INFORMATION ON THE PROCESSING OF PERSONAL DATA
This information relates to the processing of data carried out by Eurotessuti S.r.l with registered office in Via Pilastro 6 – 46019 Cogozzo di Viadana (MN), VAT No. 01862680202, email: firstname.lastname@example.org (hereinafter the “Data Controller”), also in compliance with EU Regulation 2016/679 (hereinafter the “GDPR”).
The Data Controller may process personal data relating to customers and suppliers, agents, consultants, whether data subjects and/or contractors, as defined by current legislation on personal data.
“Personal Data“: shall mean any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable person is any natural person who can be identified, directly or indirectly, by a specific reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity. Personal data subject to Pseudonymisation, which could be attributed to a natural person through the use of additional information, should be considered Personal Data.
“Data Processor” means the natural or legal person who processes Personal Data on behalf of the Data Controller.
“Data Controller” means the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Processing” means any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
1. Identity and contact details of the data controller
The data controller is Eurotessuti S.r.l.
As the Controller is established in Italy, no representative has been appointed.
2. Purpose of processing and legal basis of processing
Personal data will be processed for the following purposes:
a. to send direct marketing communications, newsletters, advertising material, by means of traditional contact systems and automated computer systems, including commercial or promotional communications by email or SMS, or for market research and analysis. In this case, the legal basis is the consent, expressed in accordance with this policy;
b. for the purposes related to relevant legal obligations, in this case the legal basis is the legal obligation of the Controller to process such personal data in accordance with the applicable national law.
3. Ways of expressing consent
Consent, where required, may be expressed:
- by signing a computerised document, including by means of specific flagboxes.
4. Processing methods and logic
- In relation to personal data processed for the purposes referred to in point a) number 2 of this policy (marketing purposes), the processing will be carried out by means of software for sending commercial information.
- With regard to the personal data processed and stored for the purposes referred to in point b), number 2 (legal purposes), the processing will be carried out using paper-based instruments, automated logic and the use of CRM-type management software that will enable the best possible management of the fulfilment of contractual obligations.
5. Source from which personal data originate
Only data provided in accordance with this policy will be processed. Personal data from publicly accessible sources will not be processed.
6. Recipients and possible categories of recipients of personal data
The following categories may be recipients of personal data:
- communications companies that carry out commercial communication and profiling activities on behalf of the Controller, where consent has been given, and which are responsible for the processing;
- companies offering information society services, including, in particular, those offering hosting services;
- companies carrying out statistical and market surveys, where consent has been given;
- audit firms;
- the Controller’s partner companies.
7. Categories of data
Personal data will be processed. In no case may special data be processed pursuant to Article 9 of the GDPR.
8. Data transfer
The Controller intends to transfer personal data to a third country or international organisation. Such entities could be represented, by way of example, by:
- communications companies that carry out communications activities on behalf of the Controller;
- communication society service providers;
- controlled and/or controlling organisations.
The transfer of personal data to such subjects, if established in a third country or an international organisation, is carried out in the presence of an adequacy decision by the European Commission, which has verified that the third country, the territory or one or more specific sectors within the third country, or the international organisation in question guarantee an adequate level of protection of rights. In any case, the Data Controller – should it deem it appropriate – reserves the right to conclude specific separate agreements obliging such parties to adopt adequate security measures, including organisational measures, aimed at offering appropriate guarantees regarding rights. The data may thus be transferred to the following countries: United States of America. In order to obtain a copy of such data or the place where they have been made available, it is sufficient to send such a request to the Data Controller, at the addresses indicated above.
9. Period of retention of personal data
- Personal data processed for the purposes set out in point a) number 2 of this policy (marketing purposes) are processed and stored until the data subject requests their deletion and/or revocation.
- Personal data processed and stored for the purposes of point b) number 2 (fulfilment of legal obligations) are processed and stored in accordance with the provisions of current legislation.
10. Optional nature of consent and consequences of failure to consent
- In relation to personal data processed for the purposes set out in point a) number 2 of this information notice (marketing purposes), the disclosure of personal data is not a contractual obligation. The provision of personal data is optional; however, if such data are not provided, no marketing activities can be carried out.
- In relation to the personal data processed for the purposes set out in point b) number 2 of this notice (legal obligations), the disclosure of personal data is a legal obligation.
11. Right of objection
The data subject has the right to object in the following terms:
- the right to object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him/her pursuant to Article 6, paragraph 1, subparagraphs e) or (f) of the GDPR. The Controller shall refrain from further processing the personal data unless he/she demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims;
- where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you, carried out for such purposes, including profiling insofar as it is related to such direct marketing;
- in case of opposition to the processing of personal data for direct marketing purposes, personal data are no longer processed for such purposes. It is hereby specified that the right of the data subject to object to the processing of his/her personal data for the aforementioned purposes may also be exercised only in part, i.e. by objecting, for example, to the sending of promotional communications by automated and/or digital means, or to the sending of paper communications;
- where personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89, paragraph 1 of the GDPR, the data subject shall have the right, on grounds relating to his/her particular situation, to object to the processing of personal data relating to him/her, except where the processing is necessary to perform a task carried out for reasons of public interest.
12. Other rights
The Data Controller also wishes to inform of the existence of the following rights:
- Right of access: the data subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning him/her is being processed and, if so, to obtain access to the personal data and specific information, in accordance with Article 15 of the GDPR;
- Right of rectification: the data subject shall have the right to obtain from the Controller the rectification of inaccurate personal data concerning him/her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the supplementation of incomplete personal data, including by providing a supplementary declaration, in accordance with Article 16 of the GDPR;
- Right to deletion of data, including the right to withdraw consent: the data subject has the right to obtain from the Controller the deletion of personal data concerning him/her without undue delay and the Controller has the obligation to delete the personal data without undue delay, or to withdraw his/her consent, if the grounds defined in Article 17 of the GDPR exist. With regard to the right of revocation, the data subject also has the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given prior to the revocation;
- Right to restriction of processing: the data subject has the right to obtain from the Controller the restriction of processing when the hypotheses defined in Article 18 of the GDPR apply;
- Right to data portability: the data subject has the right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her provided to the Data Controller and has the right to transmit such data to another data controller without hindrance by the Data Controller in the cases and under the conditions specified by Article 20 of the GDPR;
- Contractor’s right to object to commercial communications: the contractor has the right to object at any time, free of charge, to receiving commercial communications.
13. Exercise of rights
Requests for the exercise of the rights indicated in this information notice, including, in particular, the right to deletion and the right to withdraw the consent given should be addressed directly to the Data Controller at the email address email@example.com. Alternatively, you can exercise your rights by sending a registered letter with acknowledgement of receipt to the following address: Via Pilastro 6 – 46019 Cogozzo di Viadana (MN).
14. Accessibility of information
The information is available from the Controller. If expressly requested, the information may also be provided verbally, as long as the identity of the person making the request is proven, by means of a telephone request to the Controller’s addresses.