Policy according to Article 13 of Regulation (EU) 2016/679 regarding the processing of personal data
According to and for the effects of Article 13 of Regulation (EU) 2016/679 regarding the processing of personal data, the undersigned E.T.A. SpA with registered offices in Canzo, Via Monte Barzaghino 6, as data controller, informs its clients that the personal data acquired from business relationships established will be processed in compliance of the regulation mentioned above. According to the regulation indicated, this processing will be based on principles of correctness, lawfulness and transparency and protection of confidentiality, as indicated below.
- Subject matter
The personal data collected and processed by the undersigned are:
- Identification data (personal data, registered office/address, telephone number, fax number, e-mail, tax data, etc.)
- Data relative to the economic and business activities (orders, bank details, accounting and tax data, etc.).
- Purpose of data processing:
Your personal data is processed:
- A) Without your express consent (Article 6, letter b), e) of Regulation (EU) 2016/679) for the following Service Purposes:
- Enter into service contracts with the Data Controller;
- Fulfil the pre-contractual, contractual and tax obligations deriving from relations in existence with you;
- Fulfil obligations provided for by the law, a regulation, EU legislation, or an order from the Authority (such as, for example, on anti-money laundering), according to Article 6, paragraph 1, letter c) of Regulation (EU) 2016/679;
- Exercise the rights of the Data Controller, for example the right to defence in court, pursuant to Article 6 paragraph 1 letter f) of Regulation (EU) 2016/679.
In all these cases, data must be provided to carry out the activities above and for the exact implementation of a contract of which the data subject is a party or for the implementation of pre-contractual measures adopted at the request of the same. Failure to provide data will make it impossible to conclude the contract for the Data Controller’s services. The need to provide data for the implementation of the contract of which the data subject is a party or for the implementation of pre-contractual measures adopted at the request of the same is the legal basis for the processing of data pursuant to Article 6 paragraph 1 letters b) and c) of Regulation (EU) 2016/679.
- B) Only subject to your specific and distinct consent Articles 6 paragraph 1 letter a) and 7 of Regulation (EU) 2016/679), for the following Marketing Purposes: sending via email, mail and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and satisfaction surveys on the quality of the services;
The provision of data for the purposes referred to in Article 2 B) is optional. Therefore, you can decide not to provide us with data or subsequently reject the processing data already provided, by revoking the consent pursuant to Article 7 paragraph 3 of Regulation (EU) 2016/679. In this case, you will not receive newsletters, commercial communications, and advertising material related to the Services offered by the Data Controller. However, you will still have the right to the Services referred to in Article 2 A).
Please note that if you are already a customer, we may send you commercial communications relating to the Data Controller’s services and products similar to those you have already used, without prejudice to your right to revoke the consent already given according to Article 7 paragraph 3 of Regulation (EU) 2016/679. However, please note that the revocation of such consent does not affect the lawfulness of the processing performed based on the consent previously expressed before revocation.
- Processing methods
Your personal data will be processed using the operations indicated in Article 4 no. 2) of Regulation (EU) 2016/679 and more precisely: collection, registration, organization, structuring, storage, consultation, processing, adaptation or modification, selection, extraction, comparison, use, consultation, interconnection, blocking, communication by transmission or any other form of provision, limitation, cancellation and destruction of data. The data acquired will be processed with electronic, computer, and telematic instruments and with paper supports with logic strictly related to the above purposes by collaborators and internal employees specifically in charge of processing or external data processors. Data is stored on both paper and computer media in compliance with the minimum technical and organisational security measures provided by law, which can ensure the confidentiality and privacy of personal data, and by adopting security measures to prevent tampering, loss, unauthorised processing or access, and to ensure the integrity and security of personal data.
According to the principle of minimization, the data that the Data Controller may process will be adequate, relevant and limited to what is necessary according to the purposes for which it is processed and, in any case, respecting the will of the data subject.
Pursuant to Article 13 paragraph 2 letter a) of Regulation (EU) 2016/679, the Data Controller specifies that the personal data will be processed for the time necessary to fulfil the aforementioned purposes and, in any case, for no more than 10 years from the termination of the relationship with regard to the collection of data for Service Purposes (also taking into account the ordinary limitation period of contractual relationships) and for no more than 2 years from the collection of data for Marketing Purposes.
- Access to your data
According to Article 13 letter e) of Regulation (EU) 2016/679 it is specified that personal, accounting and tax data will not be disseminated, sold or exchanged with third parties, with the exception of consultants and technicians who work as data processors or external data processors, for the performance of activities that are functional to the company such as administrative, operational, accounting, tax and legal activities.
In this case, third parties can use the data in complete compliance with the principle of correctness, lawfulness, and transparency and according to legal provisions, in particular, those referred to in Article 28 of Regulation (EU) 2016/679.
The updated list of external data processors and people in charge of processing is kept at the Data Controller’s registered offices.
Without the need to obtain express consent (Article 6, paragraph 1, letters b) and c) of Regulation (EU) 2016/679), the Data Controller may disseminate your data for the purposes referred to in Article 2 A) to the legal and/or government authorities as well as to all subjects to which dissemination is mandatory for law or to fulfil the mentioned purposes. These subjects will process the data in their capacity as independent data controllers.
- Rights of the Data Subject
According to Article 13, paragraph 2, letter b) of Regulation (EU) 2016/679, as data subject, you have the right to ask the data controller to access your personal data (Article 15 of Regulation (EU) 2016/679), correction of the data (Article 16 of Regulation (EU) 2016/679), deletion of the data (Article 17 of Regulation (EU) 2016/679), limitation to the processing of the data (Article 18 of Regulation (EU) 2016/679), to reject processing (Articles 21 and 22 of Regulation (EU) 2016/679), you also have the right to portability of the data (Article 20 of Regulation (EU) 2016/679).
As data subject, you can exercise your rights by contacting E.T.A. SpA with registered offices in Canzo, Via Monte Barzaghino 6, data controller, by using the contact data below. Furthermore, you have the right to lodge a complaint to a supervisory authority in accordance with the rules of Regulation (EU) no. 2016/679 and in particular, based on Article 77 of the same Regulation, to the supervisory authority of the Member State in which you normally reside or work, or to the place where the alleged violation has occurred, without prejudice to the right to contact, in any case, the competent ordinary judicial authority.
Contact data of the Data Controller:
E.T.A. SpA with registered offices in Canzo, Via Monte Barzaghino, 6 VAT number 00704320134.
Certified e-mail address: firstname.lastname@example.org