Privacy policy




With the present document Coronati Consulting Lab, in accordance with the requirements of current legislation, informs you about the processing of your personal data.


  1. Data controller

The data controller is Coronati Consulting S.r.l. located in Mirandola (MO), Via L. Gavioli n. 3. The Data Controller has not appointed a Data Protection Officer (DPO).

The owner is – according to the definition of EU Reg. 679/2016 – the subject that determines the purposes and means for the processing of personal data.


  1. Categories of data

In the execution and management of customer relations, the Data Controller may process your or your employees’ personal data such as tax data, address, telephone, e-mail, bank and payment references, provided by you and used for the provision of the services provided by the Data Controller.


  1. Purpose of treatment

The data processing is aimed at the provision of services rendered by the Data Controller, to the management of tax data deriving from the existing relationship, management of communications, as well as to the fulfilment of legal obligations, regulations, community legislation or by an order of the Authority.

The legal basis that allows the processing of your data are:

  1. a) the execution of contractual and pre-contractual obligations;
  2. b) the fulfilment of legal obligations and / or ISO standards for accreditation (for example: tax and accounting obligations, obligations required by the accrediting body);
  3. c) the exercise of an Owner’s right (e.g. the right of defence in court);

Failure to provide data will make it impossible to establish a contractual relationship with the Data Controller.

  1. d) The Owner periodically carries out an investigation aimed at verify the validity and quality of the services offered, the degree of customer satisfaction, also for the purpose of making improvements. These questionnaires can be shown to the accrediting body in case of checks.

This treatment will be carried out only with the consent of the interested part and the provision of data, for this purpose, is optional, so any refusal will not affect the execution of the contractual relationship.


  1. Processing method

Data processing is carried out in such a way as to guarantee the integrity, confidentiality and availability of personal data.

Personal data may be processed by means of both paper and computer archives (including portable devices) and with methods strictly necessary to meet the aforementioned purposes. Profiling is not carried out.


  1. Data storage

Your data, processed for the purposes reported above, will be kept for the necessary time in which Coronati Consulting S.r.l. is subject to storage obligations for tax purposes or for other purposes, in according to laws or regulations, or for the defence of rights in court.


  1. Data communication and diffusion area

To achieve the purposes reported in point no. 3 of this information, your data may be processed by the owner’s employees, specifically authorized and trained to carry out this processing activity.

Your personal data may be communicated to:

– consultants and business consultants who provide functional services for the purposes indicated above;

– banking and insurance institutions that provide functional services for the purposes indicated above;

– subjects that process data according to specific legal obligations;

– Judicial or administrative authorities, for the fulfillment of legal obligations;

– external subjects that offer administrative and technical-IT consultancy;

– accrediting bodies.

In order to guarantee the protection of your data, Coronati Consulting S.r.l. has appointed external data processors, whose list can be consulted on request by the interested part.

It is specified that “the responsible for data processing” means the person who processes personal data on behalf of the Data Controller.

Outside of the purposes referred to in the aforementioned point 3), in the absence of your prior consent, your data will not be disclosed to third parties, unless it is due by request of Public Authorities.

The data are processed within the EU. If necessary, the Data Controller ensures that the transfer of non-EU data will take place in compliance with the applicable legal provisions, subject to stipulation of the standard contractual clauses.


  1. Rights of the interested part

As an interested part in the process, you have certain rights established by law.

Among the rights granted to you, by EU Reg. 679/2016, are those of:

  • ask the Data Controller for access to your personal data and information relating to them; the correction of inaccurate data or the integration of incomplete data without undue delay; the cancellation of personal data concerning you (upon the occurrence of one of the conditions indicated in art.17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); the limitation of the processing of your personal data (if one of the hypotheses indicated in art.18, paragraph 1 of the GDPR occurs);
  • request and obtain from the Data Controller your personal data in a structured format that can be read by an automatic device, also for the purpose of communicating such data to another data controller (so-called right to the portability of personal data);
  • to object at any time to the processing of your personal data when particular situations that concern you occur;
  • withdraw consent at any time, limited to the cases in which the treatment is based on your consent for one or more specific purposes and regards common personal data (for example date and place of birth or address), or particular categories of data (e.g. data revealing your racial origin, your political views, your religious beliefs, your health or sexual life). The treatment based on consent and carried out prior to the revocation of the same, however, retains its lawfulness;
  • propose a complaint to a supervisory authority (Guarantor Authority for the protection of personal data –;
  • not be subjected to automated decision-making including profiling. By profiling it is meant any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of said natural person.


  1. How to exercise the rights of the interested part

The interested part can exercise its rights with a written request sent to the Data Controller Xxx address ________________________ or at the following e-mail address:________________

Mirandola (MO), ___________________________