PRIVACY NOTICE FOR THE PROCESSING OF CUSTOMERS’ PERSONAL DATA
The company Primieri S.r.l. Uninominale, the Data Controller, utilises the personal data of customers in compliance with principles for the protection of personal data established by the EU Regulation 679/2016 (GDPR) and with regulatory provisions in force in Italy. We hereby communicate the following data privacy notice, pursuant to Article 13:
SOURCE OF PERSONAL DATA
1. Personal data are collected by recording data that is:
- transmitted or gathered directly at the time of the initial contact with the customer or of the signing of the commercial contract.
The provision of personal data is required in order to facilitate compliance with applicable legal and contractual obligations; accordingly, any refusal to provide such data, in whole or in part, could make it impossible to give effect to the employment relationship.
DATA PROCESSING PROCEDURES AND PURPOSES
2. Personal data that are provided are processed in various ways, as follows:
- Using IT, electronic and paper media.
for the following purposes:
- Customer record management for: correspondence, contracts, quotes, invoices and proceeds received;
- Fulfilment of tax, accounting and contractual obligations;
- Compliance with legal obligations associated with commercial dealings.
LEGAL BASIS OF THE DATA PROCESSING
3. The following are the legal bases for the processing of generic personal data, pursuant to Article 6 of the GDPR:
- Applicable tax and statutory obligations;
- Applicable contractual obligations;
- The Data Subject’s consent;
- The Data Controller’s legitimate interest.
CATEGORIES OF RECIPIENT
4. Without prejudice to communications made in compliance with applicable legal and contractual obligations, all data collected and processed may be communicated to the following categories of recipient exclusively for the purposes indicated above:
- Internal Data Supervisors;
- Persons authorised to process personal data;
- External Data Supervisors;
- Banks and lending institutions;
- Companies and businesses, consultants and freelancers also in association;
- Companies that provide logistics, warehouse and transportation services;
- Supervisory and control authorities.
DATA RETENTION PERIOD
5. The data provided will be processed and retained for the entire duration of the existing commercial relationship and for 10 years after the termination date thereof.
TRANSFER OF DATA ABROAD
6. It is possible that personal data will be shared with Recipients located outside the European Economic Area, in the absence of an adequacy decision from the European Commission, but in compliance with Standard Contractual Clauses approved by the Commission. If this occurs, the Data Controller guarantees that the processing of personal data by Recipients will comply fully with the GDPR.
DATA SUBJECT’S RIGHTS
7. Pursuant to the European Regulation 679/2016 (GDPR) and to regulatory provisions in force in Italy, each customer can exercise the following rights according to the procedures and subject to the limits envisaged by Article 12 of the Regulation, by sending a written request by certified e-mail to the Data Controller email@example.com
- Article 7 Right to revoke one’s consent to data processing at any time, without undermining
- the lawfulness of data processing operations carried out based on consent given prior to the revocation;
- Article 15 “Data Subject’s right of access”;
- Article 16 “Right of rectification”;
- Article 17 “Right of data erasure”;
- Article 18 “Right to limit the data processing”;
- Article 20 “Right of data portability”;
- Article 21 “Right of challenge”;
- An entitlement also exists to file a complaint with a supervisory authority, pursuant to Article 77 of the EU Regulation: Italian Data Protection Authority https://www.garanteprivacy.it.
The following is the Data Controller for personal data:
Primieri s.r.l. Uninominale – VAT No.: 02452150549
Email: firstname.lastname@example.org – phone: 075 5005597