Data Controller

The Data Controller is: Aereon Europe S.R.L. – Unipersonale, with registered office in Via Della Canapiglia 15, Vecchiano (PI); about data qualified as personal according to EU Regulation 2016/679 which must be functionally processed upon the establishment and management of business relationships with the interested party.

Type of personal data processed
The following may be processed: personal, identification and accounting, fiscal and administrative, commercial and IT data (e.g. name, surname, tax code, VAT number, e-mail, telephone number, etc.) directly referred to the interested party and acquired in execution and in the carrying out relations with the Data Controller.

Purpose and legal basis of the processing
Personal data is processed for the following purposes:

  1. a) the operations strictly connected and instrumental to the initiation of contractual relationships, including the acquisition of preliminary information for the conclusion of the
    contract, as well as the provision of the requested services;
    b) fulfillment of the obligations provided for by the law (eg compliance about transparency,
    anti-corruption) or by an order of the Authority;
    c) exercise of the rights of the owner (eg right of defense in court for breach of contract). The
    legal basis of the processing is the contractual fulfillment required between the parties.
    Furthermore, the Data Controller is entitled to process the personal data of the interested party
    where the processing:
    – it is necessary to fulfill a legal obligation to which the data controller is subject;
    – it is necessary for the execution of pre-contractual measures required.

Processing methods
The processing of data concerning the interested party takes place through computer and paper tools, and is carried out by persons acting under the authority of the Data Controller and authorized and trained for the purpose. They are allowed access to your data to the extent and to the extent that it is necessary for the performance of the processing activities that concern them. The data processing is protected by adequate security measures and takes place according to the principles of privacy by design, privacy by default, and minimization of treatment.

Place of processing
The personal data of the interested party are mainly processed at the company headquarters, workplace for the purposes and in the manner described in the previous points and are also stored on servers located outside the European Union in compliance with the provisions of the GDPR. and subject to the stipulation of the standard contractual clauses approved by the European Commission. The personal data of the interested party may be sent to the Cimarron Company holding to manage the employment relationship between you and Aereon Europe S.r.l. This transfer takes place for the purposes and in the manner defined with standard contractual clauses in force between Aereon Europe
S.r.l. and the Cimarron Company.

Data recipients
Without prejudice to the communications made in execution of legal obligations, the data may be disclosed to: credit institutions, credit recovery companies, credit insurance companies, professionals and consultants for the sole purpose of credit protection and better management of our rights relating to the individual commercial relationship.
For the same purposes, the subjects to whom the personal data may be communicated or who may learn about them as authorized and / or managers are represented by the staff in force. In addition, logistics companies (carriers, shippers, etc.) and companies that carry out IT consultancy activities for carrying out software and hardware maintenance operations may become aware of the data. The data will not be disseminated.

Data retention period
The data will be kept for the time necessary to carry out the administrative, accounting and tax purposes relating to the relationship established and also deriving from the obligations
established by law, in any case within the prescription terms set for the rights and obligations underlying the processing and without prejudice to the ” possible opposition to the treatment. Personal data will be processed, without prejudice to any opposition to processing, according to the following criteria:
– for the time necessary for the fulfillment of legal obligations, administrative, accounting and tax purposes relating to the relationship established.
– for the time necessary to achieve the purposes for which they are processed.

Rights of the interested party
Except in the cases referred to in Article 23 regarding legal obligations, public interest or the exercise of public authority, the interested party may exercise the rights provided for in art. 15-22.
– Confirmation that your personal data is being processed or not and, in this case, to obtain access (right of access) art. 15;

– the correction of inaccurate personal data, or the integration of incomplete personal data (right of rectification) Article 16;
– the deletion of the data, if there is one of the reasons provided for by the Regulation (right to be forgotten) Article 17;
– the limitation of processing when one of the hypotheses provided for by the Regulation (right of limitation) Article 18 occurs;
– to receive the personal data you have provided to the owner in a structured format, commonly
used and readable by an automatic device and to transmit such data to another data controller (right to portability) art.20.
– opposition to the processing of personal data (right to object) Article 21.
– the right not to be subjected to a decision based solely on automated processing, including profiling (automated decision-making process relating to natural persons) Article 22.
The exercise of rights is not subject to any formal constraints and is free. For any further information and in any case to send your request, you must contact the Data Controller at the e-mail address

Complaint procedure
Without prejudiceto any other administrative and judicial action, the interested party has the right to lodge a complaint with the competent supervisory authority.
For further information, consult the institutional website of the Privacy Guarantor: