Legal notes
DISCLOSURE ON PERSONAL DATA PROCESSING
(PURSUANT TO AND FOR THE EFFECTS OF ARTICLE 13 GDPR 679/2016)
Dear User/Business/Company,
In compliance with the provisions of the GDPR 679/2016, we hereby inform you, as Party Concerned, about the purpose of the collection and processing of personal data relating to you/your company, which we acquire directly from you, to allow us to carry out our activities in an appropriate manner and according to the regulatory provisions in force.
We hereby provide you with the correct information on the processing of personal data, as specified below.
- IDENTITY AND CONTACT DATA OF THE CONTROLLER (EVENTUAL: OF THE REPRESENTATIVE/INTERNAL MANAGER/DPO)
The Data Controller is the Company TOMMASIN UTENSILI S.R.L., with registered office in Selvazzano Dentro (PD), via G. Galilei 2, VAT 03335730283, e-mail: info@tommasin.com, PEC (certified e-mail): tommasin@pec.it.
- PROCESSING PURPOSES
Without prejudice to the obligations established by laws, regulations and EU legislation, the data collected will be processed by us for the following activities:
- acquisition of pre-contractual/contractual information and fulfilment of obligations arising from one or more contracts;
- administrative and accounting management of customers and suppliers, in particular:
- customer/supplier administration;
- management of the contractual relationship;
- invoicing;
- order management;
- collections and payments;
- credit recovery;
- sending communications relating to news or events attributable to the activity of our Company.
- LEGAL BASIS OF PROCESSING
The legal basis of the processing consists of the fulfilment of pre-contractual and/or contractual obligations.
With reference to the specific purpose of communications relating to the business activity referred to in article 2, letter c above, the legal basis of processing consists of the specific consent given by you.
- RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The personal data collected may be communicated by us exclusively to the third parties indicated below:
- accounting, tax, legal consultant;
- credit recovery companies, only where necessary;
- banking institutions;
- public bodies, judicial, financial and other institutions, if required by laws, regulations, directives of the EU;
In relation to the purpose of communications relating to the business activity referred to in point 2, letter c, the personal data collected may be communicated by us exclusively to the third parties indicated below:
- a) our platform providers for sending newsletters, which is obligatorily and fully endorsed to the European directive of the GDPR 679/2016;
- b) our web marketing agency, necessarily and fully approved to the European directive of the GDPR 679/2016.
The personal data may also be known by the staff specifically appointed by the Data Controller who may provide for the management of the data, in relation to the purposes indicated above.
The specific identification data of the aforementioned third parties may be known by you at any time through the exercise of the right of access recognized to you and without prejudice to any legal limitations in this regard.
- INTENTION OF THE CONTROLLER OF THE PROCESSING TO TRANSFER THE PERSONAL DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION
It is not the intention of the Data Controller to transfer the data collected to a third country or to an international organization.
- RETENTION PERIOD OF THE PERSONAL DATA COLLECTED
The data collected will be retained as follows.
- a) Data necessary for the purpose of the pre-contractual relationship: for the time strictly necessary for the possible finalization of the contractual relationship and, in any case, for a period of time not exceeding one year from collection.
- b) Data necessary for the execution of the contractual relationship: for the entire duration of the contractual relationship and of any guarantee obligations required by law and/or by contract.
- c) Accounting records, invoices and correspondence: ten years, as established by law.
- d) Data necessary for credit recovery activity: up to completion of this activity.
- e) Data necessary for the management of any disputes: up to the definition of the dispute.
- f) Data necessary for marketing activities: for the duration of the contractual relationship, if in existence, that is, in the absence of a contractual relationship, for five years from the date of your consent to processing for marketing purposes and , in any case, up to eventual revocation of consent.
The foregoing is without prejudice to any longer retention periods, in the event that these derive from legal, accounting and/or tax obligations.
After the retention period, as described above, we will proceed to the total elimination of data provided by you.
- RIGHTS OF PARTIES CONCERNED
The GDPR 679/2016 recognizes some rights to parties concerned:
- a) right of access to data collected and processed – article 15;
- b) right to obtain data rectification – article 16;
- c) right to obtain data cancellation and right to be forgotten – article 17;
- d) right to obtain processing limitation – article 18;
- e) right to data portability to another controller – article 20;
- f) right to opposition to processing – article 21;
- g) right to not subject to automated processing – article 22;
- h) right to withdraw consent at any time, without prejudice to the lawfulness of processing based on the consent given prior to the revocation – article 7;
- i) right to file a complaint with the Control Authority – article 77;
- j) right to file a judicial appeal against the control authority (article 78) and against the Data Controller or the Data Processor (article 79).
To exercise the rights referred to in points a) to h), it is necessary to contact the Data Controller.
- NATURE OF CONFERMENT
The provision of personal data by the party concerned, although not mandatory, is necessary for the achievement of the purposes indicated above. Failure to provide data renders the legal relationship at the basis of the processing unenforceable.
It is the responsibility of the Party Concerned to promptly inform the Data Controller of any changes concerning the personal data provided.
- AUTOMATED DECISION-MAKING PROCESSES INCLUDING PROFILING
The data provided will not be processed by automated decision-making processes, including profiling.
- PROCESSING METHODS
The data provided will be processed by us in accordance with the provisions of the GDPR 679/2016 and according to the following procedures:
- a) access to data and archives only allowed to persons in charge/authorized to process data;
- b) protection of data and areas through appropriate measures and that are systematically monitored;
- c) data collection by direct contact with the party concerned;
- d) registration and processing both by means of IT support and through files and hard copies;
- e) organization of archives in mainly computerized form, but also on paper;
- f) verification and modification of data following any request from the customer/supplier.
- COMPLAINTS TO THE CONTROL AUTHORITY
Parties Concerned have the right to file a complaint with the Supervisory Authority if that they consider that the processing concerning them is in violation of the GDPR 679/2016.
The reference Authority is the Guarantor for the protection of personal data http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524