articles 13-14 of EU Regulation 2016/679
1. SUBJECT-MATTER OF PROCESSING
The personal data held by the undersigned Company are collected directly from and given voluntarily by the data subjects and/or third parties (e.g. Internet, public records, etc.)
Such information refers to personal details, contact data, bank details, addresses, phone numbers, land and e-mail addresses. The data subjects are identified and identifiable third parties that deal with the undersigned Company or another party in a contract, including potential, such as customers, suppliers, partners, public administration bodies, associations, etc. that are stakeholders and/or parties having business relations with the undersigned Company.
2. PURPOSES OF DATA PROCESSING
Personal data are processed for communication between the undersigned Company, including its staff, and the data subjects during the routine business.
The personal data of data subjects are processed without their express consent (art. 6 letter b), e) GDPR), for the following Service Purposes:
a) Purposes strictly connected with the provision and performance of the services requested (GDPR articles 6(b) and 9(a)), in particular for the management of customers and suppliers, including prospects, carried out by entering them in company data bases with the purpose of complying with legal and contract obligations, of organising work internally, for statistical purposes and for other purposes anyway connected to the business of the undersigned Company, for example compliance with civil, fiscal, tax, accounting, remunerative, social security, insurance norms etc., as well as the sending of circulars and notices regarding the activity dealt with in the contract for the provision of the requested services;
b) purposes connected to legal obligations, as well as to provisions issued by authorities duly authorised by the law (GDPR articles 6(c) and 9 (b,g,h)).
3. PROCESSING METHODS
The personal data concerned may be processed on paper, electronically, using security measures that can ensure the confidentiality of the data subjects and prevent any unlawful access by third parties or unauthorized staff. In any case, the processing of personal data shall be carried out in compliance with the law according to the principles of lawfulness and fairness and in such a way to protect the confidentiality of data subjects.
4. NATURE OF THE PROVISION OF DATA
Providing data is mandatory for all requirements pursuant to legal and contract obligations (points a) and b) of par. “Purposes of Data Processing”). Any failure to provide part or all the mandatory data shall entail the impossibility to establish or follow up any relationships with the data subject; instead failure to provide optional data will not entail any negative consequence other than the impossibility to manage information that is useful in the relationships between the parties.
5. COMMUNICATION AND DISSEMINATION OF DATA
Data (only mandatory ones) are communicated to:
- data processors and persons in charge of data processing, both internal and external, who carry out specific duties and operations (e.g. internal sales network or external agents, companies in charge of market surveys, any sales partners, consultancy firms, third parties)
- people entrusted by the Company to comply with all or part of the obligations undertaken via the contract or relating thereto, credit and banking institutions in general, central credit registers and/or business information providers, business associations and other similar bodies.
Data shall not be disclosed unless otherwise provided by the law.
The personal data processed shall in no way be disclosed to unidentified parties.
6. TRANSFER ABROAD
Processing shall take place mostly in Italy and Europe, but could also be carried out in non-EU and non-EES countries if considered useful for an efficient performance of the objectives pursued and always in compliance with the requirements of the law in favour of the protection of data subjects
7. RIGHTS OF THE DATA SUBJECT
Data subjects are granted the right to:
- Lodge a complaint with a supervisory authority (articles 13-14 of GDPR 2016/679);
- know what personal data will be processed by the Company, their origin, the purpose and method of processing (art. 15 of GDPR 2016/679);
- submit a request for rectification to the Data Controller (art. 16 of GDPR 2016/679);
- submit a request for erasure of data (right to be forgotten) managed by the Data Controller (art. 17 of GDPR 2016/679);
- submit a request of limitation of processing (art. 18 of GDPR 2016/679);
- submit a request of objection in case processing complies with art. 21 of GDPR 2016/679.
Should processing be based on consent, withdrawing the consent given considering that withdrawal of consent does not jeopardise the lawfulness of
processing based on the consent given prior to its withdrawal.
8. PROCESSING DURATION
Processing shall have a duration not exceeding the one required for the purposes for which data was collected.
However, should the data subjects consider the purpose of processing ended for any reason, they shall send a written notice thereof to the Data Controller.
9. DATA CONTROLLER
The Data Controller is Morris Profumi Spa, with registered office in Via Maretto 13, 43126 Roncopascolo (PR), ITALY, and e-mail address: email@example.com
10. DATA PROTECTION OFFICES
The Data Protection Officer (DPO) has not been identified since the undersigned company does not process data of the categories defined by art. 37 of European Regulation 2016/679.
11. DATA PROCESSOR
To be informed about the external Data Processor you can request information to: firstname.lastname@example.org