Business information privacy policy

Declaration on the processing of personal data for commercial information purposes

The complete ANCIC information notice (in Italian) is available at the following link:

A.N.C.I.C. privacy information notice - https://www.informativaprivacyancic.it

DATA CONTROLLER: ModeFinance S.r.l – building H – AREA Science Park, Padriciano 99 – 34149, Trieste (TS) – ITALY, P. IVA (VAT number) 01168840328.

DATA PROTECTION OFFICER (DPO): Legal practice Avv. Paolo Vicenzotto, headquartered in Corso Giuseppe Garibaldi 4G – 33170, Pordenone (PN); available via the contact details of the data controller or by e-mail at dpo@studiolegalevicenzotto.it.

Under the privacy legislation (article 14, Regulation 679/16 – GDPR), this declaration is provided by ModeFinance S.r.l. as data controller, in accordance with the Code of conduct for the processing of personal data regarding commercial information, adopted with provision no. 181 on 29 April 2021 of the Authority for personal data protection with a subsequent Resolution no. 127 on 12 June 2019 (hereinafter also “Code of conduct”).

1. DATA PROCESSING SOURCES

Pursuant to article 14 of the EU Regulation n. 679/2016 (hereinafter GDPR), ModeFinance S.r.l. as Data controller (“Controller”), informs the interested parties that, by virtue of a special license and prefecture authorization (pursuant to article 134 of the Public Security Laws Consolidation Act), it collects and processes personal data on the Target Entity and on other entities possibly legally and economically linked with the Target Entity from public registers, lists, public archives, or contained in public acts or documents (kept by, for ex., Chambers of Commerce or at the Revenue Agency), or generally accessible (for ex., obtained from registries, press reports and websites available to anyone) (“Data”).

2. TYPE OF PROCESSED DATA

For commercial information purposes (definition set out in article 2, lett. c), Code of Conduct), ModeFinance S.r.l. can acquire both information regarding organizational, production, industrial, commercial, economic, financial, capital, judicial, jurisdictional, administrative and accounting aspects related to the activities carried out by economic operators (e.g. individual and family enterprises, small entrepreneurs, professionals, important corporate officers, etc.), and data referred to natural persons that do not pursue an entrepreneurial or professional activity, since they are entities linked to the Target Entity legally and/or economically. Commercial information include data relating to, for ex., certificates of incorporation, balance sheets, protests and insolvency proceedings, register of extraordinary real estate charges and burdens, land registry data, as well as any judicial data given in public or generally accessible sources. In cases peremptorily provided by the Code of Conduct, ModeFinance S.r.l. can process data relating to criminal convictions and offences (article 10 of the GDPR) from public sources or, in certain circumstances, from generally accessible sources, as well, as defined in the Code of Conduct.

3. PURPOSE OF THE PROCESSING

The data are treated by ModeFinance S.r.l. to provide information processing through statistical processes or automated models (e.g. S-peek, Tigran) to applicants (clients), via analyses and evaluations carried out by ModeFinance S.r.l. financial experts and/or on the basis of default classifications, in order to give an opinion on the solidity, solvency and reliability of a legal or natural person (Target Entity), possibly expressed in predictive, probabilistic or terms in the form of alphanumeric indicators, codes or symbols, which are used to assess activities, the economic, financial and commercial solidity and capacity of a natural or legal person, and to carry out tests in the context of any trade relations – ongoing or that are yet to be established – as well as to protect their related rights.

4. LEGAL GROUNDS OF THE PROCESSING

The legal basis of the processing for purposes of personal data commercial information from sources – such as public registers, lists, public archives, or contained in public acts or documents, or generally accessible from registries, press reports and websites available to anyone, even when aimed at the formulation of a judgement on the solidity, solvency and reliability of the Target Entity by dint of automated processes or of analyses and evaluations carried out by experts, or intended to process evaluative information – is anchored to the pursuit of legitimate interests, pursuant to Article 6, paragraph 1, lett. f), of the GDPR, of ModeFinance S.r.l. that provides commercial information services, pursuant to Article 134 of the T.U.L.P.S. (Testo Unico delle Leggi di Pubblica Sicurezza – in Italian) and the D.M. (Decreto Ministero) 269/2010, as well as to clients who request them for legitimate verifications and for requirements referred to in Article 2, paragraph 2, lett. c) of the Code of Conduct, and in the common interest in the fairness of commercial transactions and in the proper functioning of the market.

5. METHODS OF COMMERCIAL INFORMATION PROCESSING AND SECURITY OF THE PROCESSING

ModeFinance S.r.l. collects personal data from quoted public sources or accessible to the general public, in compliance with forms and limits established by regulations that govern the knowability, usability and publicity of acts and data contained in them. Data collection can take place through information technology and, following dedicated controls directed at ensuring their adequacy, completeness and accuracy. These data are registered in our databases and periodically updated. These databases are organized and managed with computerized procedures, necessary for reporting to our clients – also by electronic means – documents containing data collected from public sources, and/or for the analysis, comparison and processing of those data for the preparation of economic or commercial reports or information dossiers to be provided to clients who should request them. Personal data, collected and processed by ModeFinance S.r.l., are stored and protected with appropriate security measures, those being IT, procedural, physical and organizational, among which the pseudonymization and, if necessary, the encryption of commercial information, to safeguard their non-direct intelligibility and/or imputability to those concerned. Personal data can be known only by the personnel, duly authorized for this purpose, and if necessary also in charge of collection, analysis, processing and communication activities of the same data or of drafting economic information reports, as well as of technical assistance activities and maintenance of our information systems. In any case, data will be processed in compliance with the principle of lawfulness, fairness and relevance, according to the provisions of Article 5.1, lett. a), b), c), d), f) of the GDPR, as well as in compliance with the provisions of Art. 32 of the GDPR.

