In your capacity as "Data Controller" and "Data Subject", that is, the entity referred to by the data which are subject to processing and / or for whose management you are responsible, we wish to inform you of the essential elements of the processing carried out.
Purposes of the processing.
Your personal data (for example, name, surname, company name, address, telephone number, mobile phone number, e-mail address, bank and payment details) are processed:
Without your express consent (Article 6 letter b), e) GDPR), for the following service purposes:
1. the fulfilment of all the transactions imposed by regulatory obligations, tax and fiscal provisions deriving from the performance of the business activity and the prescribed provisions on anti-money laundering;
2. the establishment and execution of ongoing contractual relationships;
3. transactions strictly connected and instrumental to the initiation of the aforesaid relationships, including the acquisition of information preliminary to the conclusion of the Contract;
4. management of relations with the customer for administration, accounting, orders, shipments, invoicing, services, management of any litigation;
5. the management and execution of the necessary customs procedures in case of import / export activities, including storage at customs warehouses and assistance in inspection by the Competent Authorities;
6. the execution of transport, logistics and management services for the shipment of goods requested;
7. the conservation of the goods held for pick-up;
8. the execution of all the necessary procedures for the correct and complete management of the shipment and / or of goods in transit.
Your personal data will be subject to processing based on the principles of correctness, lawfulness, transparency and protection of your privacy and your rights. Contractual, service provision, commercial and non-commercial and promotional purposes regard the processing of personal data of the Customer only. The Customer's personal data will be processed for the entire duration of the contractual relationships established and also subsequently for the fulfilment of all legal obligations as well as for future commercial purposes. There is no automated decision-making process based on the personal data communicated or any profiling activity.
Anti-money laundering and anti-terrorism.
The provision of data required by the legislation on Anti-Money Laundering and Counter-Terrorism is mandatory and any refusal to respond precludes the requested professional service and may involve reporting the transaction to the competent supervisory body. In this regard, it should be noted that the processing of personal data relating to anti-money laundering obligations will take place having regard to the specific implementation procedures imposed on non-financial operators by the Regulation on the identification and retention of information envisaged by art. 3 paragraph 2 of Legislative Decree no. 56/2004 and adopted with M. D. no. 143/2006. Other information could also be taken from public sources to comply with the obligations under Legislative Decree 231/2007.
The processing of data for the purposes set out takes place using either automated, electronic or magnetic, or non-automated means, on paper, in compliance with the rules of confidentiality and security required by law, the resulting regulations and internal provisions. The data processing is carried out by means of the operations indicated in art. 4 no. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
Place of processing.
The data are currently processed and stored at the headquarters, Via delle Torbiere, 13, 37017 Lazise (VR). They are also processed, on behalf of the Undersigned, by professionals and / or companies in charge of carrying out technical, development, management and administrative - accounting activities.
Mandatory or optional nature of the provision of data and consequences of a refusal to provide such data.
Some data are indispensable for the establishment of the contractual relationship or for its execution, while others can be defined as accessories for these purposes. The provision of data to the undersigned is mandatory only for data for which there is a legal or contractual obligation.
In the cases in which the provision of data is provided for by a normative or contractual obligation, refusal would result in the company being unable to give effect or continue the Contract in that it would constitute an illicit processing. In cases where there is no legal obligation to provide data, the refusal would not have the consequences mentioned above, but would still prevent the execution of ancillary transactions.
Without prejudice to communications made in compliance with legal and contractual obligations, all data collected and processed may be communicated in Italy and transferred abroad, exclusively for the purposes specified above, to:
- Professionals and consultants, consultancy companies, factoring companies, credit institutes, debt collection companies, credit insurance companies, commercial information companies, insurance companies, companies operating in the transport sector;
- Public and private bodies, also following inspections or audits such as, for example: Financial Administration, Tax Police Bodies, Judicial Authorities, Italian Exchange Office, Labour Inspectorate, ASL, Social Security Agencies, ENASARCO, Chamber of Commerce, etc.;
- Entities that can access your data in accordance with provisions laid down by law.
Furthermore, in the management of your data, the following categories of persons in charge and / or internal and external processors identified in writing and to whom specific written instructions have been given may be informed of them:
- Employees of Administrative Services;
- Professionals or service companies for administration and business management who work on behalf of our company.
Transfer of data to third countries.
Personal data are stored on servers located in Italy. In any case, it is understood that the Data Controller, if necessary, will also have the right to move the servers outside the EU. In this case, the Data Controller hereby guarantees that the transfer of data outside the EU will take place in accordance with the applicable legal provisions.
Data retention period:
The data provided will be stored in our archives according to the following parameters:
- For administration, accounting, orders, budget management and the entire production flow, assistance and maintenance, shipping, invoicing, services, management of any dispute: 10 years as established by law from the provisions of art. 2220 of the Italian Civil Code, except for any delayed payments of the sums that justify its extension;
- For the purposes referred to in paragraphs 5 to 8 above, the storage times are up to the expiry of the contract and / or the commercial supply relationship;
Data Subject’s rights.
In your capacity as a Data Subject, you have the rights set forth in art. 15 GDPR and precisely the right to:
I. obtain confirmation as to whether or not personal data concerning you exist, even if not yet recorded, and their communication in an intelligible form;
II. obtain the specification: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the controller, the processors and the designated representative pursuant to art. 3, paragraph 1, GDPR; e) the individuals or categories of individuals to whom the personal data may be communicated or who may be informed of it in their capacity as designated representative in the territory of the State, processors or appointees;
III. obtain: a) updating, rectification or, when it concerns you, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
IV. the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfilment proves impossible or involves the use of means manifestly disproportionate to the protected right;
V. oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the Data Subject, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the Data Subject to exercise the right to object even only partially. Therefore, the Data Dubject can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
Where applicable, you also have the rights referred to in Articles 16-21 GDPR (right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
In case of signing of any form of consent to the treatment requested by TINAZZI S.r.l. please note that the Data Subject may revoke it at any time, without prejudice to the mandatory obligations provided for by the legislation in force at the time of the request for revocation, by contacting the Data Controller, by registered letter A.R., at the addresses below.
Data Controller and Data Processor.
The Data Controller, who can be contacted to enforce the rights transcribed above, is TINAZZI S.r.l., Tax Code and VAT No. 00107370231, with headquarters in Via delle Torbiere, 13, 37017 Lazise (VR). The designation of the data processors and of the appointees is kept at the registered office of the Data Controller. The aforementioned rights may also be exercised by you by sending communications to the following e-mail address: firstname.lastname@example.org.