INFORMATION FOR THE TREATMENT OF CUSTOMERS AND SUPPLIERS’ PERSONAL DATA
Information on the treatment of personal data pursuant to D.lgs. 196/2003 as amended and supplemented by Legislative Decree 101/2018 (hereinafter, “Privacy Code”) and art. 13 EU Regulation n. 2016/679 (hereinafter “GDPR”) relating to the protection of persons and other subjects regarding the treatment of personal data.
The new European Regulation EU 2016/679 (“General Data Protection Regulation”) provides that those who carry out treatment of personal data are required to inform the data subject on which data are processed and how they are treated. The treatment must be done with correctness, clarity and transparency, protecting the privacy and rights of the interested parties.
- SCOPE OF INFORMATION VALIDITY
This information is valid for all the treatment carried out by the Owner regarding the management of his economic activity and the information that is collected during this activity.
For the establishment and execution of contractual relationships, our Company is in possession of personal data relating to you such as name, surname, company name, physical and telematic addresses, e-mail, certified e-mail address, VAT number and / or social security number.
- TREATMENT OBJECT
We process personal data, identification and tax disclosed when contracts have been concluded for services rendered by the Data Controller. We are not in possession of any data that can be qualified as sensitive.
Specifically, we process data relating to:
– economic, commercial, financial and insurance activities (by way of example: articles, products and services, financial identifiers, accounting data, etc.);
– personal data and identification: company name, work address, address of registered office, telephone number, certified e-mail address, e-mail address, tax code and / or VAT number; personal data of the legal representative of legal entities (companies and organizations) whom we come into contact with (name, surname, personal data, tax code, office and what else is needed to identify the legal entity represented);
– IP addresses;
– traffic data concerning users who access the website and / or subscribers.
If the user contacts us in writing for any reason, Progetti S.r.l. can keep media and/or paper registration of this correspondence .
Progetti S.r.l. it can be contacted directly by the end customer in case of request of maintenance of the product.
In this case, as well as in the case where the maintenance is carried out at the customer, Progetti srl can get in touch with the operator who used the device to provide technical assistance and does not come into contact or collect data of the individual on which the medical device is applied. The product may store some anonymous data (for example, an anonymous path). Progetti s.r.l. does not collect or process this type of data, which are used exclusively for the verification of the operation of the product and to provide assistance. The anonymous data thus collected could be used for statistical and scientific purposes to optimize the functionality of the products, without treatment personal data of users of medical devices.
- PURPOSE OF DATA TREATMENT
For “purpose of data treatment” means the reason for which data are collected.
Your personal data are processed:
- A) without express consent, pursuant art. 6 lett. b), c), e) GDPR), for the following Service Purposes:
– conclude the contracts for the Services required for Progetti S.r.l;
– fulfill pre-contractual, contractual and tax obligations arising from existing relationships, as well as to enable effective internal management and management of financial and commercial relationships;
– allow you to take advantage of the requested Services;
– fulfill the obligations established by the law, by the Regulations, by the community legislation or by an order of the Authority;
– exercise the rights of the Owner (for example the right to defense in court);
– be informed about the products purchased regarding the operation, maintenance and expiry of consumables.
- B) Only subject to your specific and distinct consent pursuant to art. 130 of the Privacy Code and art. 7 GDPR:
– treatment of data concerning economic activities aimed at sending promotional material, for carrying out market research or direct marketing with electronic systems (such as, for example but not limited to, electronic communications, automated call systems, faxes, e-mail , etc.);
– personal data treatment aimed at sending promotional material, for carrying out market research or direct marketing;
– send opinion polls and liking, newsletters and / or invitations to events or to register for events of which it is part or that organizes the Owner.
The provision of data for the purposes referred to in art. 3.A) is mandatory. In the absence, we could not guarantee the services of the art. 3.A).
The provision of data for the purposes referred to in art. 3.B) is optional. It may decide not to give any data or subsequently deny the possibility of treatment data already provided. In this case you will no longer receive commercial communications and advertising material but will continue to be entitled to the services referred to in art. 3.A).
The legal basis of the treatment is your willingness to perfect the contract. The treatment is necessary for the pursuit of the legitimate interest of the Data Controller to comply with the contractual obligations signed between the parties. The lawfulness of the treatment is based on the consensus clearly expressed in writing, also by telematic way where this is necessary according to the law.
- METHOD OF TREATMENT
The treatment of your personal data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 n 2) of the GDPR, namely: collection, registration, organization, storage, consultation, treatment, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
- DATA COLLECTION AND PROCEDURE OF DATA RETENTION
The data object of the treatment are collected in the following way:
– organization through an automated database;
– data collection through mechanical / paper or electronic instruments;
– data collection from the interested party transmitted by it through mechanical / paper or electronic instruments;
– data collection from deeds and public documents that anyone can know.
The collected data are:
– processed lawfully and fairly;
– collected and registered for specific, explicit and legitimate purposes;
– exact and, if necessary, updated;
– relevant, complete and not exceeding the purposes for which they are collected and subsequently processed;
– kept in a form that allows identification to the interested party for a period of time not exceeding that necessary for the purposes for which they were collected and subsequently processed.
Your personal data are subjected to both paper and electronic and / or automated treatment, by entering data on computer media and management software.
