logo CCMI


Information pursuant to and for the purposes of the Code regarding the protection of personal data as amended by Legislative Decree 101/18 and pursuant to art. 13 and ss. of the EU Regulation n. 679/2016 of 27 April 2016, (General Data Protection Regulation - GDPR) "relating to the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and which repeals Directive 95/46 / EC (regulation general data protection) "

in compliance with the obligations set out in articles 13 and ss. of EU Reg 679/2016 laying down rules relating to the protection of individuals, we are to provide you with the necessary information regarding the processing of personal data you have provided.

CCMI, independent Data Controller with operational headquarters in 10 St. James Avenue | Boston MA 02116 USA, (hereinafter, also "Company or Data Controller") informs you that the data collected has been and will be processed according to principles of correctness and transparency and will be collected in an adequate, relevant and limited way to the previously determined, explicit and legitimate purposes of the processing.
We also provide you with the following information:
b) the purposes of the processing for which the personal data are intended as well as the legal basis of the processing consist of those strictly connected and instrumental to the fulfillment of the obligations inherent in relations with our Company and those for which the interested party has expressed the consent, in particular:
1. for the inclusion of personal data in the company's IT databases;
2. for fulfilments and obligations provided for by laws, regulations and community regulations or by provisions issued by authorities legitimated by the law and by supervisory and control bodies;
3. for the fulfillment of contractual and legal obligations deriving from the relationship established with you, or to execute your pre and post contractual requests and in any case for the management of our commercial and or professional relationships;
4. for the management of collections and payments as a legitimate interest of the Data Controller in execution of the mandate received.
5. for purposes of identification, registration, reporting of suspicious transactions.
6. declarations deriving from tax obligations and from the fulfillment of personnel administration pursuant to art. 2, of Law no. 12/1979.
7. for financial stabilization and economic competitiveness purposes (DL 78/2010) 8. - DIRECT MARKETING: commercial / promotional information activities, by e-mail, newsletter, with data entered in the database with prior consent and up to its opposition (Article 6 letter a) EU Reg. 2016/679).
9. - SOFTSPAM: commercial / promotional information activity, newsletters by e-mail to the e-mail address provided when signing the contract, concerning the same type of product and / or service (Soft Spam) similar to the product / service object of the sale, article 130 of the code paragraph 4.

c) The recipients or any categories of recipients of the personal data; for the purposes of the execution of the contract and for the purposes indicated above, they consist of: all natural and legal persons (couriers and shippers, data processing center, inspectorates, INPS INAIL, DPL) in cases where communication is necessary and / o mandatory for the purposes described above;
banking institutions for the management of receipts and payments;
entities, companies and institutes of the banking, credit, insurance and financial service; our collaborators, interns, practitioners and / or consultants, attorneys, even occasional ones, employees, specifically appointed and within the scope of their duties.
In this regard, we inform you that from an organizational point of view, checks are carried out both on the assignment of tasks to the subjects under the authority of the owner (internal agents) in charge of data processing and on the classification of the data.
Courts, within the jurisdiction of the case and / or other third parties to whom the data must be communicated: Property Registry, IVG, etc. orally at the hearing, or, again, communicated to consultants or internal and external collaborators, to other professionals, to professional orders or colleges, to social security, welfare, insurance and credit institutions, to the financial administration of the State and to any authorized bodies, to the police forces, to judicial officers, to local authorities, to economic and non-economic public bodies, always within the limits of legislative, regulatory or contractual provisions;
to the Revenue Agency, for periodic deadlines.

Furthermore, the Data Controller has formally designated as external data processor:

In compliance with the General Provision of 11.28.2008 and subsequent amendments and additions of the Guarantor, the data may be processed by the System Administrator, Responsible for the processing of the company's web server mail

It is not the company's intention to transfer personal data, even for our back-up activities, to a third country or to an international organization.
Diffusion by any means (press, video and others) is excluded except with your explicit consent which we will take care of collecting with an explicit request.
c.1) Duration of processing and storage The Data Controller will process the Data for the time strictly necessary for the fulfillment of the purpose, or up to the duration of the services covered by the contract, unless renewed and kept for a further period of 10 years from the expiry. of the last service performed (variable in the case of particular EU regulations and directives that require a further retention period) to fulfill the legal and regulatory obligations envisaged; while the data acquired for the purposes referred to in point 8 will be processed until your consent is revoked.
d) Methods of processing: data processing will be carried out by the owner, the manager (s) and the persons in charge and may take place on paper and / or with the aid of IT tools, whether connected to the network or not, and telematic; with logic strictly connected to the declared purposes and, in any case, in order to guarantee the security and confidentiality of the data. No type of profiling will be carried out.
e) Nature of data collection and consequences of failure to provide the data The provision of data is:
a) mandatory for the achievement of the purposes related to the obligations established by laws or other binding regulations; and their eventual failure to provide it could make it impossible to fulfill the mandate b) necessary for the correct establishment and continuation of the relationship established with you. Any refusal to provide the above data, even if legitimate, could compromise the regular development of the relationship with our Company and, in particular, could make it impossible for us to execute your orders, as well as to perform the service. of the requested services and related billing. g) At any time you can exercise your rights of access, rectification, or cancellation (so-called right to be forgotten) as per Articles 15 and ss. of your personal data at our company, or propose a complaint and request the limitation of processing by writing to the company's e-mail address info@cashmere.org We will take care of it within 30 days of receiving your request. In case of non-compliance with your request, in the same 30 days, we will inform you of the reasons for the non-compliance and of the possibility of proposing a complaint to a supervisory authority which for the Italian territory is the Guarantor for the protection of personal data according to the procedures provided on the website

CCMI 10 St. James Avenue | Boston MA 02116 USA | CONTACT

© 1999-2019 2021 CCMI. All rights reserved

privacy policy - cookie policy