EUROPEAN REGULATION 2016/679 (known as GDPR) and Legislative Decree 196/03 (amended by Legislative Decree 101/2018) – INFORMATION FOR TREATMENT OF PERSONAL DATA
Company name ECOCART S.P.A.
Address Via Accolti Gil 19 , Z.I. , 70026 Modugno BA
VAT number 03859340725
email address firstname.lastname@example.org
PEC address email@example.com
Treatment holder : Partipilo Michele
Treatment : Partipilo Michele
Dear Sir/Madam, Company/society ownership,
You, as the person with whom we have (or have had) a contractual, written or verbal relationship, in application of the European Regulation 2016/679 called GDPR, we are here to inform you the manner in which your (personal) data are present in our databases of our computers / servers, and how they are handled by us (manner and purpose).
Art. 1 – Object of the Treatment
- We hereby declare that your data relating to:
identification data (company name, first name, last name, address, telephone, email, pec, bank and payment references, type of services / products / work / advice that we offer or that you offer us, currently or in the past 10 years).
- accounting, administrative, tax, employment, social security, insurance data, for the purpose of the mutual fulfillment of the related legal obligations referred to each.
- commercial and marketing data in order to guarantee you the products and/or services we offer updating.
Art. 2 – Purpose of processing
Your data are processed :
A) Without your express consent (art. 24 lett. a b c D. Lgs. 196/03 and art. 16 lett. b e GDPR) for the following Service Purposes:
- to fulfil the pre-contractual, contractual, fiscal and administrative obligations deriving from the relations with you.
- conclude contracts with you, with the preliminary and subsequent management of the data.
- inform you by post, email, pec, telephone, whatsapp, or other means of communication, about service activities related to or supporting the aforementioned contracts (written or verbal), by sending you information or documents that are of interest to us. – fulfil the obligations provided by law, by regulation, by Community legislation, by an order of a public authority
- exercising the rights of the Data Controller in the event of legal proceedings
It is specified that it will not be possible to subsequently deny consent to the aforementioned processing of data of type (A) without making it impossible to continue the contractual relationship mentioned above, with the consequent legal consequences.
B) Only with your specific and distinct consent (Articles 23 and 130 of Legislative Decree 196/03 and Article 7 GDPR) for the following purposes:
- Commercial communications carried out directly by us, by sending by mail, email, pec, telephone, sms, whatsapp, or other means of communication, products or services similar to those of which you have already used.
- Marketing activities carried out directly by us, by sending by mail, email, pec, telephone, sms, whatsapp, or other means of communication, offers for additional services proposed by us, in addition to those already covered by previous written or verbal contracts, including through newsletters, or sending requests for detection of the degree of satisfaction with the quality of the product or services for the purposes of our quality service.
For the aforementioned processing of data type (B) you have the opportunity to notify us of your disagreement (art. 130 c. 4 D.Lgs. 196/03) by PEC (above) or registered letter AR (at the address above) and we are committed to the interruption of the above activities within 10 working days, without further communication.
Art. 3 – Methods of Processing
The processing of your personal data is carried out by means of the operations indicated in art. 4 D.Lgs. 196/03 and art. 4 n. 2 GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data will be processed both on paper and electronically and/or automatically. The Owner will process personal data for the time necessary to fulfill the above purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of data for the Marketing Purposes.
- Access to data: B): to our Data Controller, to our employees and collaborators in their capacity as persons in charge and/or internal data processors and/or system administrators; to third party companies or other subjects (by way of indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that carry out activities in outsourcing on behalf of the Data Controller, in their capacity as external data processors.
- Communication of data without the need for express consent (ex art. 24 letter. a), b), d) Legislative Decree 196/03 and art. 6 letter. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2. A) to judicial authorities to insurance companies for the provision of insurance services, as well as to those persons to whom the communication is required by law for the performance of these purposes. These subjects will process the data in their capacity as independent data controllers. Your data will not be disclosed.
- Data transfer: your data are stored exclusively on our servers and on our computers (which have a system of data encryption (never visible in plain text at external access without encryption password), as well as systems of access by password, and systems of protection against hacking and viruses. Our computers and servers are located within the premises of our aforementioned headquarters (indicated on page 1) and will not be transferred outside in electronic mode except with encrypted technology, where the recipient will have a system of decryption of the document. When it is no longer necessary to store personal data, they are destroyed, deleted or anonymized.
Art. 4 – Nature of data provision and consequences of refusal to respond
The provision of data for the purposes referred to in art. 2. In their absence, we can not guarantee the services of art. 2. The provision of data for the purposes referred to in Article. 2. You may therefore decide not to provide any data or subsequently deny the possibility of processing data already provided: in this case, you may not receive newsletters, commercial communications and advertising material relating to the Services offered by the Owner. However, you will continue to be entitled to the Services referred to in art. 2.
Art. 5 – Rights of the interested party
In your capacity as interested party, you have the rights set forth in art. 7 of Legislative Decree 196/03 and art. 15 of the GDPR and precisely the rights of:
- obtain confirmation as to whether or not personal data concerning you exist, even if not yet recorded, and their communication in intelligible form;
- obtain indication of: a) the origin of the personal data; b) the purposes and methods of treatment; c) the logic applied in the event of treatment with the help of electronic means; d) the identification of the owner, manager and representative designated pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing;
- to obtain: a) the updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- opposition, in whole or in part: a) for legitimate reasons to the processing of personal data that . They concern you, even if pertinent to the purpose of the collection; b) the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or mail. It should be noted that the right of opposition of the person concerned, as set out in point b) above, for direct marketing purposes using automated methods extends to the traditional ones and that, in any case, the possibility for the person concerned to exercise the right of opposition even only in part remains unaffected. Therefore, the interested party may decide to receive only communications by traditional means or only automated communications or neither of the two types of communication. Where applicable, he also has the rights under Articles. 16 – 21 GDPR (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
Art. 6 – Modalities of exercise of rights
You may at any time exercise your rights by sending a registered letter or a PEC to our address indicated on page ONE of this statement.