(in accordance with art. 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/16)
PIUSI S.p.A. – with registered office in via Pacinotti n. 16/A, 46029 Suzzara (MN), Italy, VAT No. 01869920205 (hereinafter “Controller”), in its capacity as Data Controller, advises you, in accordance with the Italian legislation in force and art. 13 and 14 of EU Regulation no. 2016/679 (hereinafter “GDPR”), that the personal data you have provided will be processed with the following methods and purposes:
1. Data subject to processing
The data subject to processing will be identification data (e.g. forename, surname, company name, address, telephone, e-mail, bank and payment details), hereinafter defined “personal data” or also simply “data”, that you communicate to the Data Controller in light of the contractual relationship existing with them or the relationship of contact made with them (e.g. sending CV).
2. Purpose of processing and consent of data subject
2.1 In accordance with art. 6 of EU Reg. 2016/679, your data will be processed solely for the following purposes:
- The performance of the contract you have entered into with the Data Controller;
- Fulfilling the pre-contractual, contractual and tax obligations deriving from the relationship existing with you;
- Carrying out commercial, management, economic and financial information collection, IT system management, insurance, banking and non-banking intermediation, factoring, delivery management, correspondence preparation and delivery and credit management and protection activity;
- Fulfilling the obligations envisaged by law, by a regulation, by EU regulations or by an order from the Authority (in relation to money laundering, for example);
- Exercising the rights of the Controller, for example the right to defence before the courts.
- 2.2 Only upon the acquisition of your express consent in writing, the data that you communicate will also be processed for the following purposes:
- Delivery – by e-mail, post and/or SMS and/or telephone contact, newsletter – of commercial communications and/or advertising material on products or services offered by the Controller.
Only after obtaining your specific written consent will the data you provide will be processed for the following purposes:
- Sending - by email, mail and/or text messages and/or telephone contacts, newsletters - of commercial communications and/or advertising material on products or services offered by the Owner.
2.3 We advise you that if you are already our client, we may send you commercial communications concerning the products and services of the Controller analogous to those that you have already used, unless you expressly object to this type of processing, which should be communicated to the Controller.
3. Data processing and storage methods
3.1 Your personal data will be processed through the operations indicated in art. 4 of the Italian Privacy Code and art. 4 no. 2) of the GDPR and specifically: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data will be processed both on paper and electronically and/or automatically.
3.2 The Controller will process your personal data for the time necessary to fulfil the purposes referred to in art. 2 of this information and in any case for no more than 10 years from the termination of the contractual relationship, also with regard to the personal data acquired for marketing purposes. At the end of the aforesaid period, the data will be deleted or anonymised.
3.3 The Data Controller will take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
4. Access to data
Your data may be made accessible for the purposes referred to in art. 2.1 and 2.2:
- To employees and partners of the Controller, in their capacity as processors and/or internal processing supervisors and/or system administrators;
- To third-party companies or other third parties (purely by way of example: banks, professional firms, notaries, lawyers, consultants, self-employed persons, insurance company staff, etc.) who perform outsourced activity on behalf of the Controller, in their capacity as external processing supervisors;
- To companies controlled by and/or connected to the Controller.
5. Communication of data
5.1 Your data may be communicated for the purposes referred to in art. 2.1 to Supervisory Bodies (such as IVASS), Judicial Authorities, insurance companies for the provision of insurance services, as well as those subjects to whom communication is compulsory by law for the performance of the aforesaid purposes. These subjects will process the data in their capacity as autonomous data controllers.
5.2 Your data will not be distributed.
6. Data Transfer
Your personal data will be stored on servers located within the European Union. It is in any case understood that the Controller, should it be necessary, shall be entitled to move the servers outside the EU as well. In this case, the Controller assures as of now that the transfer of data outside the EU shall take place in accordance with the provision of applicable laws, subject to the stipulation of the standard contractual clauses envisaged by the European Commission.
7. Nature of data provision and consequences of refusing to respond
7.1 The provision of data for the purposes referred to in art. 2.1 is mandatory. In their absence, we cannot guarantee the performance of the purchase agreement.
7.2 The provision of data for the purposes referred to in art. 2.2 is instead optional. You may therefore decide not to provide any data item or subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications or advertising material concerning the products offered by the Controller.
8. Rights of the data subject8.1
In your capacity as data subject, you have the rights guaranteed by existing Italian legislation and by art. 15 of the GDPR, and specifically the rights to:
- Obtain confirmation of whether personal data which concerns you exists or not, even if not yet registered, and the communication of this data in an intelligible form.
- Obtain indication: a) of the origin of the personal data; b) of the purposes and methods of processing; c) of the logic applied in the case of the identification data of the controller, of the supervisors and of the appointed representative in accordance with art. 5, paragraph 2 of the Italian Privacy Code and art. 3 paragraph 1 of the GDPR; e) of the individuals or categories of individuals to whom personal data can be communicated or who could become aware of it in their capacity as designated representatives within the state, data supervisors or processors;
- Obtain: a) the updating, amendment or, where interested, completion of the data; b) the deletion, anonymisation or blocking of data processed unlawfully, including that which does not have to be kept for the purposes for which the data had been collected or subsequently processed; c) the declaration that the operations, including the contents, referred to in letters a) and b) were brought to the awareness of those to whom the data was disclosed or distributed unless this proves to be impossible or would involve the employment of methods that are clearly out of proportion to the right protected;
- Object to, fully or in part: a) the processing of the personal data that concerns you for legitimate reasons, even if relevant to the purposes for which they were collected; b) the processing of personal data that concerns you for the purposes of sending advertising or direct sales material or to complete market research or commercial communication, through the use of automated calling systems without the intervention of an operator through e-mail and/or through traditional marketing methods employing telephone and or post. We hereby state that the right to object of the data subject, presented in the previous point b), for direct marketing purposes through automated methods extends to traditional methods and that there is still the possibility for the data subject to exercise their right to object also only in part. Consequently, the data subject can decide to receive only communications through traditional methods or only automated communication or neither of the two types of communication.
Where applicable, they also have the rights referred to in art. 16–21 of the GDPR (Rights to rectification, right to be forgotten, right to limit processing, right to data portability, right to object) as well as the right to lodge a complaint with the Data Protection Authority. 9. Method of exercising rights
You may at any time exercise the rights referred to in the preceding point 8 by sending:
- Registered mail with return receipt to PIUSI S.P.A., via Pacinotti n. 16/A, 46029 Suzzara (MN), Italy
- An e-mail to the address firstname.lastname@example.org which must be followed within the following 48h by registered mail with return receipt to the address indicated above.
10. Data Controller and contact details
The Data Controller is PIUSI S.P.A. with registered office in via Pacinotti n. 16/A, Tel. +39 0376-534561 - Fax +39 0376-536393 - E-mail email@example.com.
The updated list of data supervisors and processors is held at the registered office of the Data Controller.