PRIVACY POLICY COSTUMERS/SUPPLIERS
PRIVACY POLICY
In accordance with article 13 of the Regulation for personal data protection (D.Lgs. n. 196/2003) and the art. 13 of the UE regulation 679/2016
AURELIO DOTTI SRL (controller), as the processing controller, in accordance and for the effects of art. 13 of the DLgs 2003, June 30th, n. 196 (Codice privacy) and also art 13 of the UE Regulation 672/2016 (Privacy regulation) and subsequent amendments and integrations, collect and then processes personal data[1] of its customers and suppliers (data subject)
- purpose and method of processing
data subject’s personal data are processed during the ordinary controller activity, in order to pursue the following purposes.
- Complete and correct fulfilment of obligations of the contractual relationship established (Contract)
- Administrative and accounting fulfilments strictly linked to the contract
- Fulfilments of specific obligations provided by the Law, a regulation or a community legislation (for example, anti-money laundering provisions)
- Data subject updating on promotional and marketing actions, through the sent of advertising and promotional material (for example, newsletter), thanks to automated tool and/or traditional means of communication.
The processing of personal data takes place under the authority of the controller, by persons specifically put in charge, authorized and trained in processing method, in accordance with art. 30 of the Codice Privacy and art. 29 of the Privacy Regulation, through manual, computerized or telematic tools, with logics strictly related to the purposes and in any case in order to guarantee the confidentiality and safety of personal data. The processing of personal data may also take place, on behalf of the controller, by the Data Processors specifically designated in accordancewith art. 29 of the Codice Privacy and art. 28 of the privacy regulation.
Personal data will be stored for a fixed period on the basis of nature and duration criteria written in the contract and also on the needs of protection of the interests of the data subject.
- Legal basis of the processing, nature of the contribution and consequences of any refusal, consent of the subject data.
2.1 Purposes referred to previous paragraph 1, points 1., 2. and 3.
With reference to the purposes in paragraph 1, points 1, 2 and 3, the transfer of personal data is mandatory and it is a necessary requirement for the execution of the Contract; in fact, the missed contribution determines the impossibility to receive the service covered by the Contract itself and, therefore, the legal basis of the relative treatment is the correct execution and management of the Contract.
2.2 Purposes referred to paragraph 1, point 4 above.
With reference to the purpose in paragraph 1, point 4, the transfer is optional, and the missed contribution of the relative consent only determines the impossibility of receiving updates on promotional and marketing initiatives, also by sending advertising and / or promotional material (for example, newsletters).
- Subjects or categories of subjects to whom personal data can be communicated and scope of communication.
In relation to the purposes of the process indicated above, and within the strictly relevant limits to the same, personal data of the subject party will be or may be disclosed to the following categories of subjects:
(i) to the Financial Administration and other public authorities, where required by law or upon their request;
(ii) to credit institutions for payment orders or other financial instrumental for the execution of the Contract;
(iii) to the external structures and / or companies of which the Controller relies on, whose aim is carrying out activities, instrumental or consequent to the execution of the Contract
(iv) to external consultants (for example, for the management of tax obligations), if not designated in written form by Data Processors;
(v) to external parties that perform control activities, such as auditing company, board of statutory auditors, supervisory body;
(vi) to factoring companies and / or specialized companies or law firms for the recovery of credits and / or for the protection of their interests / rights
The above-mentioned subjects, to whom the personal data of the data subject will or may be communicated (as not expressly designated as Data Processors), will process personal data as Data Controllers in accordance with Codice Privacy and the Privacy Regulation, in complete autonomy, being unconnected to the original process performed by the controller.
The updated list of the indicated parties and the Data Processors can be provided by the data subject upon request.
The data of the data subject will not be diffused.
If it was necessary for the performance of the Contract, personal data of the data subject may be transferred to EU countries and / or not-EU countries, in full compliance with the provisions of the Codice Privacy, the Privacy Regulation, the provisions and decisions of the authority responsible for privacy, as well as by the community legislation. In particular, the Controller must comply with the provisions of Decisions 2001/497 / EC, 2004/915 / EC and 2010/87 / EU (depending on the case), which require the subscription of the so-called «Standard contractual clauses» between the legal entities involved in the processing of non-EU data.
- Rights of the data subject.
Article. 7 of the Codice privacy and articles 15 and seq. of the Privacy Regulation give the data subject the right to obtain:
- confirmation of the existence or not of personal data concerning him, even if not registered yet, and their communication in an intelligible form;
- indication of the origin, the purposes and methods of processing of personal data, of the logic applied in case of processing with the help of electronic tools, of the identification details of the controller;
- updating, rectification, integration, cancellation, transformation into anonymous form or block of data processed in infringement of law (including those that do not need to be kept for the purposes for which the data are collected or subsequently processed) . The attestation that these operations have been brought to the attention of those to whom the data have been communicated or diffused (also regarding their content), except in the case in which this fulfilment is impossible or involves a use of clearly disproportionate means compared to the protected right.
The data subject also has the right:
- to revoke at any time the consent given to the personal data process, where provided (without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation);
- to oppose, wholly or partly, for legitimate reasons, to the processing of personal data concerning him / her, even though they are relevant to the purpose of the collection;
- to oppose, wholly or partly, to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or carrying out market research or commercial communication;
- to propose a complaint to the authority responsible for the protection of personal data in the cases provided by the Privacy Regulations;
- the portability of personal data within the limits set by art. 20 of the Privacy Regulation.
To know the detailed and constantly updated list of subjects to whom the personal data of the data subject may be communicated and to exercise the rights set up in art. 7 of the Codice Privacy and articles 15 and seq. of the Privacy regulation, the company can contact the Data Controller:
AURELIO DOTTI SRL
P.zza Giovine Italia, 3
20123, MILANO (MI) – Italia
Telefono: +39 031511062
Email: info@dottiinteriors.it
Place and date: Cernobbio, July 2018
[1] In accordance to art.4 of the Privacy Regulation, “personal data” means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”