In pursuance of Art. 13 and 14 of the European Regulation (EU) 679/2016 (GDPR),as regards to the personal data provided to our Company, we hereby inform you that:
DATA CONTROLLER AND DATA PROTECTION OFFICER
The data controller is I.C.A.S. Spa, registered office Via Torino, 288 – 10015 S. Bernardo d’Ivrea (TO), PIVA/CF. 00477030019, in the person of its Director Alberto Getto (referred to hereinafter as the “Data Controller”).
The Data Controller may be contacted by e-mail at: firstname.lastname@example.org
The list of Data Protection Officers, if appointed, is available at the Data Controller’s headquarters.
The list of the Data Controller’s representatives is available at the Data Controller’s headquarters.
The Data Controller has not appointed a Data Protection Officer, DPO.
PURPOSES AND LEGAL BASIS FOR DATA PROCESSING
Your personal data (first name, last name, taxpayer’s code number, address, telephone number, e-mail address, banking data) shall be processed:
A) Without your express consent (Art.6, paragraph.1, lett. b) for the following purposes:
- Contracts of sale and/or supply;
- Fulfillment of pre-contract obligations, as well as contract and fiscal obligations resulting from the relations currently in place with you;
- Fulfillment of obligations provided for by law, by regulations, by Community legislation or by order of the Authorities (for example, with regard to money-laundering)
- Exercise of the Data Controller’s rights (for example, the right to legal defense).
B) Only prior your specific and clear consent ( that is, by signing this document or the online form as per art. 7 of the GDPR) for the following purposes:
- Marketing and/or promotional activities by e-mail, SMS, Apps, social media, second-class mail and/or phone, newsletters, forwarding of commercial information and/or advertising material about products and/or events offered and organized by the Data Controller.
MEANS OF DATA PROCESSING
Personal data shall be processed (that is, collected /recorded/ organized / structured / kept/ consulted/ extracted / modified/ selected / used/ forwarded / compared / interconnected/ deleted/ destroyed) by means of both paper and computer files (including portable devices) and through automated decision-making processes, including profiling for the above-mentioned purposes.
CONSEQUENCES OF NON-PROVISION OF PERSONAL DATA
With regard to the personal data concerning the performance of the contract of which you are party or the fulfillment of a legal obligation ( such as those regarding book-keeping and accounting), the non-provision of personal data shall prevent the contract from being implemented.
RECORD-KEEPING OF PERSONAL DATA
Your personal data, which are subject to processing for the above-mentioned purposes, shall be kept for the duration of the contract and, subsequently, for the time in which the Data Controller is subject to record-keeping obligations for tax purposes or for other purposes as provided for by law or regulations. With particular regard to marketing/promotional purposes, the retention period of the personal data provided shall be 10 years.
DISCLOSURE OF PERSONAL DATA
Your personal data, for the purpose of the performance of the contract and for the above-mentioned purposes, may be disclosed to:
- Consultants and other professionals (accountants, lawyers) who provide a service (contractual and fiscal) for the above-mentioned purposes;
- Natural and legal persons (legal, accounting and tax firms, auditing firms, carriers and forwarding agents, data centers etc.), in those cases in which disclosure of data is necessary for the above-mentioned purposes;
- Banks for the management of takings and payments;
- Factoring and debt collection companies;
- Our specially authorized collaborators and employees in the performance of their job duties;
- Judicial and administrative authorities, for the fulfillment of legal obligations.
Data provided shall not be transferred to a third non-EU country.
RIGHTS OF THE INTERESTED PARTY
According to the GDPR, you are entitled to:
Receive from the Data Controller confirmation of the existence or otherwise of personal data concerning you, even if not recorded yet, and communication of it in an intelligible form; be informed by the Data Controller about:
- The origin of personal data;
- means and purposes of processing;
- the logic behind the processing by means of electronic devices;
- the identification details of Data Controller and Data Protection Officer;
- the subjects or categories of subjects to whom the personal data may be disclosed or who may become aware of them in their capacity as data protection officers or authorized employees;
- To request access to your personal data and information related to personal data; updating and rectification of incorrect data or integration of incomplete data; deletion of personal data (upon the occurrence of one of the conditions pursuant to art.17, paragraph 1 of the GDPR and in compliance with the exceptions pursuant to art. 17, paragraph 3); the restriction on processing of your personal data (upon the occurrence of one of the events set forth in art.18, paragraph 1 of the GDPR);
- To obtain the anonymization or blocking of data processed in violation of the law, including those for which record-keeping is not necessary with regard to the purposes for which the data have been collected and subsequently processed;
- To request and obtain from the Data Controller- if the legal basis for the processing is the contract or consent, and the processing is carried out by automated means- your personal data in a structured and readable format by automatic device, also for the purpose of disclosing such data to another data controller ( the so-called right to data portability);
- To oppose, at all times, the processing of your personal data by the means and within the limits pursuant to art.21 of the GDPR;
- To withdraw the consent at all times, as far as the processing is based on your consent for one or more specific purposes and concerns ordinary personal data (such as date and place of birth or place of residence), or specific data categories ( such as data revealing your racial origin, political opinions, religious beliefs, health status or sex life).Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Request to exercise such rights shall be forwarded to the Data Controller by e-mail to email@example.com
or by certified mail letter to I.C.A.S. Spa, in the person of its Director Alberto Getto, Via Torino, 288 – 10015 S. Bernardo d’Ivrea (TO) – Italy.
Should the interested party believe that his or her rights have been violated by the Data Controller and/or by a third party, he or she shall have the right to lodge a complaint with the supervisory authority (Personal Data Protection Authority – www.garanteprivacy.it).