DISCLOSURE ABOUT THE PROCESSING OF PERSONAL DATA REGARDING CUSTOMER – SUPPLIER INFORMATIONS IN ACCORDANCE WITH ART.13 OF EUROPEAN REGULATION (EU) 2016/679 (GDPR)
According to the law, this Treatment is based on the principles of fairness, lawfulness, transparency and protection of your privacy and your rights.
Pursuant to Article 13 of EU Regulation no. 2016/679, therefore, we provide you with the following information:
- DATA CONTROLLER
The Data Controller is Consorzio Tutela Aceto Balsamico di Modena, with registered office in Modena (MO), Via Ganaceto 134, 41121, e-mail: email@example.com.
- CATEGORIES OF PERSONAL DATA
The Data Controller processes personal, identifying and non-sensitive data (specifically name, surname, tax code, VAT number, email address, telephone number – later on just as , « personal data » or even « data ») provided or acquired during negotiation, conclusion and / or execution of the commercial relationship established, or at the time of a purchase conclusion.
- SPECIFIC CATEGORIES OF PERSONAL DATA
The customer is not required to provide data so called « Particulars », that is, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, biometrics data designed to uniquely identify a natural person, data relating to a person’s health or sexual life or sexual orientation.
If the processing of special categories of personal data becomes necessary, the holder will inform you promptly and collect your explicit consent.
- PROCESSING METHODS
The processing of personal data will be in full compliance with the principles of confidentiality, fairness, necessity, relevance, lawfulness and transparency provided by the GDPR.
The processing of personal data may be carried out mainly using electronic tools, in compliance with the current regulatory provisions. Suitable security measures are observed to prevent the loss of personal data, illicit or incorrect use of the same or unauthorized access.
- PURPOSES OF THE PROCESSING
The personal data collected may be processed, without your consent, for the following purposes:
- Registration of personal data and requests for contact and / or information material: the processing of personal data of the interested party takes place to start the preliminary activities and consequent to the registration request, to the management of requests for information and contact and / or sending information material, as well as for the fulfillment of any other obligation arising.
- Management of the contractual relationship: the processing of personal data of the interested party takes place to start the preliminary activities and consequent to the purchase of a service, the management of the related order and the provision of the service itself, the related invoicing and management of payment, the processing of reports to the assistance service and the provision of the assistance itself, the prevention of fraud and the fulfillment of any other obligation arising from the contract or agreements made.
- Promotional activities on Services similar to those purchased by the interested party (Recital 47 GDPR): the data Controller, even without explicit consent, may use the contact details provided by the interested party, for the direct sale of their services, limited to the case in which the services are similar to those sold, unless the interested party explicitly objects.
- Legal and administrative obligations: personal information may be used and disclosed in a necessary or appropriate manner, especially if subject to legal or legitimate interest:
- Fraud Prevention: We may use and disclose personal information collected from and on our users in the manner necessary to investigate, prevent or respond to suspected illegal or fraudulent activities or to protect our security, privacy, rights or property of our users or third parties;
- Purpose of law enforcement: if required or imposed by governmental authorities, such as public security authorities, courts, regulatory authorities, or otherwise to comply with the law, (including rules outside the country of residence of the interested party) we may be required to disclose the information we have about our users. The information collected about the data subject may be used and disseminated to enforce or protect the legal rights or defend against legal actions.
The provision of data for the aforementioned purposes is instrumental and necessary for the execution of orders and contracts and the administrative, commercial, fiscal and accounting management of the relationship established or established, and therefore the ‘failure to provide such data could lead to the objective impossibility to establish, continue or execute the report.
- LAWFUL BASIS FOR THE PROCESSING
For each of the purposes of the processing the Treatment of data is based on:
- Performance of the services related to the request for registration, information and contact and / or sending of informative material and compliance with legal obligations (5.1);
- Performance of the services related to the contractual relationship and compliance with legal obligations (5.2);
- Legitimate interest of the data Controller (5.3);
- Compliance with legal obligations (5.4).
- DATA COMMUNICATION AND DIFFUSION
The data provided may be communicated to a third party to comply with legal obligations, to execute Public Authorities’ orders or to exercise a company right before judicial authorities; to duly appointed parties who carry out activities on behalf of the Data Controller such as accountants, institutions credit and other related external professionals. Data can also be communicated to the duly appointed staff. It is not foreseen the communication to third countries extra UE and the diffusion of data is not foreseen (e.g. social networks, internet sites etc.).
- DATA CONSERVATION PERIOD AND CRITERIA
We inform you that the personal data collected are kept for 10 years from the termination of the contractual relationship in place for the purposes described above.
- DATA SUBJECTS RIGHTS
Pursuant to art. 15 and ss. of the GDPR 2016/679, you can exercise the following rights at any time:
- Right to access, that is to request a copy of the information we keep on you;
- Right to be informed, that is to know what is being collected, how it is being used, how long it will be kept and whether it will be shared with any third parties;
- Right of rectification, that is to correct data if inaccurate or incomplete;
- Right to be forgotten, that is to erase from our record any data we hold on you;
- Right to restrict processing, that is to request limits on the way we use your data;
- Right of portability, that is to request the transfer of any data we hold on you;
- Right to object, that is the right to challenge certain types of processing of data, such as direct marketing or profiling, if applicable;
- Right to lodge a complaint with a supervisory authority in case of unlawful processing of data.
Articles from 15 to 23 of the Rules can be consulted at this link: https://eur-lex.europa.eu/legal-content/IT/TXT/HTML/?uri=CELEX:32016R0679&from=IT
Data subjects can exercise the abovementioned rights by writing to Consorzio Tutela Aceto Balsamico di Modena, via Ganaceto 134, Modena (MO), 41121, or at the e-mail address firstname.lastname@example.org