CUSTOMER INFORMATION NOTICE PURSUANT TO ART. 13 and REGULATION (EU) 679/2016
Data Controller:
OFFICINA MECCANICA MINGAZZINI SRL (hereinafter referred to in short as MINGAZZINI SRL) in the person of its current legal representative pro tempore, with registered office in VIA PINI 29/A – VAT no. 00149570343 Certified Electronic Mail: mingazzini@pec.mingazzini.it – Telephone: 0521 1880611
PERSONAL DATA PROCESSED AND PURPOSES OF TREATMENT
The personal data subject to processing is the identification data (personal and postal contact details, e-mail address) provided by you.
Processing: collection – conservation – organisation, structuring, adaptation modification, extraction, consultation, use, transmission and cancellation.
ORIGIN OF DATA: data is obtained from the data subject and provided by them by filling out the relevant form that is available on the undersigned organisation’s website
PURPOSES:
A) instrumental and/or complementary and functional to the performance of the contractual/pre-contractual relationship, the data provided will be processed for the execution of contractual obligations (and/or the necessary pre-contractual activities) or to fulfil the order request, and for the purposes connected and instrumental to its management and any post-sales activities, including complaint management; litigation management; risk management and control (credit lines, insolvency); pre-contractual solvency checks; risk control; financial services for supplier management; supplier electronic payments; insurance management
B) for the fulfilment of legal obligations (e.g. accounting as well as fiscal and tax obligations);
C) for sending informative messages and commercial and promotional communications regarding the Controller’s activity, products and services, through automatic tools such as e-mail and text messages, as well as traditional means, such as operator phone contact, in full compliance with the principles of lawfulness and fairness and the provisions of the law
NATURE OF THE PROVISION
Purposes A-B )==== The provision is optional but necessary, and any refusal by the data subject makes it impossible for the Data Controller to follow up the establishment of a relationship and its timely execution.
Purpose C====The provision is in any case optional with regard to data processing for sending informative messages and commercial communications, and requires specific consent
IN CASE OF REVOCATION OF CONSENT, SEND AN E-MAIL TO THE FOLLOWING ADDRESS: privacy@mingazzini.it
LEGAL BASIS OF PROCESSING
The legal basis for processing the aforementioned data for the purposes referred to under A) and B) of paragraph “Purpose of data processing” is the fulfilment of obligations deriving from the existing contract, or so-called pre-contractual agreements and/or legal obligations.
The legal basis for processing the aforementioned data for the purposes referred to under C) is free, informed consent.
Processing as described under A – B may occur on the legal basis referred to in Art. 6, Para. 1, Lett. f) of GDPR (processing is necessary for the pursuit of the data controller’s or third parties’ legitimate interest, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail. To pursue the organisation’s legitimate interests, protect corporate assets and people, while ensuring proper functioning of the information system).
PROCESSING METHODS
Data is processed through computer-assisted procedures or in any case electronic means, or manually and with supported hardcopy, by internal or external subjects, specifically appointed and authorised for this purpose and committed to confidentiality. Data is processed and stored with suitable tools to guarantee security, integrity and confidentiality by adopting adequate security measures, as required by the law.
COMMUNICATION AND DISCLOSURE OF DATA, RECIPIENTS
The data collected will not be disclosed or disseminated.
Communication to third parties other than the Data Controller, in-house referents/nominees and processors outside the company structure and the persons in charge of processing, identified and duly appointed in accordance with the provisions of the law;
is provided to public bodies for legal obligations, as well as, where necessary for the pursuit of the purposes indicated in this information notice and in any case within the limits thereof, to third parties and companies, such as legal and industry consultants, credit institutions, insurance companies, credit recovery and contract consultancy companies, freight forwarders, third-party supply and IT and technical support companies, companies operating in the IT sector (Data Centres, Cloud Providers, companies providing IT services such as cloud services, back-up services and/or companies in charge of managing and servicing equipment and software, including applications, services and/or platforms delivering and managing streaming services, and/or making contents, videos and images available on the web and even offline, etc.), companies in charge of security – including IT – management and data privacy, commercial information companies; auditors, professional auditors and professional firms for the execution of contracts (e.g. mail enveloping and sorting companies, carriers and transporters, sub-suppliers), telemarketing and web-marketing companies, also residing outside the European Economic Area, committed to properly and regularly pursuing the purposes described. In any case, processing by third parties must be carried out correctly, in compliance with the laws in force and with no automated processes.
