with registered office in Molfetta (BA), Via Gambardella, 10 ZONA ASI, Italy,
as Data Controller of the personal data you provide, informs you in accordance with European Union General Data Protection Regulation 2016/679 (GDPR or ‘the Regulation’), that the processing of your personal data is carried out at the organization’s facility and at its branch offices (local units) in full compliance with the aforementioned Regulation in order to guarantee protection of the fundamental freedoms and dignity of the you, the data subject, in particular with regard to privacy and data protection. It should be noted that this policy notice relates to personal data provided by the data subject or your delegates and to any data requested in the future for the purposes stated below and obtained directly from such parties or from computerized systems in the public domain to which you, the data subject, have provided your data in order to be subsequently contacted by potential customers.
Pursuant to Article 13 of the Italian Privacy Code and the Regulation, we provide the following information:
The processing of the data may be carried out by paper and/or computer systems and related electronic equipment (including remotely via adequately protected and secure systems) by persons specifically appointed and instructed in security and data processing for the following stated purposes. Further processing for any other purposes shall be subject to specific policy notices with related informed consent if due in relation to applicable mandatory rules.
- Administrative, accounting and fiscal management of the company (invoicing, organization of work activities, etc.);
- Operational management and internal and external logistics (delivery and collection of goods or products, communications on the status of work activities, etc.);
- Supply of services, materials, goods, specialized services (for example but not limited to consulting, materials supply, interventions on buildings, systems and facilities, professional and technical services, logistics, training, etc.);
- Management of any dispute between the parties (complaints, breaches of contract between the parties etc.);
- Filing of technical and administrative documentation (in relation to legal obligations, fiscal and contractual bookkeeping, contractual and warranty communications on goods supplied);
- Sending of periodic promotional and commercial communications;
- Sending of occasional greetings in relation to birthdays, public holidays and celebrations.
Communication of the personal data
The data in our possession is processed by internal parties (appointed persons and supervisors) in relation to roles assumed within the company in order to pursue the purposes stated above and on the basis of the relationships established between the parties. The company also avails of parties external to its organization for specific activities carried out by specific professional and technical figures dedicated to data processing. Such parties are appointed as external processing officers subject to the obligations that current legislation provides for concerning such figures.
The categories of recipients of data are as follows:
Employees of the company or consultants under a different contractual form under the direct supervision and responsibility of the Data Controller.
- Tax consultancy studios (accountants, tax consultants, etc.)
- Consultancies in general;
- Authorized workshops (for maintenance, warranty interventions, etc.)
- Insurance companies;
- Financial services companies (loans, financing, leasing, long-term rentals);
- Equipment manufacturing companies;
- Specialized tax incentive consultancies (tax incentive verification);
Communication to parties outside the organization shall be carried out within the strict limits of the need to respond to customer requests, to properly perform the received mandate or to comply with specific legal obligations (e.g. accounting and fiscal bookkeeping). Accordingly, not all the categories of recipients mentioned above will be able to process the data, but only the internal or external figures appointed to perform specific mandatory processing operations.
Transfer of the data to a third country or to international organizations
For the above stated purposes, the Data Controller shall not ordinarily resort to the transfer of the data to a third country or international organization, with the exception of disclosure of non-sensitive information during auditing on behalf of the Data Controller carried out by customers or certification bodies bound to confidentiality and to strict data and information security protocols, in accordance with applicable Italian and European Union regulations.
Mandatory (or non-mandatory) nature of the data provision
The processing of personal data is admissible only upon the provision of the data by the data subject.
The provision of data may be optional or mandatory pursuant to legislative provisions applicable in relation to the pursued purposes.
Due to the principle of the ‘necessity’ of the data (thus excluding requests for data not strictly necessary), the data subject is informed that, for the pursuit of the above stated purposes, refusal to provide the data shall make it impossible to carry out the envisaged processing, making the services provided through the relationship between the parties or the fulfilment of particular legal obligations impracticable.
