INFORMATION NOTE ON CUSTOMERS’ PERSONAL DATA PROCESSING PURSUANT TO EU REGULATION 2016/679 (“GDPR”)
THE DATA CONTROLLER
Tel +39 0438 4067 Email firstname.lastname@example.org
Villa Rosina – Vicolo Aldo Bottega 2, 31010 Bibano di Godega di Sant’Urbano (TV).
PERSONAL DATA THAT IS PROCESSED
“Data” means the data belonging to natural persons that the Company processes in order to stipulate and fulfil the contractual relationships with the company’s own customers/legal entities (“Customers”), including the data of the legal representative who signs the contract on behalf of the customer, as well as of the customer’s employees/consultants involved in the activities covered by the contract. In the latter case, the customer is the source for the data.
To establish and fulfill the contractual relationships between the customer and the Company.
To satisfy administrative-accounts requirements, including accounting and treasury management, invoicing (e.g. checking and recording invoices), in compliance with current legislation in force.
Out of court credit collection.
If necessary, to ascertain, enforce and defend the Data Controller’s rights in legal cases.
LEGAL BASIS FOR PROCESSING
Fulfil the contract with regards the legal representative’s data.
Legitimate interest with regard to the data belonging to the customer’s employees’/consultants’ involved in the contract activities.
Need for the company to satisfy a legal obligation.
DATA RETENTION PERIOD
Contract duration and 10 years after the termination of the contract. In the case of legal disputes, for the duration of the same, until the expiry of the terms to impugn the actions.
After the aforesaid retention periods, the data are destroyed or made anonymous, in line with the deletion and backup technical procedures.
Data transfer is compulsory in order to conclude and/or fulfil the contract. Refusal to provide the data would not enable establishing the contractual relationship and/or fulfil the relative obligations.
The data could be communicated to external parties operating as Processing holders, for example, supervisory and control authorities, and generally any public or private subjects entitled to request the data.
The data could be processed on behalf of the Data Controller by external subjects appointed as Processing Managers, who perform specific activities for the Data Controller, for example, accounts, tax and insurance requirements, mailing, collection and payment management, etc.
AUTHORISED PROCESSING SUBJECTS
Data can be processed by company’s employees assigned to pursue the purposes listed above, and who are expressly authorised for the processing and have received adequate work instructions.
RIGHTS OF THE DATA SUBJECT – CLAIMS TO THE SUPERVISORY AUTHORITY
By contacting the Company by email to email@example.com, the data subject may request to the Company to access to their data, as well as to erase or correct them, to limit processing in the cases envisaged by art. 18 GDPR, and oppose processing performed in the holder’s legitimate interest.
Furthermore, for any processing based on consent, the contract or performed by means of automated tools, the data subject has the right to receive the data in an organised format of common use that is legible from any automatic device and, if technically feasible, to transfer the data to another holder without any obstacle. The data subject has the right to lodge claims with the competent supervisory authority in the member state where the party normally resides or works, or in the state where the presumed violation took place.
The data subject has the right to withdraw his or her consent at any time when the consent was given for marketing purposes. Furthermore, the data subject has the right to oppose any data being processed for these purposes. The right remains for the data subject who prefers to be contacted by traditional methods for these purposes, to oppose receiving communications using automated methods.