The collected data may be stored and recorded in archives and dossier duly kept with limited access to the owner and / or to the subjects designated by him and on adequately protected computer support.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and / or for the time required by current legislation. The data will be stored no later than ten years after termination of the relationship. In the event that you have consented to the processing of your personal data for marketing purposes, your personal data will be kept until you have withdrawn consent to the processing of data for marketing purposes, unless the storage of your data is still necessary for other purposes
- DATA ACCESS
Your data may be made accessible for the purposes referred to in art. 3.A) and 3.B), subject to the authorization of the Data Controller, also to employees designated by the Owner.
The data collected by Progetti s.r.l. they are used by Terzi for the provision of maintenance, analysis and payment services, but the third parties come into contact with it only for the provision of the service rendered. Normally, the Third Party in charge have a duty of non-disclosure based on their profession and / or on what is contractually bound.
The data are in no case transferred to Third States, being used only by the company Progetti S.r.l.
- DATA COMMUNICATION
Even without your express consent pursuant to art. 6 lett. B) and C) GDPR, the Title Holder may communicate your data for the purposes referred in art. 3.A) to Supervisory Entities, Legal Authorities and to all the other subjects to whom the communication is mandatory by law for the accomplishment of said activities. Your information won’t be spread.
Stopping the communication to third parties made in fulfillment of legal obligations or deriving from regulations or other community legislation, the data may be communicated by us, even abroad, to the following subjects: 1) banks and credit institutions for transfer of payments; 2) insurance companies for transport insurance coverage; 3) recovery, insurance and / or transfer of receivables companies; 4) business information companies; 5) consultants and professionals; 6) professionals and professional firms (lawyers, accountants, auditors, etc.); 7) auditors; 8) other companies, bodies and / or natural persons who carry out activities that are instrumental, supportive or functional to the execution of contracts or services requested by S.V. (eg enveloping and sorting companies, carriers and forwarders, subcontractors). These subjects will be able to treat and communicate data to third parties, in full autonomy, in the fulfillment of their respective contractual and legal obligations.
- RIGHTS OF THE INTERESTED PARTY
As interested party, you have the rights referred to art. 15 GDPR, as well as the rights referred to Articles 16-21 GDPR (Right of rectification, right to oblivion, right to limitation of treatment, right to data portability, right of opposition) and in particular the right to:
– obtain confirmation of whether or not personal data processing is being processed and, in this case, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations; (d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period; e) the existence of the right of the interested party to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the data subject, all information available on their origin; (h) the existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, significant information on the logic used, and the importance and expected consequences of such processing for the interested party;
– be informed of the existence of adequate safeguards pursuant to Article 46 of the GDPR concerning the transfer of data to Third States;
– obtain a copy of the personal data being processed (the right to obtain a copy must not affect the rights and freedoms of others);
– obtain from the Data Controller the correction of inaccurate personal data and the integration of incomplete personal data, also by providing an additional declaration;
– to obtain from the data controller the deletion of personal data concerning him / her in the cases and according to the procedures established by the European Regulations;
– obtain from the Data Controller the processing limitation in the cases envisaged, receive in a structured format, in common and legible the personal data concerning him, oppose at any time the processing of personal data concerning him according to the methods and hypotheses required by law;
– present a complaint with the Privacy Authority in case of violation of its rights;
– request the cancellation of data held by the Company, which must take place promptly.
- MODALITIES OF RIGHTS EXERCISE
You may exercise the rights indicated in this statement at any time by sending:
– a registered letter at PROGETTI S.R.L., Strada del Rondello n. 5 – 10028 Trofarello (TO);
– an e-mail to firstname.lastname@example.org
Progetti srl will provide immediately feedback in terms of the law and in any case within a maximum of one month.
The Website and the Services of the Data Controller are not intended for minors under the age of 18 and the Data Owner does not intentionally collect personal information related to minors. In the event that information on minors were unintentionally registered, the holder will delete them immediately, at the request of users and those entitled.
- DATA SECURITY
Personal data is protected from unauthorized access, use and / or disclosure. Only our assigned staff can have access to this data with their own authentication credentials and prior authorization of the Data Holder.
Progetti srl is subjected to the normal risks of data violations through the subtraction of credentials, unfair behavior, unauthorized external access and computer virus.
All the security procedures necessary to protect them from violations by unauthorized personnel, both locally and on the network, have been applied, also through the use of constantly updated firewalls and antivirus. All personal data supplied to us are stored in a secure and controlled environment and operating systems and management software are constantly updated and monitored in order to avoid data breaches and unauthorized access.
For this reason, physical, electronic and organizational processes have been designated to safeguard and protect the information collected. All staff were duly informed and trained.
Any communication regarding the data violation will be carried out both to the internal personnel involved, to the interested party and to the Guarantor Authority through a Pec communication or a registered letter.
- HOLDER OF THE TREATMENT
The data controller is PROGETTI S.r.l., with headquarters in Strada del Rondello 5, 10028 Trofarello (TO), VAT number 06367590012, in the person of the President & CEO pro-tempore.
Cookies are small pieces of data that can include unique identifiers that are sent to the user’s computer, mobile phone or tablet. They are used to store or retrieve information about the user and his device, usually to provide the same a customized web experience.
- CHANGES TO THIS INFORMATION
This report may change. Any communication of the changes will take place mainly by e-mail and, where necessary, by fax communication.
(Last updated on 23.10.2018)
***** Note 1. For personal data, pursuant to art. 4, first paragraph, lett. a) GDPR means: “any information concerning an identified or identifiable natural person (” concerned “), identifying the natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, a number of identification, location data, an online identifier or one or more characteristic elements of its physical, physiological, genetic, psychological, economic, cultural or social identity “.