Pursuant to European Regulation 2016/679 Rev.0 of 22/05/2018
Dear Data Subject, we would like to inform you that the European Regulation 2016/679 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (hereinafter “GDPR”) provides for the protection of persons and other entities with regard to the processing of personal data. Our organisation, as Data Controller, pursuant to Article 13 of the GDPR, provides you with the following information:
DATA CONTROLLER: the data controller is the company Rustiklegno di Zadra Massimo via Plan del Sant, 8 – 38023 Cles (TN), CF: ZDRMSM67M06C794G and P.IVA: 00671110229 contactable by phone at 0463 468470 or at the e-mail address email@example.com
CATEGORIES OF DATA: the Data Controller will process personal and/or special data strictly necessary for carrying out the activities related to the work requested and the obligations of a fiscal nature and other binding laws.
SOURCE OF PERSONAL DATA: The personal data that the Controller will hold are collected at the time of execution of the work/service/sale requested.
PURPOSE OF DATA PROCESSING AND LEGAL BASIS: the processing of your data, collected and stored, has its legal basis in your consent and is carried out for the following purposes: customer and supplier management, internal control and analysis services, management of assistance and support services, sending of informative, commercial, accounting and fiscal communications, management of activities relating to the services requested and contractual obligations.
RECIPIENTS OF THE DATA: within the limits pertinent to the processing purposes indicated, your data may be communicated to partners, consulting companies, consultants, lawyers, companies/entities, banks, insurance companies, appointed as Data Processors by the Data Controller. Your data will not be disseminated in any way. The Data Processors and Persons in Charge of Processing in office are punctually identified in the Company Data Management Document, updated at least every year-end.
TRANSFER OF DATA ABROAD: the data collected may be transferred outside the European Union only to countries in which an adequate provision is in force in accordance with the relevant regulations.
PERIOD OF STORAGE: the data collected will be stored for a period of time not exceeding the achievement of the purposes for which they are processed (“principle of limitation of storage”, art 5, GDPR) and/or according to the deadlines provided for by the regulations in force and/or on the basis of specific requests. A check on the obsolescence of the data stored in relation to the purposes for which they were collected is carried out at least every year-end.
RIGHTS OF THE INTERESTED PARTY: the interested party always has the right to request from the Controller access to his/her data, rectification or cancellation thereof, restriction of processing or the possibility to oppose processing, to request portability of data, to revoke consent to processing by asserting these and other rights provided for by the GDPR by simply notifying the Controller. The data subject may also lodge a complaint with a supervisory authority.
OBLIGATORY OR NOT TO PROVIDE DATA: we inform you that the provision of the data requested/acquired is essential for the fulfilment of the above-mentioned obligations, and failure to consent to their processing may result in the non-execution of the contract.
AUTOMATED PROCESSES: the data collected will not be subject to automated processes such as profiling in direct form by the Data Controller. Profiling may be carried out by certain Data Processors appointed by the Controller, whose information is available on request from the data subject.
METHODS OF DATA PROCESSING: the personal data provided by you will be subject to processing operations in compliance with the above-mentioned regulations and the obligations of confidentiality that inspire the activity of the Data Controller. The data will be processed both by computer and on paper and on any other suitable support, in compliance with adequate technical and organisational security measures provided for by the GDPR.