The policy, issued in accordance with 27 April 2016 European Parliament and Council EU Regulation 2016/679 and also in accordance with 30 June 2003 Legislative Decree n. 196 modified by 10 August 2018 Legislative Decree n.101 published on the 04 September 2018 Italian Official Journal issue, relates to the protection of natural persons in terms of handling of personal data as well as the free movement of such data.). In accordance with GDPR articles 13 and 14, we provide the following informations:
1. 1) Identity and contact details of the data controller and of his legal representative
Data Controller: GIORGIO BORMAC S.R.L.; Registered office: Via della Meccanica n. 25 CARPI (MO) Postal Code: 41012 Registration Code to Modena Business Register: MO - 280267 VAT Registration Number: 02309180368; Phone: 059653274; E-mail: firstname.lastname@example.org ; Certified Mail: email@example.com
The legal representative of the Data Controller is the pro tempore legal representative - currently Mr. BORELLINI GIORGIO – located at the Registered Office of the Data Controller, that in any case is the person who is stated as legal representative in the Business Register.
2. Contact details of the data protection officer
Data Protection Officer is not required.
3. Categories of data subjected to processing
Personal Data that may be collected and processed by the Data Controller during the contractual relationship may refer to the following categories of interested parties:
i) clients and suppliers natural persons of the Data Controller;
ii) natural persons in the capacity of legal representatives of company’s clients or suppliers of the Data Controller;
iii) natural persons such as clients’ or suppliers’ employees, freelances or consultants of the Data Controller.
The Data Controller will process Personal Data of such persons following the definitions specified in Article 4(1) of the Regulation, specifically identifying data of natural persons such as, included but not limited to, name, surname, domicile, phone numbers, address, e-mail, social network contacts, online identifiers, fiscal code, VAT Registration Number, Registration Code to Business Register to R.E.A., Registration Code to professional registers, bank data and details.
4. Purposes of data processing
Personal Data will be processed as follows:
a) By putting into practice preliminary and subsequent activities to the execution of commercial contracts, that is to say to fulfil all pre-contractual and contractual obligations specifically in relation with data subjects as mentioned at point 3), paragraphs i), ii), and iii);
b) By fulfilling obligations to which Data Controller is subject, as required by law in force (e.g. civilian aspects obligations, accounting and fiscal obligations such as keeping of the accounts, invoicing, data submission and State based financial administration) in relation with data subjects as mentioned at point 3), paragraphs i), ii), and iii)
c) By putting into practice the following activities, without personalization or creation and usage of profiling means, related to core goods and services of the Data Controller business: Direct marketing activities; Promotion and advertising campaigns activities put into practice through the sending of sales materials; Activities referred to data subjects as mentioned at point 3), paragraph i);
d) By conducting inquiries concerning customers’ satisfaction while avoiding the creation and consequent exploitation of profiling means.
5. Legal basis of data processing
Personal Data are processed in accordance with purposes as mentioned at point 4), letters a), b) are lawfully processed because the conditions as mentioned at article 6, paragraph 1), letters b), c) are respected (“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract and processing is necessary for compliance with a legal obligation to which the controller is subject”) while data that are processed for purposes as mentioned at letters c), d) are lawfully processed because the conditions as mentioned at article 6, paragraph 1), letter f) (“processing is necessary for the purposes of the legitimate interests pursued by the controller”).
6. Data transmission and refusal
Data transmission is required in order to execute contractual purposes as mentioned at point 4) and data subjects’ refusal to transfer such data involves the impossibility of fulfilling abovementioned purposes.
7. Means of data processing
Processing is achieved though operations that are carried out with or without the aid of electronic devices, that consist of data collection, registration, organization, storage, consultation, processing, alteration, selection, extraction, comparison, usage, cancellation and destruction.
Processing is put into practice by: Data Controller, internal subjects explicitly authorized by the Data Controller or by one or more Controllers engaged and authorized by the Data Controller.
Personal Data obtained by the Data Controller may be communicated, in accordance with purposes as mentioned at point 4), to the following subjects:
a) Third parties named by the Data Controller to accomplish contractual obligations and rights protection as mentioned at point 4) (e.g. suppliers, employees, contractors, consultants, professionals, ecc…) – in accordance with data subjects as mentioned at point 3), paragraphs i), ii), iii);
b) Third parties named by the Data Controller as Controllers of specific processing, specific activities to complete several obligations contractually related - in accordance with data subjects as mentioned at point 3), paragraphs i), ii);
c) Credit institutions and further financial operators – in accordance with data subjects as mentioned at point 3), paragraph i);
d) Italian Financial Administration and further Public bodies to comply with Data Controller’s legal obligations – in accordance with data subjects as mentioned at point 3), paragraph i);
e) Every other subject to whom communication may be necessary to comply with legal obligations – in accordance with data subjects as mentioned at point 3), paragraph i). Personal Data are not subject to dissemination.
9. Data transfer outside the European Economic Area
We inform you that Data Controller will not share your information outside of the European Economic Area (EEA).
10. Storage period
Acquired Personal Data are only stored for a mandatory period of time in order to accomplish purposes as mentioned at point 4). The access to your information is restricted to those who need to use them for relevant purposes. Personal Data that are not needed anymore will be permanently erased. Personal Data will be stored following abovementioned methods for:
a) The whole contract period and after the termination of the contract for 10 years that corresponds to italian prescription period, except for different purposes of storage as required by law;
b) In case of legal dispute, for its entire duration and until the complete exhaustion of protection and appeal availability terms.
11. Rights of the data subject
Data Subject will be able to exercise the following rights in accordance with third and eigth chapters of the EU Regulation 2016/679 and in accordance with italian privacy regulations at any time:
a) right to obtain a copy of supplied Personal Data;
b) right of access;
c) right to rectification and erasure;
d) right to restriction to precessing;
e) right to data portability;
f) right to withdraw the consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
g) right to lodge a complaint with a supervisory authority.
The exercise of abovementioned rights is subject to several exceptions intended to protect public interest (e.g. crime prevention) and our interests. In the event that you will exercise any of the abovementioned rights, we will verify that you are entitled to exercise such rights and we will reply within a month.
Data subjects can exercise abovementioned rights through email request sent to the following electronic address: firstname.lastname@example.org