POLICY ON PERSONAL DATA PROCESSING
Articles 12 et seq. of Regulation (EU) 2016/679 (GDPR)
Regulation (EU) 2016/679 (‘General Data Protection Regulation’, hereinafter GDPR) provides for the protection of natural persons with regard to the processing of personal data. Pursuant to this regulation, the processing of personal data referring to a person, who is specifically defined as the ‘data subject’, is based on the principles of fairness, lawfulness and transparency, as well as the protection of the confidentiality and rights of such data subject.
This policy aims at informing you, in compliance with the abovementioned regulation, that as a result of the relationship(s) that you have with our company, as a Customer, we hold certain data pertaining to you, which has been obtained, including orally, directly or through third parties which carry out processing concerning you or which, in order to comply with your request, obtain and provide us with information.
Pursuant to the GDPR, since this data relates to you, it shall be qualified as ‘personal data’, and shall therefore benefit from the protection afforded for by these provisions. In particular, pursuant to such regulation, you are the data subject who is entitled to benefit from the rights provided for the protection of your personal data.
Pursuant to Articles 12 et seq. of the GDPR, our company, as Data Controller, shall process the personal data you provide in compliance with the regulation, with the utmost care, implementing effective management procedures and processes in order to ensure the protection of the processing of your personal data. For this purpose, the undersigned, using material and management procedures to safeguard the data collected, undertakes to protect the information disclosed, in such a way as to prevent unauthorised access or disclosure, as well as to maintain the accuracy of the data and also to ensure its appropriate use.
In accordance with this introduction, the following information is provided:
Personal data collected
The undersigned, as Data Controller, uses your personal data in order to operate its business to the best of its ability.
You may be requested to provide, even partially, the following data:
Storage periods of your personal data
The data collected shall be stored for the time necessary to perform the service requested and, in any event, for thirty days from the date of its complete performance. In the event that data that is not related to the administrative and accounting obligations connected with the contractual relationship is processed, such data shall be stored for the period of time necessary to achieve the purpose for which it was collected and then it shall be erased. You will be informed of the storage period of such data at the time when such data is collected by specific policies.
Mandatory or optional provision of data and consequences of refusal.
The data that is essential for the performance of the contractual relationship, as well as the data necessary to fulfil the obligations provided for by laws, regulations, provisions (including EU provisions), or provisions of Authorities authorised to do so by law and by supervisory and control bodies, shall be mandatorily provided to the undersigned.
Data that is not essential for the performance of the contractual relationship shall be qualified as such and shall be deemed to be additional information and its provision, if requested, is optional. Your refusal to provide such data, however, will result in our company being less efficient in conducting relations with third parties.
In the event that sensitive data is essential or its processing poses specific risks for performing the relationship or for the carrying out of specific services as well as legal obligations, the provision of such data shall be mandatory and since its processing is only permitted with the data subject’s prior written consent (pursuant to Articles 9 and 10 of the GDPR), you shall also consent to its processing.
Processing methods
Pursuant to and for the purposes of Article 12 et seq. of the GDPR, we would like to inform you that the personal data you disclose to us shall be recorded, processed and stored in our paper and electronic archives, in compliance with the appropriate technical and organisational measures referred to in Article 32 of the GDPR. The processing of your personal data may consist of any operation or set of operations including those indicated in Article 4(1)(2) of the GDPR.
Personal data shall be processed through the use of appropriate technical and organisational measures to ensure a level of security and confidentiality and may be carried out, directly and/or through delegated third parties, either manually by means of paper mediums, or with the aid of computerised or electronic tools. The data, for the purpose of correctly managing the relationship and complying with legal obligations, may be included in the Data Controller’s own internal documentation and, if necessary, also in the accounting records and records required by law.
Activities that may be outsourced
The data you provide shall only be processed in Italy. In the event that in the execution of a contractual relationship your data is processed in a non-EU country, your rights under EU law shall be ensured and you shall be promptly notified thereof.
