top of page


Information provided pursuant to articles 13-14 of the GDPR
(General Data Protection Regulation) 2016/679

Dear user,
in compliance with the provisions of the European Regulation 2016/679 (in initials GDPR),
Mayor Srl wishes to inform you that the personal data you have provided or acquired by us
as part of our business, necessary to execute the services offered to you,
will be treated in compliance with the privacy legislation and principles
of correctness, lawfulness, transparency and protection of your privacy and
Your rights.
We also wish to provide you with the following information:
1. HOLDER OF THE TREATMENT is the undersigned MAYOR Srl, a company having its registered office in
Sperlonga (04029, Italy), in Via G. ROMITA 24-36, who can be contacted at the following addresses:
telephone 0771.549245, e-mail, pec
RESPONSIBLE FOR DATA PROTECTION is the DPO (Data Protection Officer)
CHINAPPI MARCO, domiciled at the company headquarters in Via G. ROMITA 24.36, e
who can be contacted at the addresses: telephone 0771.549245, e-mail
2.1. IT systems and software used to operate the institutional site
( acquire some personal data which are implicit
consequence of the use of information protocols on the Internet (by way of example i
domain names and IP addresses). These data are not accompanied by information
additional personal data and are used to obtain anonymous statistical information
on the use of the site, to check how to use it and to ascertain
any liability in the event of computer crimes. The legal basis that legitimizes the
processing of such data is the need to make the site's functions usable
company as a result of the User's access.
2.2. The data provided voluntarily by the User are instead those necessary for the Data Controller
to provide the services available and are treated lawfully and fairly,
they are also collected and recorded for the specific, explicit and legitimate purposes below
indicated and are used in processing operations that are not incompatible with
such purposes.
Personal data (personal identification data such as, for example: name and surname,
company name, tax code and VAT number, address, telephone / fax, e-mail, references
banking and payment) are collected and processed:
a) to carry out customer relationship activities based on agreements
pre-contractual and contractual;
b) for administrative, fiscal or internal accounting purposes connected to the relationship
customer-supplier and to fulfill the obligations generally provided for by the Owner
by laws or regulations, by community legislation, by requests from the Authority
judicial or to exercise the rights of the owner (for example the right of defense in
c) in the presence of specific and distinct consent of the User, for the following purposes
marketing: sending newsletters (via e-mail, post, text message or telephone contact),
updates on the activities of the owner, advertising material or communications
commercial - possibly also customized based on the habits of
consumption of the User (profiling) - on services offered by the Owner that the User will be able to
consider your interest and to detect the degree of satisfaction with the quality of
services, including requests to participate in market analysis or research;
d) in the case of sending a curriculum vitae, exclusively for the purpose of selecting the
personal and for the establishment of an employment relationship.
The legal basis that legitimizes the processing of the data referred to in points "a" (agreements
pre-contractual and contractual) and "b" (administrative, accounting or tax purposes) is
the execution of a service supply contract of which the User is a party, or
carrying out pre-contractual activities at the request of the User.
In the cases expressly indicated in points "c" (marketing and profiling and "d" (curriculum
vitae) the legal basis is the consent freely given by the User.
2.3. Pursuant to art. 9 and 10 of the GDPR, the User can give the Data Controller
qualifying as "particular categories of personal data" (ie those data that reveal
“Racial or ethnic origin, political opinions, religious or philosophical beliefs, or
trade union membership ... genetic data, biometric data intended to identify in a way
unique a natural person, data relating to health or sex life or
the sexual orientation of the person "). These categories of data may be
processed by the Owner only with the consent of the User, expressed in writing
by signing this Notice, for contractual requirements and related obligations
legal and tax obligations and for personnel selection needs.
The processing of the User's personal data is carried out by means of the operations of:
collection, recording, organization, storage, consultation, processing,
modification, selection, extraction, comparison, use, interconnection, block,
communication, cancellation and destruction of data.
The User's personal data are collected following direct sending to the Data Controller, via
compilation of forms or forms in general prepared for this purpose, also included in
contractual documents, or collected by telephone by the operator as part of the
pre-contractual activities. The data is processed both by manual processing in
paper format and with electronic or in any case automated, IT tools
and telematics. The collected data are recorded and stored by the Data Controller in archives
IT and paper, as well as kept and controlled in such a way as to minimize i
risks of destruction or loss, even accidental, of unauthorized access and of
treatment not allowed or not in accordance with the purposes of the collection.
The data are processed by employees or collaborators of the Data Controller,
duly instructed to do so.
The provision of personal data relating to the processing is optional. However
failure to provide, partial or total, the data may result in partial or total
impossibility of establishing or continuing the relationship with the User, within the limits in which such
data are necessary for the execution of the same.
The provision of data for marketing purposes is also optional. The user
can therefore decide not to provide any data or to subsequently deny the
possibility of processing data already provided: in this case you will not be able to receive newsletters,
commercial communications and advertising material in general relating to the services offered
by the Owner.
The processing of the User's data is carried out by the Data Controller's internal staff
(employees, collaborators, System Administrators), identified and authorized to
treatment according to instructions that are given in compliance with the law
