Notice pursuant to art. 13 of EU Regulation 2016/679
on the protection of personal data (”GDPR”).
Pursuant to and by virtue of art. 13 of EU Regulation 2016/679 on the protection of personal data (”GDPR”) and of the national privacy legislation, please be advised that your personal data shall be processed with electronic and manual means in Italy and abroad. This notice, provided on the basis of the principle of transparency and of all other provisions of the GDPR is organised in sections, each focusing on a specific topic, so that the reader will find this easy to read and understand (hereinafter, the “Notice”).
WHO IS THE DATA CONTROLLER?
The data controller (hereinafter, the “Data Controller”) is Gielle Plast S.r.l., a sole proprietorship with registered office in via Giovanni Stefani 5/7 33076 Pravisdomini (PN).
DATA PROTECTION OFFICER
The Data Controller has not appointed a DPO in compliance with art. 38, however, it is possible to contact the privacy department for all issues concerning the processing of Your personal data and the exercise of the rights granted by the GDPR at the following address: firstname.lastname@example.org
LAWFULNESS OF PROCESSING
Your personal data can legally be processed to:
- comply with contractual obligations and requirements.
- legal obligations.
WHAT IS THE PURPOSE OF THE PROCESSING OF PERSONAL DATA?
Your personal data shall be processed in order to manage the service provided and fulfil all and any legal obligations, such as:
- performance of the supply agreement or order.
- invoicing of due sums and of any additional services.
- fulfilment of legal obligations, including accounting, administrative and fiscal ones.
- management of complaints and disputes.
- prevention of fraud and management of delayed or failed payments.
- protection and recovery of credit, directly or through third parties (collection agencies/companies, legal firms) who will be provided with the data they require to perform these tasks.
- assignment of credit to authorized companies.
- storage and use of accounting data pertaining to timeliness of payments, in connection with bonus policies and the refusal of future contractual relationships.
- reporting and quality control.
- Technical communications: communication and/or sending (by e-mail, text message, notification, post, telephone contact, etc.) of technical information and materials connected to the management of the agreement and the Service supplied.
The provision of your data is necessary in order to attained the abovementioned goals.
Any failed, partial or incorrect data communication might entail the impossibility of activating and providing the requested service or of performing the supply agreement.
WITH WHOM COULD YOUR PERSONAL DATA BE SHARED?
Your personal data shall be processed exclusively by persons authorised to process data or by Data Processors, in compliance with the GDPR, in order to perform correctly all the processing activities that are necessary in order to pursue the goals mentioned herein. Your Personal Data can be shared with Public Agencies or the Judicial Authorities, where required by law or to prevent or suppress the commission of an offence and, in any case, to:
- the legitimate recipients of communications provided for by law or regulations (such as, for example, Offices and Public Authorities);
- the recipients of mandatory communications top fulfil the obligations deriving from the Service and from the signed contract;
- third-party companies specialising in the management of business and credit information (such as, for example, call centres, data processing centres, banks, etc.);
- companies and/or collaborators that manage the administrative services used to fulfil all legal or contractual obligations;
- other subjects (enterprises, companies, individuals) who collaborate with the data controller in the context of the services and supplies that it offers.
No personal data concerning minor children aged up to sixteen will be processed without the prior authorisation of the person having parental responsibility.
LEGITIMATE INTEREST OF THE DATA CONTROLLER
The Data Controller has a legitimate interest in the transfer of Personal Data to Companies included in the group for administrative, analytical and internal reporting purposes.
HOW LONG SHALL YOUR PERSONAL DATA BE STORED?
Your personal data shall be stored for the time strictly necessary to achieve the abovementioned purposes. In particular, Your data shall be processed for no longer than is necessary, that is to say, until the end of any existing contractual relationships between You and the Data Controller, without prejudice for an additional retention period that can be that can be required by law.
The data relating to the spontaneous delivery of curricula will be kept for no more than two years from the date of receipt.
Your data will be kept for a further period in relation to the purposes of disputes and any litigation.
HOW CAN YOU REVOKE YOUR CONSENT?
You have the right to revoke the consent to the processing given to the Data Controller at any time, in part or in full, without prejudice for the lawfulness of any previous processing performed on the basis of the consent before it was revoked.
To revoke your consent, please contact the Data Controller at the addresses included in this notice.
WHERE SHALL YOUR DATA BE PROCESSED?
Your Personal Data shall be processed by the Data Controller within the territory of the European Union.
If, for technical and/or organisational reasons, it should become necessary to ask subjects located outside the European Union to process these data, they shall be appointed as Data Processors pursuant toi and by virtue of art. 28 of the GDPR and the transfer of Your Personal Data to such subjects, exclusively for processing purposes, shall be governed by a specific appointment agreement in accordance with the guarantees and protections provided by the GDPR.
All necessary precautions will be taken in order to guarantee the total protection of your Personal Data, basing such transfer on the assessment of appropriate guarantees including, for example, decisions of adequacy of the recipient third countries expressed by the European Commission; adequate guarantees expressed by the recipient third party pursuant to Article 46 of the GDPR.
In any case, you may request further details from the Data Controller if your Personal Data have been processed outside the European Union, requesting evidence of the specific guarantees adopted.
WHAT ARE YOUR RIGHTS?
Please remember that you can exercise Your rights under the GDPR and obtain, in particular:
- confirmation as to whether or not Personal Data concerning You are being processed, and, where that is the case, access to the personal data and to the following information (purpose of the Processing, categories of Personal Data, data recipients and/or recipient categories to whom the data have been and/or will be communicated, storage period);
- the rectification of inaccurate personal data concerning You and/or the integration of such incomplete personal data, also by means of a statement;
- the erasure of Personal Data in the cases detailed in the GDPR;
- the restriction of processing in the cases detailed in the Privacy Legislation form time to time in force;
- the portability of data concerning You, if feasible and relevant to the service provided;
- the objection, at any time, to the processing of data for reasons connected to Your specific situation, in full compliance with the Privacy Legislation from time to time in force.
You can exercise Your rights by writing to the e-mail address email@example.com, attaching a copy of your ID.
In any case, you also have the right to lodge a complaint with the control authority of competent jurisdiction (Data Protection Authority), pursuant to art. 77 of GDPR if you believe that the processing of Your data is contrary to the Privacy Legislation from time to time in force.