Intended purpose of the personal data processing
The main purpose of the processing of your personal data that the undersigned company intends to carry out is to enable the aforementioned relationship to be duly established and developed as well as to ensure its proper management.
In particular, the purposes of the processing are the following:
Personal data shall be processed in order to fulfil legal obligations, as well as to comply with administrative, insurance and tax obligations provided for by the applicable law, and to fulfil accounting and marketing purposes, or in order to duly comply with contractual and legal obligations deriving from the legal relationship with the data subject.
Furthermore, the data provided may also be used to contact you as part of market research concerning products or services or as part of offers or marketing campaigns.
As a data subject, you may in any case freely choose not to give your consent for these purposes and also indicate the ways in which to be contacted or receive marketing information.
Your data may be disclosed by the undersigned:
In any case, your data shall not be disclosed except to professionals for the performance of acts concerning the performance of relationships that may take place with the Data subjects to whom such data refers to.
Disclosure
The undersigned shall not disclose your data indiscriminately, or in other words, shall not disclose it to unspecified persons, even by means of making it available or consulting it.
Trust and confidentiality
The undersigned considers the trust shown by the data subjects who consent to the processing of their personal data to be valuable and therefore undertakes not to sell, rent or lease personal information to others.
Rights under Articles 15 et seq. of the GDPR
Pursuant to Article 15 of the GDPR, you are entitled to obtain confirmation as to the existence of personal data concerning you, even if it is not yet recorded. The exercise of the rights is subject to ascertaining the identity of the data subject by means of the delivery of an identity document, which will not be retained by the undersigned, but only consulted in order to verify the lawfulness of the request.
You have the right to access personal data and the following information:
If the data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR. You have the right to request from the data controller the rectification or erasure, even partial, of your personal data or the restriction of the processing of personal data concerning you or to object, in whole or in part, to its processing.
To exercise these rights, you can contact our ‘Data Controller officer’ at info@bemermateriali.it by sending a letter to BEMER Srl, c.so Italia n. 9 – 12051 Alba (CN). The Data Controller officer will reply to you within 30 days from receiving your formal request.
We remind you that in the event of a breach of your personal data, you may lodge a complaint with the competent ‘Data Protection Supervisory Authority’.
Details of the Data Controller and, if appointed, of the Representative in the State and of the Data Protection Officer.
Data Controller
The Data Controller is the undersigned: BEMER Srl, Corso L. Einaudi, 88 – 12074 Cortemilia (CN); email: valerio.bemer@bemermateriali.it.
Data processors
External companies with which a contractual relationship has been established and which, in order to fulfil these agreements, need to receive your personal data, shall act as Data Processors.
In order to obtain the names of the Data Processors, if appointed, and to obtain the names of persons appointed as future data processors, each data subject may send a letter requested the Data Controller at the above address.
It should be noted that the Data Processors indicated above are not responsible for processing requests to exercise the rights of data subjects under Articles 15 et seq. of the GDPR. This activity is carried out exclusively by the undersigned in its capacity as Data Controller.
Representative established in the territory of the State
Please note that, in accordance with Article 4(1)(17) of the GDPR, as there are no circumstances provided for by the aforementioned Regulation that require such appointment, no Representative established in the territory of the State has been appointed for the purpose of applying the provisions on the processing of personal data.
Processing without the need for the data subject’s consent
Please note that the undersigned, even without your consent, shall be entitled to process your personal data if this is necessary in order to:
Furthermore, your express consent is not required when the processing
Right to erasure
Please note that you have the right to obtain from the data controller the erasure of personal data concerning you without undue delay and the data controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
where the data controller has made the personal data public and is obliged to erase the personal data, the data controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, such personal data;
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
The Data Controller:
BEMER Srl
Corso L. Einaudi, 88
12074 Cortemilia (CN)
E-mail address of the Data Controller: valerio.bemer@bemermateriali.it