be transmitted to third parties exclusively for operational purposes related to the fulfillment of legal obligations. Such data may be communicated as well as to the subjects appointed by SORIT S.p.A. of the processing (employees or persons in charge of carrying out auxiliary and instrumental services), to the creditor entity that has appointed SORIT S.p.A. same of the collection, to public and judicial authorities or to third parties in the context of executive proceedings, exclusively for purposes related to the institutional activity.

HOLDER AND RESPONSIBLE FOR DATA PROTECTION (DPO)
The data controller is "SORIT Società Servizi e Riscossioni Italia S.p.A.", with registered office in Ravenna, via Boccaccio, 16 - 48121 Ravenna.
The person in charge for the protection of personal data can be contacted at the following address: rpdlacassa@lacassa.com.

RIGHTS OF THE INTERESTED PARTY
The exercise of the rights indicated in this section is not subject to any formal constraint and is free, except for manifestly unfounded or excessive requests as required by art. 12 paragraph 5 of the GDPR. The Data Controller will be required to provide information on the action taken by the interested party without undue delay, and at the latest within one month of receipt of the request. Extensions are allowed as required by art. 12 paragraph 3 of the GDPR.
In relation to the treatments described in this information and as required by the GDPR, the interested party can exercise the following rights:
- right of access: the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him are being processed and information about the processing carried out on them;
- right of rectification: right to obtain from the Data Controller the rectification of inaccurate personal data concerning him;
- right to anonymize or delete data (right to be forgotten) in cases where, for example: the Personal Data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; have been treated unlawfully;
- right to limit the processing in cases where: 1) the data subject disputes the accuracy of the Personal Data, for the period necessary for the Data Controller to verify the accuracy of such data; 2) the processing is unlawful and the interested party opposes the cancellation of the Personal Data and requests instead that its use is limited; 3) Personal Data are necessary for the interested party to ascertain, exercise or defend a right in court; 4) the interested party opposed the processing as requested by art. 21 GDPR, in the period of waiting for the verification of the possible prevalence of legitimate reasons of the Data Controller with respect to those of the interested party;
- right to data portability: right to receive Personal Data concerning him in a structured format, commonly used and readable by automatic devices, and the right to transmit such Personal Data to another data controller without impediments by the Data Controller of the treatment to which you have provided them, if the treatment is based on consent or on a contract and is carried out by automated means;
- right to object: the right to object, at any time, to the processing of Personal Data concerning him / her if the processing is carried out for the pursuit of the legitimate interest of the Data Controller, by submitting the opposition to the DPO. The Data Controller will refrain from further processing the Personal Data unless it demonstrates the existence of compelling legitimate reasons to proceed with the processing that prevail over the rights of the interested party, or to ascertain, exercise or defend a right in court. The interested party also has the right to object to the processing of Personal Data for direct marketing purposes based on the legitimate interest of the Data Controller, by submitting an opposition to the DPO. The Data Controller will refrain from further processing personal data for the related purpose;
- right to make a complaint with the "Garante per la protezione dei dati personali" if it believes that its rights have not been respected.

DATA RETENTION PERIOD
Personal Data are kept for the time strictly necessary to achieve the purposes for which the data are processed. After this deadline, the Personal Data will be deleted or transformed into anonymous form, following the legal requirements, unless their further conservation is necessary to fulfill legal obligations or to fulfill orders from public authorities and / or supervisory entities. In particular, in the event of termination of the relationship with customers, the Personal Data will be kept starting from the date of the event for the purpose of complying with the provisions of the law on the conservation of accounting records, as well as any requests for further conservation for judicial needs, tax audits or for obligations relating to anti-money laundering legislation as well as the evidential requirements, including those of an extra-procedural nature, to which SORIT SpA may possibly be subject
For requests relating to the exercise of these rights, you can contact: SORIT S.p.A. (tel. 0544-282811 - e-mail: legal@sorit.it), Via Boccaccio, 16 - 48121 Ravenna (RA) and to the Data Protection Officer (DPO) at the email address: rpdlacassa@lacassa.com.

Gruppo Bancario La Cassa di Ravenna

Gruppo Autonomo di Banche Locali