Articles 13 and 14 of EUROPEAN REGULATION No. 679/2016
Italian Legislative Decree 196/2003, amended by Italian Legislative Decree 101/2018
Dear Website Visitor,
We, the undersigned SAORDELMAR SRL, with registered office at Via M. Buonarroti, 2 – 35010 San Giorgio in Bosco (Padua, Italy), Tax Code and VAT number 04320610282 , in our capacity as “Data Controller”, hereby inform you, pursuant to articles 13 and 14 of European Regulation no. 679/2016 (hereinafter the “EU Regulation”), that your data will be processed as follows:
- Subject of the Processing
The Data Controller hereby informs you that the personal and identifying data (such as full name, business name, address, telephone number, email address, bank and/or payment details, etc.), hereinafter the “personal data” or simply “data”, concerning you, acquired even verbally, directly or through third parties, may be processed in full compliance with the EU Regulation.
Data processing means any operation or set of operations concerning the collection, recording, organisation, storage, consultation, treatment, alteration, selection, retrieval, alignment, use, combination, freezing, disclosure, dissemination or destruction of the said data.
If the current contract with your Company includes the processing of personal data for its fulfilment, you will provide us with personal data for processing, with regard to which you, in your capacity as Data Controllers, will certainly have obtained, free, specific, informed, unequivocal consent from the data subjects.
- Legal basis and Purpose of the processing
Legal basis EU Regulation no. 679/2016, Italian Legislative Decree no. 196/2003 amended by Italian Legislative Decree no. 101/2018.
The processing of your personal data, also requested and/or contributed verbally, is based on the provisions of art. 6 of EU Regulation 2016/679, on your consent or on our legitimate Interest as Data Controller in defending our rights in any legal dispute, the performance of a contract to which you are a party, or the performance of precontractual measures (e.g. issue of an offer, etc.) which you have requested, and its purposes are as follows:
- A) without your specific consent (art. 6 of the EU Regulation):
– for compliance with pre-contractual, contractual and fiscal obligations arising from business relationships with you;
– for compliance with the obligations enforced by the law, a regulation, Community regulations or an Authority order (such as measures to prevent money laundering);
– exercise of the Data Controller’s rights, such as the right to defend itself before the Courts;
– for general accounting purposes;
– for the pursuance of the legitimate interests of the Data Controller;
– for administrative purposes (billing, management of documents, etc.);
– for credit management;
– for statistical and quality control analytics;
– for insurance administration;
– for technical assistance.
Specifically, your data will be processed for purposes related to the following procedures, necessary for the fulfilment of legal or contractual obligations:
– Technical and functional access to the website: no data are retained after the Browser is shut down;
– Advanced navigation or customised content management;
– Statistical purposes and Analysis of navigation and user data.
- B) Only further to your specific, separate consent (art. 7 of EU Regulation) for the following commercial and/or marketing and/or profiling purposes:
– sending via email, post and/or text message and/or telephone contacts, of newsletters, marketing communications and/or advertising material on products or services offered by the Data Controller and surveying of the degree of satisfaction with the quality of the services provided on your request;
– sending via email, post and/or text message and/or telephone contacts of marketing and/or promotional communications of third parties (for example, business partners).
- Data Processing Methods
Your personal data are processed by means of the procedures referred to in art. 4 comma 2) of the EU Regulation, i.e.: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Data will be processed in a fair, ethical and transparent manner, by manual, IT and telematic means, using paper and/or digital media. Data will be processed in such a way as to ensure their security and confidentiality.
- Data storage times and other information.
The Data Controller will process the personal data for the time needed to fulfil the purposes aforesaid and in all cases for no more than the legally permitted period after the end of the relationship, for the purposes covered by the current relationship.
Personal data processed for marketing or profiling purposes will be stored in accordance with principle of proportionality, and in all cases until the purposes of the processing have been pursued or the specific consent is withdrawn by the data subject.
Specifically, the Data Controller will process data for no more than two years after their collection for marketing purposes, and one year for data collected for profiling purposes.