in force regarding privacy and data security.
If this is necessary for the purposes listed in Article 2, personal data
of the User may be processed by third parties appointed as Managers of the
processing (pursuant to article 28 of the GDPR) or "autonomous" holders, e
1. by professionals, companies, associations or professional firms that lend to the Owner
assistance or consultancy for administrative, accounting, tax or protection purposes
legal or personnel selection;
2. by all public institutions established by law and more generally by all bodies
provided for by current accounting and tax legislation as recipients of
mandatory communications;
3. by banks for collections and payments as well as any professionals -
in single, associated or corporate form - for analysis and market research services,
for the management of payments by credit cards or payment instruments
electronic in general, postal couriers, for any credit recovery or for activities
certification of the Holder's financial statements.
The updated list of data processors and persons in charge of processing is kept
at the registered office of the Data Controller.
In any case, the User's personal data are not subject to disclosure.
No transfer is envisaged as part of the management of the contractual relationship
of the User's data to third countries outside the EU or to international organizations.
For the purposes referred to in letters "a" (pre-contractual and contractual agreements) and "b"
(management of administrative, accounting or tax obligations) of article 2.2. the data
User's personal data will be processed and stored by the Data Controller for the entire duration of the
contractual relationship between the User and the Owner and, at the end of the same, for
whatever reason, they will be kept for the foreseen time - for each category
of data - from the current accounting, tax, civil and procedural legislation.
For the purposes referred to in letters "c" (marketing and profiling) and "d" (marketing e
profiling by third parties) the User's personal data will be processed and stored
by the Owner until the consent is revoked by the User or until the exercise, from
part of the User, of the right to object to the processing or to the right of cancellation
of personal data.
For the purposes referred to in letters "e" (curricula vitae) the User's personal data
they may be processed and stored by the Data Controller for a maximum period of 12 months
from the date of receipt.
In your capacity as interested party and in relation to the treatments described herein
Information, the User has the rights referred to in articles 7, from 15 to 21 and 77 of the GDPR and, in
particular, the:
• right of access - article 15 GDPR: right to obtain confirmation as to whether or not it is
the processing of personal data concerning the User is in progress and, in this case,
obtain access to such personal data, including a copy thereof;
• right of rectification - article 16 GDPR: right to obtain, without unjustified
delay, the correction of inaccurate personal data concerning the User and / or integration
incomplete personal data;
• right to cancellation (right to be forgotten) - article 17 GDPR: right to obtain,
without undue delay, the deletion of personal data concerning the User;
• right to limitation of treatment - article 18 GDPR: right to obtain the
limitation of processing, when: the interested party disputes the accuracy of the data
personal, for the period necessary for the Data Controller to verify the accuracy of such data; the
processing is unlawful and the interested party opposes the cancellation of personal data e
calls instead for its use to be limited; personal data is necessary
to the interested party for the assessment, exercise or defense of a right in the office
judicial; the interested party opposed the processing pursuant to art. 21 GDPR, in
period of waiting for the verification regarding the possible prevalence of legitimate reasons of the
Data controller with respect to those of the interested party;
• right to data portability - article 20 GDPR: right to receive, in a
structured format, commonly used and readable by an automatic device, the data
personal data concerning the User provided to the Owner and the right to transmit them to another
Owner without hindrance, if the processing is based on consent and is carried out
by automated means. Furthermore, the right to obtain the User's personal data
are transmitted directly to another Data Controller if this is technically feasible;
• right to object - article 21 GDPR: right to object at any time
for reasons connected with your particular situation, to the processing of personal data
that concern the User based on the condition of lawfulness of legitimate interest or
the performance of a task in the public interest or the exercise of public authority,
including profiling, unless there are legitimate reasons for the Data Controller
continue the treatment that prevail over interests, rights and freedoms
of the interested party or for the ascertainment, exercise or defense of a right on site
judicial. Furthermore, the right to object to the processing at any time if i
personal data are processed for direct marketing purposes, including profiling,
insofar as it is related to such direct marketing;
• right of revocation - article 7 GDPR: the User has the right to revoke their own
consent at any time. The withdrawal of consent does not affect the lawfulness of the
treatment based on consent before revocation;
• right to complain - article 77 GDPR: the User has the right to lodge a complaint
to the Guarantor Authority for the protection of personal data, Piazza di Montecitorio 121,
00186, Rome (RM).
The User may at any time exercise his rights by sending a
registered letter to:
MAYOR srl - Via G. ROMITA, 24-36 - 04029 Sperlonga (LT) or a pec
To exercise the rights as indicated in this Notice as well as to receive
any information relating to the same, the User may contact the Data Controller or the DPO
who, also through the designated structures, will take charge of the
request and to provide the User, without undue delay and in any case, at the latest,
within one month of receiving it, the information relating to the action
undertaken with respect to the request.
The exercise of rights by the User is free pursuant to Article 12 of the GDPR.
However, in the case of manifestly unfounded or excessive requests, even for theirs
repetitiveness, the Owner may charge the User a reasonable fee,
in light of the administrative costs incurred to manage your request, or deny the
satisfaction of your request.
The last modification to this Privacy Policy was made on

bottom of page