INFORMATION FOR THE TREATMENT OF CUSTOMERS AND SUPPLIERS’ PERSONAL DATA
Information on the treatment of personal data pursuant to art. 13 D.lgs. 30.06.2003 n. 196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation n. 2016/679 (hereinafter “GDPR”) relating to the protection of persons and other subjects regarding the treatment of personal data.
The new European Regulation EU 2016/679 (“General Data Protection Regulation”) provides that those who carry out treatment of personal data are required to inform the data subject on which data are processed and how they are treated. The treatment must be done with correctness, clarity and transparency, protecting the privacy and rights of the interested parties.
- SCOPE OF INFORMATION VALIDITY
This information is valid for all the treatment carried out by the Owner regarding the management of his economic activity and the information that is collected during this activity.
For the establishment and execution of contractual relationships, our Company is in possession of personal data relating to you such as name, surname, company name, physical and telematic addresses, e-mail, pec, VAT number and / or social security number.
- TREATMENT OBJECT
We process personal data, identification and tax disclosed when contracts have been concluded for services rendered by the Data Controller. We are not in possession of any data that can be qualified as sensitive.
Specifically, we process data relating to:
– economic, commercial, financial and insurance activities (by way of example: articles, products and services, financial identifiers, accounting data, etc.);
– personal data and identification: company name, work address, address of registered office, telephone number, pec address, e-mail address, tax code and / or VAT number;
– IP addresses;
– traffic data concerning users and / or subscribers.
If the user contacts us for any reason, Progetti S.r.l. can keep a record of that correspondence.
Progetti S.r.l. it can be contacted directly by the end customer in case of request of maintenance of the product.
In this case, as well as in the case where the maintenance is carried out at the customer, Progetti srl can get in touch with the operator who used the device to provide technical assistance and does not come into contact or collect data of the individual on which the medical device is applied. The product may store some anonymous data (for example, an anonymous path). Progetti s.r.l. does not collect or process this type of data, which are used exclusively for the verification of the operation of the product and to provide assistance. The anonymous data thus collected could be used for statistical and scientific purposes to optimize the functionality of the products, without treatment personal data of users of medical devices.
- PURPOSE OF DATA TREATMENT
For “purpose of data treatment” means the reason for which data are collected.
Your personal data are processed:
- A) without express consent, pursuant to art. 24 lit. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
– conclude the contracts for the Services required for Progetti S.r.l .;
– fulfill pre-contractual, contractual and tax obligations arising from existing relationships, as well as to enable effective internal management and management of financial and commercial relationships;
– allow you to take advantage of the requested Services;
– fulfill the obligations established by the law, by the Regulations, by the community legislation or by an order of the Authority;
– exercise the rights of the Owner (for example the right to defense in court);
– be informed about the products purchased regarding the operation, maintenance and expiry of consumables.
- B) Only subject to your specific and distinct consent pursuant to art. 23 and 130 of the Privacy Code and art. 7 GDPR:
– treatment of data concerning economic activities aimed at sending promotional material, for carrying out market research or direct marketing with electronic systems (such as, for example but not limited to, electronic communications, automated call systems, faxes, e-mail , etc.);
– personal data treatment aimed at sending promotional material, for carrying out market research or direct marketing;
– send opinion polls and liking, newsletters and / or invitations to events or to register for events of which it is part or that organizes the Owner.
The provision of data for the purposes referred to in art. 3.A) is mandatory. In the absence, we could not guarantee the services of the art. 3.A).
The provision of data for the purposes referred to in art. 3.B) is optional. It may decide not to give any data or subsequently deny the possibility of treatment data already provided. In this case you will no longer receive commercial communications and advertising material but will continue to be entitled to the services referred to in art. 3.A).
The legal basis of the treatment is your willingness to perfect the contract. The treatment is necessary for the pursuit of the legitimate interest of the Data Controller to comply with the contractual obligations signed between the parties. The lawfulness of the treatment is based on the consensus clearly expressed in writing.
- METHOD OF TREATMENT
The treatment of your personal data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 n 2) of the GDPR, namely: collection, registration, organization, storage, consultation, treatment, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
- DATA COLLECTION AND PROCEDURE OF DATA RETENTION
The data object of the treatment are collected in the following way:
– organization through an automated database;
– data collection through electronic tools;
– data collection from the interested party;
– data collection from deeds and public documents that anyone can know.
The collected data are:
– processed lawfully and fairly;
– collected and registered for specific, explicit and legitimate purposes;
– exact and, if necessary, updated;
– relevant, complete and not exceeding the purposes for which they are collected and subsequently processed;
– kept in a form that allows identification to the interested party for a period of time not exceeding that necessary for the purposes for which they were collected and subsequently processed.
Your personal data are subjected to both paper and electronic and / or automated treatment, by entering data on computer media and management software.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and / or for the time required by current legislation. The data will however be retained no later than ten years from the termination of the relationship for the purposes of service and no later than two years from the collection of data for the purposes of marketing.