APPOINTMENT OF THE SUB-CONTROLLER
Additional Data Processor; The Data Processor may use another Data Processor (hereinafter referred to as the “additional Data Processor” or “Sub-controller”) to manage specific processing activities. In this case, he/she informs the Data Controller in advance and in writing of any change he/she has identified regarding the addition or replacement of other Processors. The controller has appointed one or more Data Processors. These processors may be internal or external to the Company. Internal processors belong to the homogeneous functional corporate areas that need to process data for the purposes indicated in this information notice, such as the purchasing department, IT administration office, logistics-warehouse office, etc.; external controllers are all those categories of external subjects to whom the Company must communicate data for the aforementioned purposes (when these external parties do not assume the direct role of autonomous data controllers as a result of the scope of managerial autonomy due to them in relation to the processing entrusted to them).
TRANSFER OF DATA ABROAD, TO COUNTRIES OUTSIDE THE EUROPEAN ECONOMIC AREA
In relation to the aforementioned processing purposes, data may be transmitted abroad and processed by third parties, established and located in the territory of countries in the European Economic Area.
RETENTION TIME
Data will be processed and stored for the time necessary to accomplish the administrative, accounting and fiscal purposes related to the contractual relationship between the Controller and the customer and to fulfil the obligations pertaining thereto as well as associated with those established by law (10 years from processing termination), in any case within the prescribed time limits provided for by the law for the rights and obligations underlying processing for the exercise of the rights deriving from the contractual relationship, even after its definitive termination, and those possibly necessary to settle any medium-term dispute arisen if longer.
With reference to the processing for the purpose of sending commercial and promotional communications of the Controller’s activities, products and services, and for sending informative messages relating to their business, data will be stored for two years after the last contact with the Controller of the processing, and in any case until the data subject exercises the right of opposition through the procedures available for this purpose.
RIGHTS OF THE DATA SUBJECT
Pursuant to articles 15 to 22 of Regulation (EU) 2016/679, the data subject can assert his/her rights by contacting OFFICINA MECCANICA MINGAZZINI SRL (hereinafter referred to in short as MINGAZZINI SRL) – VIA PINI 29/A; VAT no. 00149570343 Certified Electronic Mail. mingazzini@pec.mingazzini.it – Telephone: 0521 1880611
E-mail address: privacy@mingazzini.it
In particular, pursuant to the applicable regulations, he/she is entitled to:
Article 15. Data subject’s access right; Article 16. Right of rectification; Article 17. Right of deletion (“right to be forgotten”); Article 18. Right to restrict processing; Article 19. Notification obligation in the event of rectification or deletion of personal data, or processing restriction; Article 20 Right of data portability; Article 21. Right of opposition; Article 22. Automated decision-making relating to natural persons, including profiling; Article 23. Restrictions
LIST OF PERSONS IN CHARGE
An updated list of internal contact persons and data processors appointed by the Data Controller, pursuant to art. 28 of EU Regulation 679/2016, is available at the Data Controller’s registered office. For any communication relating to the exercise of the data subject’s rights, contact the Data Controller at: privacy@mingazzini.it
MODIFICATIONS AND UPDATES
This information notice may be subject to changes and additions, also as a result of the applicable legislation on the protection of natural persons being updated, with regard to processing personal data and freely circulating it.
This information notice may be subject to change also in accordance with the applicable legislation and regulations in force