ON PERSONAL DATA PROTECTION
PURSUANT TO (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL
AI SENSI DEL REGOLAMENTO (UE) 2016/679 DEL PARLAMENTO EUROPEO E DEL CONSIGLIO
The following is meant, for the scopes of this regulation:
|It is the physical or legal person, public authority, service or any other body which, singularly or with others, determines the personal data processing scopes and tools; when the data processing scopes and tools are determined according to laws of the EU or Member States, the Data Controller or specific criteria for its appointment, are set forth by the laws of the EU or Member States.|
|Data Supervisor||It is the physical or legal person, public authority, service or any other body which processes personal data on behalf of the Data Controller|
|Data Protection Officer||It is the new figure appointed by the Data controller. He checks the implementation and application of the European Regulation, data security, feedback to the requests of concerned parties to exercise the rights set forth by the Regulation, he must ensure that the Data Controller or Supervisor evaluate the impact on data protection and request prior authorisation or consultation, in foreseen cases.|
|It is the physical or legal person, public authority, service or any other body other than the concerned party, the Data Controller, Data Supervisor and data processors under the direct authority of the Data Controller and Supervisor.|
| Personal data |
|Any information concerning a physical person identified or that can be identified (“concerned party”); the person that can be identified, directly or indirectly, with particular reference to identification details like the name, identification number, location details, online ID or one or more elements concerning his physical, physiological, genetic, psychical, economic, cultural or social identity, is considered identifiable|
|Any operation or series of operations carried out with or without the aid of automated processes and applied to personal data or series of personal data, such as: |
adaptation or modification;
communication through transmission;
diffusion or any other form of disclosure;
comparison or interconnection;
deletion or destruction
Having stated the above, the company notifies that:
THE DATA CONTROLLER IS :
Via delle Fonti, 8
THE INTERNAL DATA SUPERVISOR IS:
Sig. Massimiliano Berti
Via delle Fonti, 8
50018 Badia a Settimo – Scandicci
Tel 055 721233
The List of External Data Supervisors can be requested to the Internal Data Controller. Sig. Massimiliano Berti
- the personal data object of processing and, more precisely, identification, administrative, accounting and tax, commercial, IT data relative to the customer or, with regards to strictly identification and IT data, referring to other concerned parties (e.g. Collaborators, Suppliers, employees, Contact Persons, etc) notified by the latter in execution and unfolding of the relations with the Data Controller and compliance with laws on personal data processing and protection, is used to pursue instrumental and/or complementary scopes, in relation to the explicit corporate activities which are functional to execute the contract/pre-contract stipulated with the concerned party for services/ activities requested by the latter.
- In case of purchases made by the concerned party through the Data Controller’s website, it is informed that the data conferred through the relative form in the data input page will be processed to execute the order request and for related scopes, instrumental to its management and post-sale activities, including handling potential claims.
- If consent is granted, data will also be processed to transmit informative messages, commercial and promotional notices concerning the Data Controller’s activity and services, through automated tools such as email and sms, and also via traditional tools, like telephone contact with operator, in full compliance with principles of legality and uprightness and in conformity with laws.
Data is processed through IT/telecommunication and paper supports by internal subjects suitably appointed for the scope. Data is stored in electronic archives which implement suitable security measures set forth by the New European Regulation 2016/679.
DISCLOSURE AND DIFFUSION
The collected data will not be diffused or disclosed. Disclosure to third parties other than internal and external Data Controller, Supervisors and identified and appointed data processors, is foreseen to public bodies to fulfil legal obligations, the Companies of the Group to which the Data Controller belongs for administrative-accounting scopes and, if needed, to pursue the indicated scopes and, however, within their limits, to third parties and third companies such as legal and sector’s consultants, credit recovery and contract consulting institutions, couriers, third supply and IT and technical assistance companies, involved in the punctual and proper pursuit of the mentioned scopes. Nonetheless, data will be processed by third subjects according to principles of uprightness and in compliance with applicable laws.
Data will be stored for the time required to achieve administrative, accounting and tax scopes concerning the relation established and to fulfil obligations set forth by law, in any case, within the maximum terms set forth by processing rights and duties.
With regards to data processing in order to transmit commercial and promotional notices concerning the Data Controller’s services and to transmit informative messages on its activity, the data will be stored unless the concerned party exercises the objection right through the methods provided for said scope, on a regular basis. The concerned party can object processing for one or the other transmission method, independently.
NATURE OF DATA CONFERMENT
Data conferment is mandatory to fulfil the obligations set forth and ratified by law, otherwise is optional but essential and potential refusal by the concerned party implies the impossibility for the Data Controller to stipulate the relation and punctual execution. Consent to the processing of said data is not necessary as this is collected to fulfil legal obligations and/or obligations derived from the contract or pre-contract.
(This consent is optional)
Consent to processing (Processing Scopes point 3) is instead required to attain additional and specific scopes, other than those indicated in the contract.
In particular, consent to use data for marketing scopes referring to services offered by the Data Controller, is required.
Notices will be sent through traditional and automated tools.
You express your specific and explicit consent for the scopes set forth by point 3 (Processing scopes)
Profiling aims exclusively at providing targeted services according to the specific needs of the User/Customer.
Data transfer to extra EU-countries
Data transfer is required to fulfil the obligations derived from the contract or pre-contract involving the concerned party or to fulfil, prior to stipulate the contract, specific requests by the concerned party, or to stipulate or execute a contract stipulated in favour of the concerned party;
RIGHTS OF THE CONCERNED PARTY
(Art. 15-16-17-18-19-20-21 of GDPR 2016/679)
- Right to bring forward a claim before a control authority
- The identity and contact information of the Data Controller and his potential Internal Data Supervisor; and contact information of the Data Protection Officer (DPO)
- The processing scopes concerning your personal data and the legal principles of the data processing
- Should processing be based on a legitimate interest, the legitimate interests pursued by the Data controller or third parties
- The recipients or category of recipients of personal data (External Data Supervisors)
- The intention of the Data Controller to transfer personal data to an extra EU-country or international organisation and the existence or lack of the Privacy Shield framework of the Commission or reference to suitable and adequate guarantees and modalities to obtain a copy of said data or place where this is conferred
- The personal data storage period or, if not possible, the criteria used to determine this period
- The existence of the concerned party’s right to request to the Data controller, access to his/her personal data and correction or cancellation or restrictions to personal data processing or object processing, in addition to the data transfer right
- Should the processing, also of particular data, be based on consent, the concerned party is entitled to revoke his/her consent at any time without prejudicing the legality of the data processing based on the consent prior to revocation
- Should personal data disclosure be set forth by the by-law or contract or is a necessary requirement to stipulate a contract, and if the concerned party shall provide the data and consequences for a potential refusal to confer said data
- The existence of an automated decision-making process, including profiling and, at least in these cases, significant information on the logics implemented, importance and consequences of said processing, for the concerned party.
- The concerned party has the right to receive his/her personal data conferred to a Data Controller in a structured, legible format of common use, from automated device, and he/she has the right to transmit said data to another Data Controller without impediments from the Data Controller to whom he/she conferred data.
- The concerned party has the right to request to the Data Controller, to delete his/her personal data with no undue delay and the Data Controller shall delete the personal data of the concerned party with no undue delay.