- DATA ACCESS
Your data may be made accessible for the purposes referred to in art. 3.A) and 3.B), subject to the authorization of the Data Controller, also to employees.
The data collected by Progetti s.r.l. they are used by Terzi for the provision of maintenance, analysis and payment services, but the third parties come into contact with it only for the provision of the service rendered. Normally, the professionals in charge have a duty of non-disclosure based on their profession and / or on what is contractually bound.
The data are in no case transferred to Third States, being used only by the company Progetti S.r.l.
- DATA COMMUNICATION
Even without your express consent pursuant to art. 24 lit. A), B), C) Privacy Code and art. 6 lett. B) and C) GDPR, the Title Holder may communicate your data for the purposes referred in art. 3.A) to Supervisory Entities, Legal Authorities and to all the other subjects to whom the communication is mandatory by law for the accomplishment of said activities. Your information won’t be spread.
Stopping the communication to third parties made in fulfillment of legal obligations or deriving from regulations or other community legislation, the data may be communicated by us, even abroad, to the following subjects: 1) banks and credit institutions for transfer of payments; 2) insurance companies for transport insurance coverage; 3) recovery, insurance and / or transfer of receivables companies; 4) business information companies; 5) consultants and professionals; 6) professionals and professional firms (lawyers, accountants, auditors, etc.); 7) auditors; 8) other companies, bodies and / or natural persons who carry out activities that are instrumental, supportive or functional to the execution of contracts or services requested by S.V. (eg enveloping and sorting companies, carriers and forwarders, subcontractors). These subjects will be able to treat and communicate data to third parties, as owners in accordance with art. 28 of Legislative Decree no. 196/2003, in full autonomy, in the fulfillment of their respective contractual and legal obligations.
- RIGHTS OF THE INTERESTED PARTY
As interested party, you have the rights referred to art. 7 of the Privacy Code and art. 15 GDPR, as well as the rights referred to Articles 16-21 GDPR (Right of rectification, right to oblivion, right to limitation of treatment, right to data portability, right of opposition) and more precisely the right to:
– obtain confirmation of the existence or not of personal data concerning you and their communication in an intelligible form;
– obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the treatment; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) of the identification details of the Data Owner and of the designated representative, pursuant to art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as responsible or individual in charge;
– obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes, which the data were collected or subsequently processed for; c) the attestation that the operations referred to letters a) and b) have been brought to the attention, also in regards of their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is impossible or involves a use of means manifestly disproportionate to the protected right;
– oppose, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications, or none of the two types of communication.
– present a complaint with the Privacy Authority in case of violation of its rights;
– request the cancellation of data held by the Company, which must take place promptly within the maximum term of six months from the request.
- MODALITIES OF RIGHTS EXERCISE
You may exercise the rights indicated in this statement at any time by sending:
– a registered letter at PROGETTI S.R.L., Strada del Rondello n. 5 – 10028 Trofarello (TO);
– an e-mail to firstname.lastname@example.org
Progetti srl will provide immediately feedback in terms of the law and in any case within a maximum of one month.
The Website and the Services of the Data Controller are not intended for minors under the age of 18 and the Data Owner does not intentionally collect personal information related to minors. In the event that information on minors were unintentionally registered, the holder will delete them immediately, at the request of users and those entitled.
- DATA SECURITY
Personal data is protected from unauthorized access, use and / or disclosure. Only our assigned staff can have access to this data with their own authentication credentials and prior authorization of the Data Holder.
Progetti srl is subjected to the normal risks of data violations through the subtraction of credentials, unfair behavior, unauthorized external access and computer virus.
All the security procedures necessary to protect them from violations by unauthorized personnel, both locally and on the network, have been applied, also through the use of constantly updated firewalls and antivirus. All personal data supplied to us are stored in a secure and controlled environment and operating systems and management software are constantly updated and monitored in order to avoid data breaches and unauthorized access.
For this reason, physical, electronic and organizational processes have been designated to safeguard and protect the information collected. All staff were duly informed and trained.
Any communication regarding the data violation will be carried out both to the internal personnel involved, to the interested party and to the Guarantor Authority through a Pec communication or a registered letter.
- HOLDER OF THE TREATMENT
The data controller is PROGETTI S.r.l., with headquarters in Strada del Rondello 5, 10028 Trofarello (TO), VAT number 06367590012, in the person of the President & CEO pro-tempore.
Cookies are small pieces of data that can include unique identifiers that are sent to the user’s computer, mobile phone or tablet. They are used to store or retrieve information about the user and his device, usually to provide the same a customized web experience.
- CHANGES TO THIS INFORMATION
This report may change. Any communication of the changes will take place mainly by e-mail and, where necessary, by fax communication.
(Last updated on 05.06.2018)