SUBJECT: Information note pursuant to and for the effects of art. 13 of Legislative Decree 196/03 and for the effects of articles 13-14 of Regulation (EU) 2016/679 on the protection of natural persons in regard with the processing of personal data (GDPR).
As “Data Controller”, we wish to inform you as “Data Subject”, i.e. the subject whose data are being processed and/or handled, about the main features of the processing to be performed.
Purposes Personal data are collected and processed in order to:
▪ fulfil all the requirements of legal, financial and tax obligations deriving from the performance of the business activity and the provisions of anti-money laundering regulations; ▪ draw and carry out existing contractual relations; ▪ carry out all the transactions that are closely connected and instrumental to the relations mentioned above, including the acquisition of preliminary data for the Contract to be in effect and finalised;
▪ manage customer relations in regard to administration, accounting, orders, shipments, invoicing, services, and management of any disputes;
▪ assess customer satisfaction and develop in-house statistics.
▪ In particular, send advertising or direct sales material, carry out market research or commercial communication both via automated contact methods (e-mails or other remote communication systems such as texts, mms, WhatsApp) and by post on behalf of the Data Controllers;
▪ assess suppliers according to ISO 9001: 2015, Legislative Decree 196/03 and Regulation (EU) 2016/679 on GDPR; carry out transport, logistics and management of freight shipping;
▪ store goods at depot for pick-up;
▪ perform all necessary burocratic procedures for a correct and comprehensive management of shipments and/or goods in transit;
▪ manage and carry out all necessary customs formalities for import/export, including storage in the customs warehouses and the assistance during inspections by Customs Authorities;
Anti-money laundering and counter-terrorism regulations
Data must be provided as required by the regulations on anti-money laundering and counter-terrorism, failure to provide those data precludes the professional service requested and may entail reporting the transaction to the competent supervisory body. In this regard, it is pointed out that personal data processing in relation to anti-money laundering obligations will be performed pursuant to the specific implementation measures for non-financial operators stated by the Regulation on the identification and retention of information, pursuant to art. 3, paragraph 2, of Legislative Decree no. 56/2004, implemented by Ministerial Decree no. 143/2006. Other information may be taken from public sources in order to fulfil the obligations provided for by Legislative Decree 231/2007.
Methods of data processing.
Data processing for the purposes stated above will be carried out via both automated (electronic or magnetic supports) and non-automated means (on paper), according to the confidentiality and security rules provided for by law, regulations and internal provisions.
Place of data processing.
Data are currently processed and filed at our registered office, at VIA LAGO DI COSTANZA, 67-69 3605 Schio, Vicenza, Italy. Furthermore, data are processed on our behalf by professionals and/or companies appointed to carry out technical, development, management and administration-accounting activities.
Mandatory or optional data.
Some data are imperative in order to draw and to perform the contract, while other data may be defined as ancillary to that purpose. The provision of data is mandatory only for those data that are required by law or by the contract.
Consequences of a possible refusal to provide data.
In those cases where providing data is mandatory due to contract or regulatory obligations, refusal to provide said data may lead to the Supplier not carrying out or terminating the Contract as this would entail unlawful processing. In those
cases where there is no regulatory obligation to do so, the refusal would not lead to the consequences mentioned above, but it would interfere with the performance of additional operations.
Communication of data.
Without prejudice to the communications and disclosures made in order to fulfill legal obligations, your personal data as a legal person may be disclosed in Italy and/or abroad to:
▪ Professionals and consultants, consulting firms, factoring companies, credit institutions, debt collection companies,
credit insurance companies, commercial information firms and transport companies;
▪ Public and private entities, also following inspections or audits by, among others, financial institutions, tax auditing,
judicial authorities, Italian Foreign Exchange Office, Labor Inspectorate, National Health Authorities, Social Security
Institutions, ENASARCO, Chamber of Commerce etc.;
▪ Other companies (see specific point here below);
▪ Subjects who may access your data pursuant to law provisions.
Sensitive data, even though processed anonymously, shall not be disclosed and/or transferred, except in instances of close collaboration with appropriate facilities for the development, implementation, production and assistance using dedicated software developed by us and/or marketed exclusively for the purposes indicated in this information note and prior to your specific written authorization.
Duration of data retention.
The data provided will be filed in our archives according to the following criteria:
▪ For administration and accounting purposes, as well as orders, quotations and production flow, assistance and maintenance, shipping, invoicing, services, management of disputes: 10 years as established by Law in art. 2220 of the Italian Civil Code, without prejudice to any payment delay which would justify the extension of time limit;
▪ Ten years for marketing purposes
Data Subject’s rights.
Regarding personal data, the Client may exercise the rights stated in art. 7 of Legislative Decree no. 196/2003 (see attached copy) within the limits and the conditions set out by art. nos. 8, 9 and 10 of said Decree. The Client may also exercise the rights provided by art. nos. 15,16,17,18,20 of the EU Regulation 2016/679.
In case any form of consent to personal data processing is signed, it should be noted that the Data Subject may cancel it at any time, without prejudice to the obligations set out by current laws at the time of the request for cancellation, by contacting the Data Controller at the contact information below.
The Client may also exercise his/her rights by sending a request of cancellation, along with a copy of his/her passport or identity card, with the following text: “revocation of consent to the processing of all my personal data” to the following e-mail address: firstname.lastname@example.org or by registered post to our registered office address.
For further information on the processing of your personal data or if you wish to exercise your rights, you can send a registered letter to our registered office at the address indicated below. Before we can provide or change any information, we may need to verify your identity and ask you some questions. An answer will be provided to you as soon as possible.
Data Controller/Data Processor.
The Data Controller you can contact in order to exercise your rights pursuant to art. 7 mentioned above is SACCARDO GCF Srlu. The Data Processor is Saccardo GCF Srlu.