PERSONAL DATA PROCESSING INFORMATION TO THE CUSTOMERS in accordance with the art. 13 of Reg. UE 679/2016
in accordance with the provisions of EU Regulation no.679 of 2016 about Personal Data Protection and in particular art.13 of the same, the Company I.M.V. S.p.a. (Tax ID and VAT no. IT00641570254, legal headquarters in 32038 Quero Vas (BL), Via Feltrina 24, Tel.+39 0439 788141, Email firstname.lastname@example.org) is the Data Controller in charge of the treatment of the personal data you will provide during the business relationship. In accordance with said regulation the Company shall process these personal data according to the principles of lawfulness, fairness, transparency, and the further principles as stated in art. 5 Reg. UE 679/2016.
Therefore, the Company provides the following information:
A) Personal Data Processing
“Processing” means, as stated in no.2 of. art.4 Reg UE 679/2016, any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal data shall be processed, stored and transmitted – in a manner that ensures appropriate security, confidentiality and a complete compliance with Reg. UE 679/2016 – in paper or electronic format and by computerized means. When the data are collected by computerized means (including, but not limited to, PC, Notebook, Tablet, mobile phone, SIM card, wireless modem, email, internet access) they shall be stored in on-site and off-site digital archives and may be known by the Companies providing hardware and/or software service, which shall be in turn nominated as Processors in charge of your Personal Data Processing.
The required personal data shall be limited to what is necessary to provide your requested services, i.e. your name, date and place of birth, tax code, address, identity card, other personal identification data such as phone number and e-mail address.
B) Purposes of Data Processing
The Data Controller shall process personal data of Customers-Users with the purpose of providing the requested service and performing all necessary administrative, commercial, accounting and fiscal connected activities as provided for in the current regulations. Moreover, upon explicitly, freely given consent of the Customer-User, the Company will use the Personal Data to provide information about Products and/or Services or any other projects and events by periodically sending promotional and informative material by e-mail and/or telemarketing.
C) Authorized natural persons in charge of Data Processing
Your personal data may be disclosed within the Company to the persons authorized to process them by the General Manager of the Company and/or by their appointed persons.
Such persons, identified according to their area of interest and profile, will be authorized by the General Manager and their appointed persons to process Personal Data only under their direct authority and explicit instructions.
D) Subjects to which the data may be disclosed – Recipients
In order to perform some activities connected to the processing of your data the Company, as Data Controller, may disclose your data to third parties providing connected, necessary or useful services as per the purposes of the processing including but not limited to:
- carriers and forwarders;
- subjects providing specific processing and consulting services for administrative, legal and fiscal management on behalf of our Company;
- subjects providing processing and/or maintenance service of the information systems;
- subjects providing information security systems;
- financial institutions;
- debt collection agencies;
- associate and subsidiary companies;
- other public or private parties in compliance with legal obligations.
An updated list of these subjects can be requested to the Company as Data Controller. The Company will specify which of these subject act as Data Processors on behalf of the Data Controller. The Data Processors appointed by our Company undertook to implement technical and organizational measures to ensure that the processing is compliant with Reg EU 679/2016 and that your Personal Data are protected.
Moreover, the appointed subjects undertook by countersigning a specific letter of engagement to fully comply with art. 28 Reg EU 679/2016, to act on behalf of the Data Controller and under their authority according to art.29 of the same Regulation and to notify any personal data breach according to the 2nd comma of art.33 Reg EU 679/2016.
E) Transfer of personal data to a third country
Your personal data shall not be transferred to a third country.
F) Rights of the data subjects; complaint with a supervisory authority and judicial remedy
The data subject shall always have the possibility to exercise the rights as per art. 15 et seq. of Reg. EU 679/2016 (access to the personal data, rectification and erasure of the same, restriction of processing, objection to processing, data portability).
Moreover, it is always possible to lodge a complaint with a supervisory authority in charge (as per art. 77 Reg EU 679/2016) or an effective judicial remedy (as per art. 79 Reg EU 679/2016) if the data subject considers that his or her rights have been infringed as a result of the processing of his or her personal data.
G) Storage period
Your personal data shall be stored as long as necessary to provide the service as you requested and pursue the purposes as per letter B.
H) Obligation to provide personal data and legal grounds
Providing your personal data is a contractual obligation, a condition to close the contract and therefore to provide the requested service. Your refusal to provide your personal data shall therefore result in the impossibility for the Company to provide the requested service. You shall have the right to object to our processing of your data for direct marketing purposes and the only consequence shall be to make it impossible for the Company to send you promotional and informative material.
The legal grounds for processing your personal data come from:
- the need to perform a contract to which you are party as the data subject (letter B art. 6 Reg UE 679/2016);
- the need to comply with a legal obligation to which the Company is subject as controller (legal grounds as per letter C, comma 1st, art. 6 Reg EU 679/2016);
- the legitimate interest of the controller to implement the business relationship (legal grounds as per letter. F, comma 1st, art. 6 Reg EU 679/2016)
Quero Vas (BL), 13/12/2018
The Controller I.M.V. S.p.a.
In the form of its Legal Representative, Mr Claudio Gallo