INFORMATION ON THE PROCESSING OF PERSONAL DATA
VIA INTERNET WEBSITE
EU Reg. no. 679/2016
Pursuant to art. 13 of the EU Regulation 2016/679 (hereinafter known as GDPR) we hereby inform you that our company processes your personal data according to the principles of lawfulness, fair play and transparency. Personal data (for instance: name, surname, tax code, tax data, contact data, billing address and so on) is collected via Internet website directly from the data subject. Hereinafter please find the information related to the processing of personal data.
Purposes and legal basis for the processing of personal data
Please find hereunder the purposes for which we process your personal data, including the legal basis (or conditions of lawfulness) for each of these as stated in art. 6 of the GDPR:
1 – DATA PROCESSING NOT SUBJECT TO CONSENT
a) Activities directed to answer the request for info connected to goods and/or services which are subject matter of the activity of our company, sent by the interested party via email or by filling out the appropriate form. The legal basis for the aforesaid purpose is identified in the performance of pre-contractual measures at the request of the data subject (art. 6.1, letter b, GDPR)
b) Activities connected to the performance of any contract you may become a party of, possibly also by exchanging information remotely, whenever a supply agreement is reached (examples include: acquiring preliminary information prior to reaching an agreement, managing correspondence, signing up to the website to identify the party involved, speeding up online purchases operations, and so on). The legal basis for the aforesaid purpose is identified in the contract and the pre-contractual measures (art. 6.1, letter b, GDPR);
c) Activities connected to the processing and storing of accounting records, issuing legally required documents and other activities carried out by virtue of mandatory rules or orders by the authority. The legal basis is identified in the compliance with a legal obligation to which the controller is subject to (art. 6.1, letter c, GDPR);
d) Activities that, while connected to the beginning of the contractual relationship, are functional to the direct need of the data controller to ensure an ideal managing of his relationship with the customers. Such activities are identified as, for instance:
• Internal organisation for data managing activities (also by way of means such as CRM: customer relationship management, phonebooks, internal communications and so on) functional to ideally manage the supply of products and/or services;
• Managing credit lines and risks (insolvency, frauds and so on);
• Managing disputes and possible sale of receivables;
• Managing insurance and financial services instrumental to the purposes of managing supplies and electronic payment instruments;
• Processing of data for statistical purposes
The legal basis for the aforesaid purposes is identified in the legitimate interest pursued by the Data Controller (art. 6.1, letter f, GDPR);
2 – DATA PROCESSING SUBJECT TO CONSENT
– Activities directed to the sending of commercial information (including via newsletter) – via email, by post and other communication systems – advertising, informative and promotional material related to products and/or services offered by our company. The legal basis is identified with the consent given by the data subject (art. 6.1. letter a. GDPR);
We do not process data via automated decision-making processes nor do we profile.
Data storage period
Personal data processed for the purposes specified in point 1 letter a) are stored for a period of time compatible with the establishment of an efficient exchange of requests/information (save for any different period of time required by the nature of the requested information), usually no longer than 12 months from the last communication.
Data processed for the purposes specified in point 1 letters b), c) and d) is stored until the contract expires and even further, considering the compulsory period for keeping the accounting records and the expiration period of any potential claim arising from the commercial transactions provided by the law. Should a dispute arise, the expiration date for storing data will be extended for the whole duration of the dispute and for the 10 years subsequent to a definitive solution to the dispute (for instance, settlement agreement or final court judgment)
Storing data for the purposes indicated in point 2, in light of the purposes for which such data has been gathered, would however expire with a simple request by the data subject.
Consent and optional/compulsory data transmission.
As stated above, transmitting data for the purposes indicated in point 1 does not require consent from the data subject. Transmitting data is in any case compulsory and essential for the purposes of conducting the performances requested to us by the data subject, as well as the subsequent and related legal obligations. Any refusal to supply some of the data results in the inability to follow up with the requests from the data subject and/or to carry out the relationship.
However, consent is required for the processing of data specified in point 2 (sending commercial information also via newsletter). You will be asked to give consent to such processing by flagging/checking the corresponding box in the section dedicated to the sending of the communication/subscription. Please note that data release and consent for the aforesaid are optional and do not impact the chance of requesting information nor any potential subsequent contractual performances.
