Why this policy

Under EU Regulation 2016/679 (GDPR) (hereinafter “Regulation”), this document describes how I collect and process your personal data concerning the services I offer you.

Data controller

Fabio Puddu, self-employed translator and provider of other services such as (but not limited to) transcription, proofreading, and linguistic consulting. Website: https://www.fabiopuddu.com
Fiscal code: PDDFBA74H27B354T. VAT registration number: IT03996970921
Registered office: via S. Pellico, 6 – Selargius (CA) – Sardinia, Italy

What personal data do I collect?

I only process the personal data necessary to carry out the service you have requested in a minimum quantity and under the purposes stated in the following paragraph.
The personal data I process may include: name and surname, address, VAT number, fiscal code, e-mail address, PEC address (PEC stands for posta elettronica certificata, which means “certified e-mail”), electronic invoicing code, telephone number, in rare cases, bank details. I will ignore any personal data you submit if I have not requested it.
I do not ask or intend to receive texts or other material for translation containing personal data.
If the work agreed requires the processing of personal data as a data processor, I will ask you in advance to sign the relevant Data Processing Agreement under Article 28 GDPR.

Why do I process your personal data? And what are the related legal bases?

I need to collect, use and store some of your personal data to provide the services you have requested, i.e., to communicate with you, to send you secure access codes to protect our communications, to manage our relationship, to provide you with a quotation, to fulfil all duties imposed by law, to carry out a given job and to invoice you for it.
I never use your data (personal or non-personal) for purposes other than those relating to the service I offer or that I have offered:
I do not sell, exchange, or otherwise disclose your data to other parties for marketing purposes. For example, any use of your telephone number is limited to carrying out the work in progress and will then be deleted when the work is completed.

The legal bases I use for processing your personal data under the GDPR are the following:
– processing necessary for the performance of pre-contractual or contractual measures to which the data subject is party, Art. 6 (1)(b); all the personal data I process is essential for operating the relationship between us: this means even if you still have the right to oppose their processing, in this eventuality, I may no longer be in a position to offer you the service you have requested;
– processing necessary for the fulfilment of my legal obligations, Art. 6 (1)(c); by law, I must keep for a specific time the information for which I ask. Here, you cannot oppose the processing, as I myself am subject to legal obligations.

Who can see your personal data besides me?

My accountant, my e-mail/web hosting provider, and possibly banking institutions may have access to your personal data. In compliance with the Regulation and where necessary, the third parties mentioned above act as data processors under Art. 28 GDPR. If necessary, your data could be disclosed to the authorities. I do not transfer your personal data outside the EU.

My accountant may transfer personal data outside the EU in accordance with EU data protection.
I do not and cannot control the flow of data to or from the accountant. Such flow depends in the large part on factors outside my control. At times, actions or inactions caused by these third parties can produce situations in which your data is exposed. I cannot guarantee that such situations will not occur and, accordingly, I disclaim any and all liability resulting from or related to such events. In the event that your use of the service ends up causing a data breach, you agree to directly hold accountable the third party involved upon investigations being conducted.

How long do I keep your personal data?

I keep some of your personal data for the minimum time necessary to provide the requested service, considering the purposes for which they were collected or the time required to comply with legal obligations, or possibly even longer in particular cases, if useful to defend my rights in court.

What are your rights?

Your personal data will always remain your property, even when you share it with me.
The Regulation constantly guarantees you the right to ask me for access to your data, decide on its correction, cancellation, limitation, and opposition to processing, to portability where applicable.
Except in special circumstances, you can exercise your rights for free.

To exercise your rights guaranteed by the Regulation, you can use these contacts:

E-mail: eng@fabiopuddu.com
Tel.: +39 (0)389 260 6573
Postal address: Fabio Puddu, via S. Pellico, 6 – 09047 Selargius (CA) – Italy
I will respond to your request without undue delay, and in any case, within one month from the receipt of the request.
If you believe that the processing has been carried out unlawfully, you may lodge a complaint with the competent authority, either in Italy (Garante per la protezione dei dati personali, https://www.garanteprivacy.it) or your own country.

How do I process your personal data?

I do not use automated decision-making processes.
I implement various security measures to minimise the risk of damage of any kind to your data or to reduce the extent of the damage in the event of destruction, loss, alteration, unauthorised or accidental disclosure or access, even if remote.
Some security measures adopted:
– of a technical nature: the use of encryption wherever possible, both in online services (PGP) and in my hardware, using strong, tested, and regularly changed passwords, the automatic updating of antivirus, operating system and various software, using caution in even the most trivial IT operations, regular back-up and data redundancy;
– of a managerial nature: contingency plans, the risk analysis of my activity concerning personal data, using a register of processing activities to properly manage the flow of data.

Links to other websites

My website or documents may contain links to other websites, for which I take no legal responsibility.

Is this privacy policy subject to change?

Yes, my privacy policy may be subject to periodic changes, which will be communicated to you well in advance if they are substantial, and always highlighting the date of the last update, which for the present is 23/04/2022 (dd/mm/yyyy).