INFORMATION ON THE PROCESSING OF PERSONAL DATA
C.L.A. INOX S.r.l. with registered office in Agliana (PT), Piazzetta E. Caruso n.21 and administrative headquarters / plant in Montemurlo (PO), Via Ancona n.18, (hereinafter, "Data Controller"), as Data Controller, informs you, according to art. 13 EU Regulation no. 2016/679 (hereafter, "GDPR") that your Data will be processed according to the modalities and for the purposes indicated above:
1. Scope of the processing
The Data Controller will process Personal identifying Data (such as, name, surname, company name, address, telephone, e-mail, bank and payment references) hereinafter "Personal Data" or "Data", provided by you.
When processing, we could come across particular Data that the Privacy Law defines "sensitive", as they could reveal: racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, genetic, biometric data intended to identify uniquely a natural person, data relating to the health or sexual life or sexual orientation of the person.
2. Purpose of the processing
Your personal data are processed for the following purposes:
Fulfilment and management of orders and contracts;
Fulfilment of pre-contractual, contractual and tax obligations deriving from existing relationships with you;
Fulfilment of the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for example in the matter of anti-money-laundering);
to exercise or defend the rights of the Data Controller in court;
to send you via e-mail, post and / or sms and / or telephone, newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller and devaluation of the customer satisfaction level;
to send you via e-mail, post and / or sms and / or telephone commercial and / or marketing communications from third parties.
3. Methods of processingThe processing of your Personal Data is carried out by means of the operations indicated in art. 4 no. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of Data. Personal Data are subjected to both non-electronic and electronic and/or automated processing.
The Data Controller will process the personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the Service Term and for no more than 2 years from the collection of data for Marketing Purposes.
4. Data Access
Your data may be available for purposes as per art.2:
for Data Controller's employees and co-workers, in their role of internal people in charge for the processing and/or system administrators; to third-party companies or other subjects (such as credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
5. The disclosure of Personal Data
Without the need for express consent (pursuant to art. 6 point B) and c) GDPR), the Data Controller may communicate your Data for the purposes referred to in art. 2 to Supervisory Bodies, Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law for the fulfilment of the purposes specified above. These subjects will process the Data in their capacity as independent Data Controllers.
Your Data will not be disseminated.
6. Data Transfer
Personal data are stored on servers or devices located within the European Union. However, it remains that the Data Controller, if necessary, will have the right to move the servers also extra-EU. In this case, the Data Controller hereby guarantees that transfers of Data outside the EU will be done in accordance with the applicable laws, also by means of including standard contractual clauses provided for by the European Commission.
7. Nature of bestowal of Data and consequences of refusal to reply
The provision of data for the purposes referred to in art. 2 is mandatory. In their absence, we cannot guarantee the performance referred to in art. 2.
The provision of Data for marketing purposes is optional. You can therefore decide not to provide your Data or to subsequently deny the possibility of processing Data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Data Controller.
8. Rights of the interested party
As far as your person concerned, you have the rights referred to in art. 15 GDPR and precisely the rights:
i. to obtain confirmation of the existence or not of Personal Data concerning you, even if not yet registered and to receive communication thereof in a comprehensive form;
ii. to obtain the indication of: a)the source of the Personal Data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out by electronic means; d) Information about the Data Controller, managers and the representative designed pursuant to and by effect of clause 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or subject categories that the Personal Data can be transmitted to, or may become acquainted because they are delegates, responsible, or representative in the State territory;
iii. to obtain:
a) the update, the adjustment and, if necessary, the integration of the Data;
b) the cancellation, transformation into anonymous form or blocking of Data processed in violation of the law, including those which do not need to be kept for the purposes for which they were collected or subsequently processed;
c) certification that the operations as per letters a) and b) have been reported to those to whom the Data have been notified or divulged except when this obligation proves to be impossible or involves the use of means obviously disproportionate in terms of the right to be protected;
iv. to oppose, in whole or in part:
a) the processing of Data, even if pertinent with the purpose of their collection, for legitimate reasons;
b) the processing of your Personal Data for the purpose of sending advertising materials or direct selling or for carrying out market research or business communication, through the use of automated call systems without the intervention of an operator, by e-mail and / or through traditional marketing methods by telephone and / or paper mail.
Please note that the right of opposition of the interested party, set out in point b), for direct marketing purposes through automated methods extends to traditional ones and that, in any case, the possibility remains for the interested party to exercise the right of opposition also only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
Where applicable, the Data Subject also has the rights set out in art. 16-21 GDPR (Right of rectification, right to be forgotten, right to restriction of processing, right to Data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
9. Methods of exercising the rights
You can exercise your rights at any time by sending:
- a registered letter;
- an e-mail to the address: firstname.lastname@example.org
10. Specific communications for the website clainox.it
11. Data Controller, Data Processors and persons entrusted
The Data Controller is C.L.A. INOX S.r.l. with registered office in Agliana (PT), Piazzetta E. Caruso n.21 and administrative headquarters / plant in Montemurlo (PO), Via Ancona n.18.
The updated list of Data Processors and persons authorized to process Data is kept at the registered office of the Data Controller.