6. FRAMEWORK OF DATA COMMUNICATION AND TRANSFER TO THIRD COUNTRIES

Personal data collected from public sources and processed for the purpose of commercial information services provision, are supplied by ModeFinance S.r.l., also by electronic means, to our clients as required by the regulations on public security in force, T.U.L.P.S., and subsequent amendments and additions. The acquired data may be shared with natural persons authorized by ModeFinance S.r.l. ex Art. 29 GDPR due to the performance of their work duties (e.g. employees, system administrators, etc.); service providers (such as technical, computer, administrative services companies), consultants, which typically act as data processors ex Art. 28 of the Regulation; our clients established in Italy and abroad, who request it within commercial information services, will act as independent data controllers; where so requested, entities, institutions or authorities to which it is mandatory to communicate the data under legal provisions or orders of the authorities. In the rare cases where data communication to our clients should imply their transfer to Third countries, namely outside of the European Economic Area, it will be our responsibility to ensure each time the compliance with the conditions set out in Chapter V of the GDPR. In any case, the transfer will take place according to one of the permitted ways by the current legislation and in particular:

• Transfer to countries considered adequate by the European Commission;
• Conclusion of standard contractual terms with data recipients.

Furthermore, during the carrying out of transfers, the data controller will take into account the national and European case-law, as well as the recommendations of the European Committee for Data Protection in the field.

7. DATA RETENTION

The data will be retained only for the time necessary for purposes for which they are collected, thus respecting the principle of minimization referred to in Article 5, paragraph 1, lett. c) of the GDPR and within time limits set in the Code of conduct. In particular, personal data from public sources or sources accessible to the general public will be retained by ModeFinance S.r.l. for the commercial information services provision to clients for the period of time in which they remain knowable and/or published in public sources from which they come and from which they have been collected, in accordance with what required by respective reference regulations.
Also, requirements referred to in Article 8 of the Code of conduct will be met, pursuant to which:
a) Information related to defaults or insolvency proceedings will be processed for a period of time not longer than 10 years from the opening date of the insolvency procedure; after this period, the above-mentioned information may be further used by the data controller only if other information relevant to a subsequent default are available, or if a new bankruptcy or insolvency procedure referred to the Target Entity or to another related entity is initiated, in which case, the processing may last for a maximum period of 10 years from their respective openings;
b) Information related to detrimental and land registry (mortgages and foreclosure) acts will be retained for a period of time not longer than 10 years from the date of their transcription or registration, save for their potential deletion prior to that deadline. In this case, the record of the cancellation will be retained for a period of 2 years.

Further information are available by the data controller.

8. RIGHTS OF DATA SUBJECTS

The data subject can, at any time, exercise the rights granted to him by the regulation in force, including the one (i) of access, aimed at ensuring if and which data are subject to processing by ModeFinance S.r.l., (ii) of correction and updating of inaccurate and incomplete data, (iii) of data deletion in cases provided for in Article 17 of the GDPR, (iv) of restriction of the processing upon the occurrence laid down in Article 18 of the GDPR, (v) of obtaining the rectification, deletion or limitations notice by ModeFinance S.r.l. to the subjects to which data have been communicated, (vi) of lodging a complaint with the Authority for personal data protection. The data subject can exercise their right to object to the commercial information processing by ModeFinance S.r.l. if he or she proves, pursuant to Article 21, paragraph 1, of the GDPR, that his or her interests, rights and freedoms prevail over the legitimate interest of the data controller. The exercise of the right to data portability (Article 20 of the Regulation) must be considered excluded, except in the case in which the processing of data collected directly from the data subject by ModeFinance S.r.l., takes place through automated means and is intended for the execution of a contract between ModeFinance S.r.l. and the person concerned. The data subject can exercise his or her rights provided that the corresponding request does not relate to the correction or integration of evaluative personal data by ModeFinance S.r.l. and relating to judgements, opinions or other subjective appreciations, or to indications of conducts to be held or of decisions to be hired by ModeFinance S.r.l.
Through the portal www.informativaprivacyancic.org and the appropriate section dedicated to this (link), every data subject will be able to submit a request to ModeFinance S.r.l. in order to have confirmation whether or not there are personal data concerning him or her in the archive or in the database of ModeFinance S.r.l. which, if necessary, can be contacted directly, by using specific reference indicated below, to possibly exercise other rights recalled above.
Without prejudice to the possibility indicated above to use the portal www.informativaprivacyancic.org, the data subject may submit his or her request by writing to the e-mail address dpo@studiolegalevicenzotto.it or to ModeFinance S.r.l. – Building H – AREA Science Park, Padriciano 99 – 34149, Trieste (TS) – ITALY.
The data subject may also lodge a complaint to the Authority for the protection of personal data, following the instructions at the following link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524