Data of possible job applicants: the personal data of job applicants will be erased 6 months after the end of the selection process.
The personal data you contribute will be processed “in a lawful manner, in accordance with principles of fairness and transparency” protecting your confidentiality and your rights.
It should be pointed out that if no significant contacts have occurred for a period of ten years, or in the event of exercise of the rights assigned to the data subject by the EU Regulation (e.g. right to deletion/to be forgotten, of restriction of processing), the personal data will be transferred to a specific encrypted digital and/or paper database (secure database) only accessible to the Data Controller, or will be destroyed without leaving any copies, unless otherwise required by current law.
The data processed are audited annually, and the possibility of erasing them if they are no longer necessary for the intended purposes is considered.
- Access to data (categories of recipients to whom data may be disclosed)
Your data may be rendered accessible, for the purposes set out in points 2.A) and 2.B), to the subjects listed below, duly designated and instructed for this purpose:
1) to the Data Controller’s shareholders, employees and associates in Italy and abroad, in their capacity as data users and/or persons in charge of the processing and/or system administrators;
Your personal data may also be disclosed to third parties who are recipients of dossiers which relate to you, for the performance of the activities described in greater detail above, and to third parties which interact with us, always solely for activities necessary for the aforesaid purposes; these categories are:
- Consultants (such as, for example, accountant and/or fiscal consultant and/or employment consultant) for aspects which may relate to you, in accordance with the legal procedures;
- IT companies (Data Centres, Cloud Providers, companies providing IT services including backup and/or maintenance of hardware and software, including apps etc.), including those resident abroad, but in all cases with permanent organisations and/or using devices located in the European Union, to ensure the security and confidentiality of the data;
- Professionals and/or Companies operating in the occupational health and safety sector;
- Legal advisors and law firms for any disputes;
- Local government authorities for the performance of institutional functions, within the limits set by the Law and regulations;
- Pension and social security institutions and certifying bodies;
- Insurance companies and claims adjusters, experts and appraisers appointed by them;
- Business consultants.
- Public authorities and administrations for purposes connected to the fulfilment of legal obligations, or entities lawfully entitled to access data under the provisions of laws, regulations or EU directives;
- Banks, financial institutions or other entities to which the transfer of the aforementioned data is necessary for the conduct of our business in relation to the fulfilment, by us, of the contractual obligations accepted towards you.
For the sake of brevity, the detailed list of these persons and organisations is at your disposal at our registered office.
- E 7. Data disclosure and transfer
With no need for specific consent (art. 6 commas b) and c) of the EU Regulation), the Data Controller may disclose your data, for the purposes stated in art. 2.A) above, to supervisory bodies, judicial authorities, and the entities to which communication is compulsory by law for the fulfilment of the purposes referred to above.
The said entities will process the data in their capacity as independent data controllers.
During and after browsing of the website, your data may be disclosed to third parties, in particular to:
– Google: Advertising service, Advertising target, Analytics/Measurement, Content customisation, Optimisation;
– Google AdWords: Advertising service, Advertising target, Analytics/Measurement, Content customisation, Optimisation;
– Google Analytics: Advertising target, Analytics/Measurement, Optimisation.
Your data will not be generally disseminated.
Personal data are stored on devices located at the registered office of the Data Controller or on the premises of providers, inside the European Union. The data you contribute may be transferred to non-EU member states, since we use external Data Processors who may make transfers of this kind during the performance of their services (such as the provision of an email service, some types of cloud or services of other kinds), also through their own data processors. In order to guarantee the security of transfers of this kind, we only use the services of entities which provide the necessary guarantees regarding the implementation of adequate technical and organisational measures to ensure that processing complies with the provisions of Reg. (EU) 679/2016 (for example, by assessing the presence of adequacy decision or by regulating the relations with the aid of standard contractual clauses).
