Privacy policy

Privacy Policy on the Processing of Personal Data pursuant to Article 13 of Regulation (EU) No. 2016/679

Pursuant to Article 13 of Regulation (EU) No. 2016/679, also known as the General Data Protection Regulation (hereinafter referred to as the “GDPR”), Patricio Estay informs you that your personal data (hereinafter the “Data”) will be processed in compliance with the GDPR and any applicable regulations regarding personal data processing, in accordance with the following information.

1. Data Controller. Data Protection Officer.

The Data Controller is Patricio Estay, with its registered office at Piazza Pitti 11, 50125 Florence (hereinafter the “Controller”). The Data Protection Officer can be contacted via email at info@patricioestay.com for any information regarding data processing.

2. Categories of Data

The Data processed by the Controller includes:

  • Personal information (name, surname, age, gender),
  • Residential or domicile address and contact details (phone number, email address),
  • Banking and/or payment details.
3. Purpose and Legal Basis of Processing. Legitimate Interest.

The Data will be processed for administrative purposes related to the work performed and the requested estimates, pursuant to Article 6(1)(b) and (c) of the GDPR, as well as to pursue the Controller’s legitimate interest under Article 6(1)(f) of the GDPR.

In any case, the processing of your Data based on the Controller’s legitimate interest occurs in compliance with Article 6(1)(f) of the GDPR, as well as in accordance with Recital 47 and Opinion No. 6/2014 of the Article 29 Data Protection Working Party, Section III.3.1.

4. Processing Methods

Your Data is collected and recorded lawfully and fairly for the purposes mentioned above and is processed using electronic and automated tools, including storage and organization in databases. These measures comply with GDPR security provisions to ensure the safety and confidentiality of the Data.

5. Recipients or Categories of Recipients

The Data may be made accessible to or shared with the following entities, who will be appointed by the Controller as data processors or authorized personnel, as appropriate (a complete list is available at the Controller’s registered office):

  • Public or private entities, individuals, or legal persons that the Controller uses for instrumental activities related to the purposes stated above, or to whom the Controller is required to communicate Data due to legal or contractual obligations.

In any case, the Data will not be disclosed to the public.

6. Retention Period

The Data will be retained for a period not exceeding ten (10) years for administrative purposes and, in any case, only for the time strictly necessary to pursue the Controller’s legitimate interest.

7. Rights of Access, Deletion, Restriction, and Portability

The Controller informs you that you have the rights provided for in Articles 15 to 20 of the GDPR. For example, by sending a specific request to info@patricioestay.com, you can:

  • Obtain confirmation as to whether your personal data is being processed;
  • If processing is ongoing, access your Data and related processing information, and request a copy;
  • Request the correction of inaccurate data and the completion of incomplete personal data;
  • Request the deletion of your Data, where applicable under Article 17 of the GDPR;
  • Request the restriction of data processing, where applicable under Article 18 of the GDPR;
  • Receive your Data in a structured, commonly used, and machine-readable format and request its transfer to another controller, if technically feasible.
8. Right to Object

Under Article 21 of the GDPR, you also have the right to object at any time to the processing of your Data based on the Controller’s legitimate interest by writing to info@patricioestay.com. In case of objection, the Data will no longer be processed unless there are compelling legitimate reasons overriding your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

9. Right to Lodge a Complaint with the Supervisory Authority

The Controller also informs you that you may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) if you believe your rights under the GDPR or any other applicable law have been violated. Complaints can be filed as indicated on the Authority’s website: www.garanteprivacy.it.