Privacy Policy

Information pursuant to art. 13 of the GDPR

The sole proprietorship Atena Solution di Francesco Grillo, c.f. GRLFNC88D08I921R, p.iva 03657910547, situated in Giano dell’Umbria (06030 – PG), fraz. Bastardo, via Bruno Buozzi n.84, pursuant to art. 13 of European Regulation (EU) No.2016/679 of April 27 2016 (hereinafter GDPR) and in relation to the personal data of which the company will enter the availability for the fulfilment of the obligations that will be requested, communicates the following information to customers.

Data controller

The data controller is Mr. Francesco Grillo, c.f. GRLFNC88D08I921R, born in Spoleto (PG) on 8 April 1988 and residing in Giano dell’Umbria, fraz. Bastardo, via Bruno Buozzi n.84, as the homonymous owner of the aforementioned individual company, hereinafter referred to as the owner, which can be contacted by phone at (+39) 339 5956262, through https///, by mail to the address, or by pec at

Purposes of data processing

The processing of data is aimed at the correct fulfillment of the contractual services provided, as well as in order to fulfil the obligations in the tax and accounting field and those of a different nature imposed on the company, as required by current legislation.

Personal data may be processed by means of both paper and computer files, including portable devices, and by means strictly necessary to meet the purposes indicated above.

Legal basis of processing

Pursuant to art. 6 of the GDPR, processing takes place only in
the following assumptions:

-The data subject has consented to the processing of their data
personal for the precise purpose indicated by the same in the contract;

-Processing is necessary for the performance of a contract referred to in
the person concerned is party to or for the implementation of measures taken on
request of the interested party before entering into a contract;

-The processing is necessary to fulfil a legal obligation to which
the data controller is subject;

– The processing is necessary for the pursuit of the legitimate interest of the controller or third parties.

Consequences of failure to provide personal data

With regard to personal data relating to the performance of the contract or to the fulfilment of a regulatory obligation (for example, the obligations related to the keeping of accounting and tax records)failure to communicate personal data prevents the completion of the contractual relationship itself.

Data storage

Personal data, subject to processing for the purposes indicated above, will be kept for the duration of the relationship and, subsequently, for the time when the company is subject to retention obligations for tax purposes or for other purposes provided for by law or regulation.

Data communication

Personal data may be communicated to:

  1. Professionals providing functional performance for the purposes above indicated;
  2. Banking and insurance institutions providing functional services for the purposes indicated above;
  3. Entities processing data in execution of specific
  4. Judicial or administrative authorities for the fulfilment of legal obligations.

Right of opposition

Among the rights granted to data subjects by the GDPR are those of requesting the data controller:

– access to and information about personal data;

– the correction of inaccurate or incomplete data;

– the deletion of personal data (upon the occurrence of one of the
conditions indicated in art. 17, paragraph 1 of the GDPR and in compliance with
the exceptions provided for in paragraph 3 of that Article);

– the restriction of the processing of personal data (by
one of the hypotheses indicated in art. 18, paragraph 1 of the GDPR);

– where the legal basis for processing is the contract or the consent, and the consent is made by automated means, the delivery of personal data in a structured and machine-readable format, also for the purpose of communicating such data to another data controller.

The interested party may also:

  • object at any time to the processing of personal data to
    use of special situations;
  • revoke your consent at any time, limited to where processing is based on consent for one or more specific purposes and concerns common personal data (for example date and place of birth or residence), or categories of data provided for by art. 9 of the GDPR.

The processing based on consent and carried out prior to revocation of the same retains, however, its lawfulness;

  • lodge a complaint with the Data Protection Authority.