INFORMATION PURSUANT TO THE LEGISLATIVE DECREE 196/2003 UPDATED TO GDPR 679/2016
SAPPT di Cecino & C. s.n.c., with registered office in Località Ponte Nuovo, 10 33040 Torreano Udine – Italiy VAT Code 00158260307 (hereinafter, the “Data Controller”), in its capacity as data controller, informs you in accordance with Legislative Decree. 30.6.2003 n. 196 (hereinafter, “Privacy Code”) and EU Regulation n. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the manner and for the following purposes:
1) Object of the processing
The Data Controller processes personal, identification and non-sensitive data (in particular, company name, first name, last name, tax code, VAT number, email address, telephone number – hereinafter, “personal identification data” or also “data”) communicated by you during registration on the website of the Data Controller and / or the act of entrusting the task.
2) Purpose of the processing
Your personal data are processed:
- A) Without your express consent, for the following purposes of the Service:
- Fulfilling the pre-contractual and fiscal obligations arising from the business relationship established with you;
- Fulfilling the obligations established by law, a regulation, the European legislation or an order of the Authority;
- Exercising the rights of the Controller, for example the right to defend itself in court.
- B) Only with your specific and distinct consent, for the following organizational and management purposes:
- Allow you to register on the website;
- Allow subscription to the newsletter service provided by the Controller and any other services requested by you (if any).
3) Methods of processing and storage times of data
The processing of your data is carried out by means of the operations specified and precisely: collection, recording, organisation, storage, consultation, processing, modification, selection, retrieval, alignment, use, interconnection, block, communication, erasure and destruction of data. Your personal data are subject to both paper, electronic and automated processing.
The Data Controller shall process the data for the time necessary to fulfil the above purposes and in any case for no longer than 10 years from the termination of the relationship for the Service Purposes and for no longer than 2 years from the collection of data for the Marketing Purposes, without prejudice to the exercise of the rights of the interested party and/or other legal obligations.
4) Access to data
For the purposes referred to in art. 2.A) and 2.B), your data may be made accessible to:
- Employees and contractors of the Controller as authorised subjects and/or internal managers and/or system administrators.
- To external companies for the maintenance of computer systems, for the storage of personal data, etc. or to third parties (for example, suppliers, credit institutions, professional firms, etc.) that carry out activities in outsourcing on behalf of the Controller, in their capacity as external data processors.
5) Disclosure of data
Without the user’s explicit consent, the Data Controller can disclose your data for the purposes referred to in art. 2.A) to Supervisory Bodies and/or to Judicial Authorities as well as to all other parties to whom the disclosure is mandatory by law for the accomplishment of said purposes. Your personal data will not be disclosed.
6) Data transfer
The management and storage of personal data will be carried out on servers located within the European Union belonging to the Data Controller and/or appointed third-party companies and duly designated as Data Processors. Currently our servers are located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers in Italy and / or to the European Union and / or non-EU countries. In such a case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions by concluding, if necessary, agreements guaranteeing an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.
7) The nature of the data and the consequences of not providing data
The provision of data for the purposes referred to in Article. 2. A) is mandatory. In their absence, we can not guarantee neither the registration to the site nor the Services of art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is optional.
You may therefore decide not to provide any data or subsequently to deny the possibility of processing data already provided: in this case, the services referred to in art. 2.B) shall not be supplied. In any case, you will continue to be entitled to the Services referred to in art. 2.A).
8) Data subject rights
As an interested party, you have the rights under Art. 15 GDPR and specifically the rights to:
- A) To obtain confirmation of the existence of personal data concerning you, even if the data have not yet been registered, and to access this data in intelligible form;
- B) To obtain the indication of:
- The source of the personal data;
- The purposes and methods of processing;
- The logic applied in case of processing carried out with the help of electronic instruments;
- The identification data concerning the Data Controller, the data processors and the designated representative; and the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative in the State’s territory, data processor or person in charge of the processing;
- C) To obtain:
- The update, rectification or, if interested, integration of data;
- The Cancellation, transformation into an anonymous form or block data processed unlawfully, including data which are not necessary for the purposes for which the data were collected or subsequently processed;
- The certification that the operations referred to art. 8.A) and 8.B) – including their contents – have been brought to the attention of the persons to whom the data was communicated or disseminated, unless this requirement proves to be impossible or involves the use of means that are manifestly disproportionate to the protected right.
- D) To partially or fully object:
- For legitimate reasons to the processing of personal data concerning his/her, even if related to the purpose of data collection;
- The processing of personal data concerning you for the purpose of sending advertising or marketing material by email and/or by traditional marketing methods by telephone and/or paper mail.
- Where applicable, you also have the rights under articles 16-21 GDPR (Right of rectification, right to erasure, right of restriction of processing, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
9) How to exercise your rights:
You may at any time exercise your rights by sending:
- A registered letter addressed to: SAPPT di Cecino & C. s.n.c., with registered office in Località Ponte Nuovo, 10 – 33040 Torreano Udine – Italy
- An email to firstname.lastname@example.org
- A certified email at . email@example.com
10) Data Controller, processor and persons entrusted
The Data Controller is SAPPT di Cecino & C. s.n.c., in the person of the pro-tempore legal representative, with registered office in Località Ponte Nuovo, 10 – 33040 Torreano Udine – Italy. The updated list of data processors and persons responsible for data processing is kept at the registered office of the Data Controller.
11) Changes to this Policy:
This Policy may change. We therefore recommend that you regularly check this policy and refer to the latest version.