INFORMATION NOTE ON PERSONAL DATA PROCESSING– CUSTOMERS/SUPPLIERS
within the meaning and for the purposes of art. 13 of the EU Regulation 2016/679
(General Data Protection Regulation)
Dear Customer/Supplier, according to art. 13 of the EU Regulation 2016/679 hereafter “Regulation” and in connection with the personal data pertaining to you, our company, in his capacity as data processing controller, due to the existing contracts, would like to provide the following information.
1. Identification details of the data processing controller
The data processing controller is LOTUS CALZE s.r.l. with registered and operational office in Via Piubega, 12 46040 CERESARA (MN). The contract data are as follows: Telephone (+39) 0376 87624 Fax. (+39) 0376 87028 E-mail: email@example.com. It should be noted that, in consideration of the fact that the data processing controller is established within the European Union, the appointment of a representative of the data processing controller shall not be required.
2. Contact details of the data protection officer
Subsequent to verification of the applicability of the provisions of art. 37 of the Regulation, the appointment of a Data protection officer has been excluded because the company does not fall within the scope of any specific case.
3. Purpose of the personal data processing and legal basis
The processing is aimed at the fulfilment of the following actions: - Fulfilment of legal and/or contractual requirements, performance of usages and customs relating to the company’s commercial activity; - Drawing up of accounting and administrative documents; - Management of legal requirements and contentious proceedings; Fulfilment relating to the legislation in force on health and safety at the workplace; - Fulfilment relating to the implementation of the Management System within the company. The legal basis of the processing consists of the following elements: contract for acquiring/supplying goods or services, Legislative Decree 81/2008 and its amendments regarding the legislation in force on health and safety at the workplace and the regulations associated with application of both Civil Code and Penal Code. The processing is achieved by means of operations or sets of operations and in particular: data collection, recording, organizing, storing, processing, modification, comparison, interconnection; selection, retrieval, consultation, communication, blocking, cancellation and destruction; it is performed with or without the assistance of electronic means; it is carried out by the Controller’s organization or by trusted companies, such a list is available at the Controller’s company offices; they are forthright partners of our company and operate completely independently as external data supervisors, obliged to comply, personally and under a contract with our company, with the regulations on personal data protection. Personal data are not subject to disclosure.
4. Data processing controller’s legitimate interests
Should any processing pursuant to art. 6, paragraph 1, letter f) be realized, it will take place exclusively for the satisfaction of the data processing controller’s legitimate interests.
5. Recipients of personal data
The personal data collected can be communicated to: - all those whose right of access to data is recognised under regulatory requirements; - to our employees for the performance of their functions; - to all those physical and/or legal persons, public and/or private subjects, in case such communication is necessary or functional to the provision of our services, with ways and means above specified.
6. Transfer of personal data abroad
The data processing controller shall not transfer personal data abroad to third countries or international organizations outside the European Union.
7. Retention period for personal data
The time limit of data retention for tax purposes currently in force (10 years) is used as a benchmark.
8. Data subject’s rights
The subject has the right (Chapter III Data Subject’s Rights) to ask the data processing controller access to personal data and amendment or deletion of the same, and limitation or opposition to their processing and data portability. To exercise those rights, reference must be made to the above-mentioned contract data.
9. Withdrawal of consent
The subject has the right to withdraw the consent given in accordance with art. 6, paragraph 1, letter a) and with art. 9, paragraph 2, letter a).
10. Right to complain with a Supervisory authority
The subject has the right to lodge a complaint with a Supervisory authority, which can be reached at the following contact details: Garante per la protezione dei dati personali - Piazza di Monte Citorio n. 121 00186 ROMA Fax: (+39) 06.69677.3785 Telephone switchboard: (+39) 06.696771 E-mail: firstname.lastname@example.org Certified email address: email@example.com . Details and procedures to exercise the right to complain are available online at the Supervisory authority site: http://www.garanteprivacy.it.
11. Communication of personal data
The communication and subsequent processing of personal data is a necessary condition for executing the existing contract with Our company. In the event of a failure to communicate them, the contract will not be enforceable.
12. Automated decision-making process
The collected personal data will not be subject to decision-making processes, including the profiling.
WHAT ARE COOKIES?
Cookies are small text files that a website places on a User’s device when he/she visits the website. Every time the user goes back to the same website, the cookies are sent back to the website that originated them (first-party cookies) or to another one that recognizes them (third-party cookies). Cookies are useful because they allow a website to recognize the User’s device. They perform different functions, such as, for example, allowing you to efficiently navigate the pages on the site, remembering your favourite sites and, in general, improving your web browsing experience.
Depending on the function and purpose of use, cookies may be divided into technical cookies, profiling cookies, and third-party cookies.
Technical cookies are intended to enable functions that are essential for making full use of the Website.
These cookies are needed for the operation of procedures based on multiple passages (several consecutive pages, such as applications for contracts), for keeping track of the user’s choices on the Site’s contents to be displayed and the functionalities to be enabled or disabled.
Essential cookies cannot be disabled using the Site functions.
Technical cookies are also those statistically used to analyse accesses or visits to the site and are also known as “analytics”. They provide exclusively statistical data and collect information in aggregate form without possibility of tracing back to the identification of the individual user.
Analytics cookies can also be third-party cookies (Google Analytics) for which reference should be made, for further information, to the privacy of their respective owner.
Profiling cookies are intended to provide the user with a better browsing experience of the Site, by displaying contents in line with the preferences shown by the user during the browsing, in accordance with the content displayed and with other parameters of behaviour.
The user can decide to block single cookies of the Site using the appropriate browser options.
In such a case, some features of this Site may not work as intended.