Information pursuant to art. 13 of the GDPR

Ferranti srl unipersonale, VAT number IT03714890542, current in Montefalco, fraz. Via Vicinato n. 43, Fratta district pursuant to art. 13 of the European regulation (EU) n.2016 / 679 of 27 April 2016 (hereafter GDPR) and in relation to the personal data of which the company will become available for the fulfillment of the obligations that will be required, communicates to the clientele the following information.

Data controller

The data controller is Dr. Michele Bonacci, c.f. BNCMHL78R12D653X, born in Foligno (PG) on 12 October 1978 and resident in Montefalco (PG), fraz. Fratta n.43, hereinafter referred to as the holder, who can be contacted by e-mail at the address, or by e-mail at the address

Purposes of data processing

The treatment is aimed at the correct fulfillment of the services contractually agreed, as well as for the purpose of fulfilling the obligations provided for in the tax and accounting and to those of different nature burdening the company, as required by current legislation.
Personal data may be processed by means of both paper and electronic files (including portable devices) and in ways strictly necessary to meet the aforementioned purposes.

With specific reference to the processing of data provided by users while browsing the company's website (, the processing is also aimed at the following purposes:
- statistics, through the collection of data and information in an exclusively aggregate and anonymous form in order to verify the correct functioning of the site.
None of this information is related to the physical user of the site and does not allow identification in any way.

The treatment is lawful pursuant to art. 6, lett. f) of the GDPR.

- security, through the collection of data and information in order to protect the security of the site (spam filters, firewalls, virus detection) and users, as well as to prevent or combat fraud or abuse to the detriment of the website.

The data are recorded automatically and may also include personal data that could be used, in accordance with applicable laws, in order to block attempts to damage the site itself or to harm other users, or in any case harmful activities or constituting a crime.
These data are never used for user identification or profiling and are periodically deleted.

The treatment is lawful pursuant to art. 6, lett. f) of the GDPR.

- accessory activities, through the communication of data to third parties that perform functions necessary or instrumental to the operation of the service (eg comment box), as well as to allow third parties to perform technical, logistical and other activities on our behalf .
Providers only have access to the personal data that are necessary to perform their duties, and undertake not to use the data for other purposes, and are required to process personal data in accordance with applicable regulations.
Upon accessing the website, the user can express his consent to the use of the ccdd. cookies and can easily consult the specific technical information through a link with simplified access (
With respect to the latter and specific purposes, the processing is lawful pursuant to art. 6, lett. a) of the GDPR, only if the person concerned has given consent.

Legal basis of the processing

Pursuant to art. 6 of the GDPR, the treatment takes place only in the following hypotheses:

- the interested party has consented to the processing of their personal data for the specific purpose indicated in the contract;
- Processing is necessary for the execution of a contract of which the data subject is a party or for the execution of measures taken at the request of the interested party before entering into a contract;
- The processing is necessary to fulfill a legal obligation to which the data controller is subject;
- processing is necessary for the pursuit of the legitimate interest of the data controller or third parties.

Consequences of failure to communicate personal data

With regard to personal data related to the performance of the contract or related to compliance with a regulatory obligation (for example the obligations related to the keeping of accounting records and tax), failure to disclose personal data prevents the improvement of the contractual relationship itself.

Data retention

The personal data, object of treatment for the above purposes, will be kept for the duration of the contract and, subsequently, for the time when the company is subject to conservation obligations for fiscal purposes or for other purposes provided for by law of law or regulation.

Data communication

Personal data may be communicated to:

1. professionals who provide functional services for the purposes indicated above;
2. banking and insurance institutions that provide functional services for the purposes indicated above;
3. subjects who process data in execution of specific legal obligations;
4. Judicial or administrative authorities, for the fulfillment of legal obligations.

Rights of the interested party

Among the rights recognized to the professional by the GDPR are those to request from the company:
- access to personal data and information relating thereto;
- the correction of inaccurate data or the integration of incomplete data;
- the deletion of personal data (upon the occurrence of one of the conditions indicated in Article 17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article);
- the limitation of the processing of personal data (upon the use of one of the hypotheses indicated in Article 18, paragraph 1 of the GDPR);
- in cases where the legal basis of the treatment is the contract or consent, and the same is done by automated means, the delivery of personal data in a structured and readable form by automatic device, also in order to communicate such data to a other data controller.

The interested party may also:

- oppose at any time the processing of personal data to the occurrence of particular situations;
- revoke the consent at any time, limited to the cases in which the processing is based on consent for one or more specific purposes and concerns common personal data (for example date and place of birth or place of residence), or particular categories of data provided art. 9 of the GDPR.

The treatment based on consent and carried out prior to the revocation of the same preserves, however, its lawfulness;

- to make a claim before the Authority for the protection of personal data.