Retention of the collected data, without prejudice to the exercising of the rights of the data subject as indicated below, shall extend to the time necessary in order to complete the order, task or service requested, as well as to the retention period required by any warranties and by state or European regulations (e.g. regarding the conservation of tax documents). Data that is no longer necessary or no longer required to be retained as per regulations or for the purpose of protection of the data subject shall be destroyed or returned, without any retention of copies, in case of original documentation. Further information on retention periods in relation to the various applicable cases may be requested from the Data Controller and its reference contacts through the communication channels indicated in this policy notice.
Profiling and automated processes
The processing of personal data takes place without any profiling of the data subject and without the intervention of automated systems or processes that make decisions impacting the data processing or the legitimate interests of the data subject.
- Data Controller
The figure identified as per the Italian Privacy Code and the Regulation as the Data Controller, to whom it is possible to forward any requests to exercise rights guaranteed to the data subject pursuant to Articles 15 to 22 of EU Regulation 2016/679, is Promove SRL, with registered headquarters in via Gambardella, 10 ASI ZONE– 70056 - Molfetta (BA), Italy.
Data Protection Officer (DPO)
The figure identified as per the Italian Privacy Code and the Regulation as the Data Protection Officer (DPO) is Flashtech Srl with registered office in Via E.Toti, 75 – 70126 - Bari (Ba) Italy, to whom it is possible to send, by e-mail via the address firstname.lastname@example.org, any requests to exercise rights guaranteed to the data subject pursuant to Articles 15 to 22 of the EU Regulation 2016/679.
Rights of the data subject (Articles 7 of the Privacy Code and 15 to 22 of the Regulation)
The data subject may exercise the following rights, without prejudice to any specific obligation with which the company is obliged to comply pursuant to the Italian Privacy Code and the Regulation, as well as to any other legislative provisions regulating the management of personal data:
- The data subject has the right to obtain confirmation of the existence or not of personal data concerning him/her, even if not yet not registered, and its communication in an intelligible form.
- The data subject has the right to obtain an indication of:
a) The origin and categories of the personal data;
b) The purposes and methods of the processing, and the data retention period;
c) The logic applied in case of processing carried out with the aid of electronic instruments;
d) The identification details of the Data Controller, appointed data processing supervisors and the designated representative;
e) The parties and categories of parties, as officers or agents, that may become aware or receive communication of the personal data in the territory of the state, of the European Union or of third countries, as well as information on adequate guarantees regarding the transfer and processing of the personal data.
- The data subject has the right to obtain:
a) The updating, rectification and, if desired, completion of the personal data;
b) The erasure (right to be forgotten), transformation into an anonymous form or restriction of the processing of the personal data, including data whose retention is unnecessary for the purposes for which the data has been collected or subsequently processed, without prejudice to obligations of a regulatory nature or concerning the protection of the data subject, and, in particular, in case of any illicit processing;
c) Formal notification that the operations referred to in letters a) and b) have been brought to the attention, also regarding their content, of those to whom the data has been communicated or disseminated, except in the case where such fulfilment proves impossible or involves a use of means manifestly disproportionate to the protected right.
- The data subject has the right to oppose or restrict, in whole or in part:
a) On legitimate grounds, to the processing of personal data concerning him/her, even if such processing is relevant to the purposes of the data collection;
b) To the processing of personal data concerning him/her by automated or profiling processes (without prejudice to contractual obligations stipulated between the parties), with particular regard to marketing purposes and the like.
- The data subject also has the right to:
a) Lodge a formal complaint to a supervisory authority (more information at www.garanteprivacy.com);
b) Obtain information on the origin of the data, if it has not been directly collected from the data subject;
c) Receive a copy of the retained data within the limits of the protection of his/her rights and those of others;
d) To request data portability, where the nature of the processing makes it technically feasible.
Further information can be obtained from the Data Controller or by consulting the articles of the cited reference legislation.