Data recipients categories
Data collected via Internet solely for the purpose of addressing the request for information, as well as data processed to send commercial information also via newsletter, shall not be shared or sold to third parties.
Your personal data may however be communicated to third parties for technical and operational reasons strictly connected to other purposes indicated in point 1 and specifically for the following categories of subjects:
• Institutions, professionals, companies or other structures operating processes directed towards the fulfilling of administrative, accounting, insurance and managerial obligations linked to the ordinary performance of our economic activity, also for credit recovery reasons.
• Companies specialized in managing transport and logistics for third parties, whose role is functional in delivering goods that are subject of the contract between data controller and data subject.
• Public authorities and administrations for reasons connected to the fulfillment of legal obligations or subjects that legitimately access them for legal provisions, regulations and community rules;
• Banks, financial institutions or other subjects for which the transfer of such data is necessary to carry out the activities of our company in relation to the performing, on our part, of the contractual obligations to you;
• Suppliers of installation, assistance and maintenance services for computer and telematic hardware and systems and all services connected to them that are necessary for the fulfillment of the performances that are subject of the contract.
The same subjects will operate as autonomous data controllers or they’ll be designated as Data Processors.
Within the scope of our industrial organization, other subjects (usually our own employees, designated/authorized by us) may process your personal data. Such subjects, when authorized, are committed to confidentiality and, as with the designated “Processors”, have received operational instructions for the purpose of ensuring safety and confidentiality when processing your personal data.
Personal data are not subject to transfer towards non-EU countries. Should the Data Controller decide in the future to transfer your personal data outside the EU, you will be promptly informed and the data controller will ensure the respect of the conditions provided by Chapter V of the GDPR.
Personal data shall be electronically processed, in observance of the protective measures for data safety and confidentiality.
With reference to the sending of newsletters, this will take place by means of automatic sending to all subscribers to the service – all third party recipients email addresses (the so-called Blind Carbon Copy, BCC) will be concealed.
In any event, there are technical, electronic, organisational, logistic and procedural safety measures in place that prevent loss, illicit or non-relevant use of data and unauthorized access to them.
Data subject rights and claims to the Supervisor
Each data subject can exercise the following rights at any time:
• Right of access by the Data subject (art. 15 GDPR): you may contact us to know if your personal data is subject to processing and in that case you have the right to obtain a copy and receive information regarding the origin of such data, the categories of processed personal data, the recipients of such data, the purposes of the processing, the existence of an automated decision-making process, including profiling, the storage period of such data or the criteria used to determine it.
• Right to rectification (art. 16 GDPR): obtain the rectification of inaccurate personal data or the integration of incomplete ones from the Controller;
• Right to erasure (right to be forgotten) (art. 17 GDPR): obtain the erasure of your personal data, in the situations provided by the law;
• Right to restriction of processing (art.18 GDPR): obtain a restriction on the processing of your personal data, where one of the following applies (in summary: challenges on the accuracy of personal data; unlawful processing with opposition to its erasure from the data subject, requirement from the data subject to exercise a right through legal action; opposition of the data subject pending verification wether the legitimate grounds of the Controller override those of the data subject).
• Right to data portability (art. 20 GDPR): In the situations provided by the law (processing conducted via automated means and on the basis of consent or on a contract), the right to receive personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without any hindrance from us;
• Right ot object (art. 21 GDPR): right to object to further processing of personal data on grounds relating to your specific situation, unless the processing is necessary for compelling legitimate reasons, in the situations provided by the law.
• Right to withdraw consent (art. 7.3 GDPR): right to withdraw consent at any time for those situations where data processing is based on consent. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.
Please refer to the Data Controller contacts indicated hereunder in order to exercise such rights and, if you wish, download the info from the website of the Privacy Authority at the following link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924. Please note that you also have the right to lodge a complaint to the Privacy Authority for the protection of your personal data. In this case as well you can download it from the Authority website at this address: https://www.garanteprivacy.it/en/home/docweb/-/docweb-display/docweb/9041356. Please remember that any claim, pursuant to art. 77 of the GDPR, may be lodged by the data subject to the Authority in the Member state of his or her habitual residence, place of work or place of the alleged infringement.
Data controller is Vicario Cinque srl
Registered offices: P.tta del Vicariato, n. 5 , municipality of Brendola (Vi)
phone: +39 0444401051