(pursuant to Chapter III, sections 2 and 3 of the European Data Protection Regulation)
the European General Data Protection Regulation (“GDPR”) dictates that any processing of personal data be grounded on a suitable legal basis, and also mandates the respect of the fundamental freedoms and of the dignity of the Data Subject, with particular reference to privacy, personal identity and the right to protection of said data.
In compliance with the aforementioned Regulation and the confidentiality obligations that are at the basis of our Company’s activities, we wish to assure you that any personal data provided by you to our Company will be the object of a treatment (the “Processing”) following principles of lawfulness, correctness, purpose, adequacy, relevance, accuracy, transparency and accountability.
We also wish to remind you that the processing of said personal data is necessary for the execution of the contract between us and the Data Subject, for the fulfillment of legal and regulatory obligations, and in pursuance of the legitimate interests of the Owner, and will always take place in the respect of the interests and fundamental rights of the Data Subject.
We specifically wish to inform you of the following:
1. Purpose of the Processing
fabbricadigitale s.r.l. collects and processes Customers’ personal data for:
a) the execution of the obligations deriving from contractual relationships with fabbricadigitale s.r.l … or the performance of pre-contractual activities, namely;
- the fulfillment of legal obligations and/or Community regulations;
- the enabling of the administrative/accounting management of the company;
- the enabling of the sale/lease/invoicing of products and/or the provision of services through direct contact with customers, or via the Internet;
- the fulfillment of obligations arising from the contract between the parties;
- the management of complaints and disputes;
- the planning of activities;
- the management of customer relations.
b) purposes functional to the activity carried out by fabbricadigitale s.r.l., such as:
- sending informative material or commercial proposals, either by e-mail, text or ordinary mail
- the collection of customer satisfaction feedback with respect to products/services purchased, either directly or through specialized companies.
2. Data Categories
The Processing is strictly limited to personal data relevant to the above purposes:
- Identification data such as name, address, telephone and e-mail addresses, social security number and VAT number, identity documents if necessary
- Administrative and accounting data
Pursuant to art. 9 Chapter I (“particular categories of personal data”) of the Regulation, the Processing of the Data Subject’s personal information will not extend to data of a sensitive nature, (i.e. those data “… which might reveal racial or ethnic origin, religious, philosophical or other beliefs, political opinions, party affiliation, union membership, association with organizations of religious, philosophical, political or trade union nature, as well as personal data of such a nature as to reveal health conditions or sexual preferences/habits”).
The personal data of the Data Subject are, or were, provided to the Company by the Data Subject, as specified in Chapter III, Section 2, art. 13. The Data may also be collected from third parties, in which case it will be our responsibility to promptly inform you about the data processing methodology, pursuant to Chapter III, Section 2, art. 14.
3. Processing methodology
fabbricadigitale s.r.l.. processes the personal data of its Customers in a lawful and appropriate manner, in such a way as to ensure their confidentiality and security. Furthermore, fabbricadigitale guarantees the utmost integrity, availability and confidentiality of the processed data, in compliance with ISO Standard 27001:2013. The Processing is carried out through the use of manual, computerized and telematic tools, with organizational methods and logic processes strictly related to the above indicated purposes.
4. Nature of the data contribution
With regard to the purposes listed under section 1. a) above, we inform you that the processing and communication of your personal data by fabbricadigitale does not need your consent, being a required step in the execution of contractual and legal obligations.
While the Data Subject will always have the right to request the interruption of the Processing, this would result in the impossibility for fabbricadigitale to continue the contractual relationship and related activities, with the consequences and potential damage that this might entail for the Data Subject.
5. Scope of data communication and dissemination
The data will be processed by fabbricadigitale’s formally appointed staff.
The purposes listed at section 1. a) above may also be pursued by third parties, authorized to process the data as external Managers or independent Holders.
These entities are entrusted with performing or providing specific services that are strictly functional to the execution of contractual relationships, and/or activities complementary to ours, and can be:
- banks and credit institutions;
- professionals, external debt collection companies and financial auditors;
- suppliers of technological services to fabbricadigitale s.r.l.;
- affiliated companies and/or subsidiaries.
Names and addresses for these entities will be made available upon request of the Data Subjects.
In the execution of legal or contractual obligations between the parties, the data may also be disclosed to other third parties including, for example:
- Public entities
- Judicial authorities
- Controlling institutes
- Certification organizations
The data will not be subject to disclosure.
Were it necessary, for the fulfillment of contractual obligations, to transfer the data to Third Countries (e.g. in the context of Cloud services), fabbricadigitale will apply the principles of the European Regulation, Chapter V.
6. Data retention
fabbricadigitale S.r.l. will retain the Data for a period corresponding to the duration of the contractual relationship, or otherwise adequate for the purposes of the Processing and for compliance with accounting, tax and regulatory obligations.
7. Rights of the data subject
In relation to the processing of personal data, the Data Subject holds all rights pursuant to Chapter III, Section 2, art. 15, section 3, art. 16, 17, 18, 19, 20, section 4, art. 21, and Chapter IV, section 2, art. 34 of the Regulations. Among these, we specifically wish to remind you of the Data Subject’s rights of:
- access to the Data:
- notification that the processing of his/her personal data is underway;
- communication of the transfer of data to a Third Country or to an international organization;
- obtainment of a copy of the personal data being processed (provided that no rights and freedom of others are infringed);
- cancellation (oblivion);
- treatment limitation;
- notification in case of rectification or cancellation of personal data or treatment limitation;
- data portability;
The Data Subject also has the right to be notified without undue delay in the event of a personal data breach.
8. Owner and Manager
Processing Owner: fabbricadigitale S.r.l.
Data Processing Coordinators: General Manager, HR Director.
Please address requests for any further information to: firstname.lastname@example.org