However, it is understood that the Data Controller may also transfer the data to non-EU member states if necessary. In this case, the Data Controller hereby assures you that data will be transferred outside the EU in compliance with the relevant legal requirements, further to signing of the standard contractual clauses (the standard contractual clauses are available at: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm) and performance of the standard checks required by the European Commission (specifically, the conditions set forth in SECTION 5 of the EU Regulation will be complied with).
With regard to both the data stored on its devices and any data held by providers, the Data Controller has implemented technical and organisational measures sufficient to guarantee an adequate level of security, in full compliance with the provisions of the EU Regulation.
Navigation: your navigation data may also be transferred, only for the aforesaid purposes, to the following countries: – EU countries, – United States.
Since each browser – and often different releases of the same browser – may vary even considerably from others, if you wish to take action yourself by means of your browser’s preference settings, you will find detailed information about the necessary procedure in your browser’s help pages.
- Nature of contribution of data and consequences of refusal to reply
The contribution of data for the purposes as per point 2.A) above is compulsory. In their absence, we will not be able to assure you the services as specified in point 2.A).
The contribution of data for the purposes as per point 2.B) above, on the other hand, is optional. You may therefore decide not to contribute any data or subsequently to refuse consent to the processing of data already contributed; in this case, you will be unable to receive newsletters, marketing communications and advertising material, and/or anything relating to the Services offered by the Data Controller.
However, you will continue to be entitled to the Services as per point 2.A).
Some website data fields may be marked with an *. These fields must be compiled when entering your data. The consequence of not contributing the data is the inability to benefit from the service for which the data are requested.
- Rights of the data subject
In your capacity as data subject, you hold the rights specified in articles 15 to 22 of the EU Regulation as stated below, and specifically the right to:
– obtain confirmation of the existence and processing of personal data concerning you and written (digital) copies of them in a clear, comprehensible form (“right of access”);
– obtain information regarding the purposes for which the data are being processed, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, whenever possible, the period for which the data will be stored;
– obtain the rectification of data concerning you (“right of rectification”)
– obtain the erasure of data concerning you (“right to be forgotten”);
– obtain restrictions of the processing (“right to restriction of processing”);
– where the personal data are not collected from the data subject, to obtain any available information as to their source;
– obtain data portability, that is, the right to receive them from a data controller, in a structured, commonly used and machine-readable format, and to transmit them to another data controller without hindrance (“right to data portability”);
– object to processing at any time, including processing for direct marketing purposes (“right to object”);
– object to an automated decision-making process relating to natural persons, including profiling;
– withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal;
– lodge a complaint with a supervisory authority (Data Protection Authority).
There may be conditions or restrictions on the rights of the data subject. It is not certain, for example, that the right to data portability applies in all cases – this depends on the specific circumstances of the processing activity.
- Procedures for exercising rights
You may at any time exercise your rights by sending:
– a registered letter with return receipt to us (see address in letterhead);
– an email to: email@example.com.
The offering of the Data Controller which constitutes the subject of the current relationship with you does not envisage the intentional acquisition of personal information concerning children. If data relating to children should be unintentionally recorded, the Data Controller will erase them without undue delay, on the request of the data subject.
- Personal data not obtained from the data subject
In some cases, our organisation is not the Data Controller to whom you have contributed your personal data, but is joint data controller or an external data processor, in which case we have received your data at second hand due to a contract in force between the parties. In this case, please note that we will make every effort to ensure that you have been informed and have consented to the data processing. You may ask us to specify the source from which your data were obtained at any time.
- Data Controller and Users
The following is information of which you need to be made aware, not only in order to fulfil legal obligations, but also because transparency and integrity in relation to our customers are a fundamental part of our business.
Data Controller. The Data Controller with regard to your personal data is SAORDELMAR SRL, through its legal representative Mr. Mauro Attilio Salvato, responsible in relation to you for the lawful, fair use of your personal data. You may contact him for any information or requirements by phone +39 049 9630161, or email firstname.lastname@example.org.
Data Users. The updated list of the data users is conserved at the registered office of the Data Controller.
The Data Controller