Pursuant to Article 13 of the EU Regulation 2016/679, hereinafter referred to as the “GDPR” (General Regulations for the Protection of Personal Data), having regard also to the Italian Data Protection Code - Legislative Decree no. 196/2003, we inform you of the following:
The data controller is Jolly Scarpe s.p.a.
VAT no. IT 01549160261
Registered Office: Via Feltrina Sud n. 172 – 31044 Montebelluna (TV) Italy
E-mail: firstname.lastname@example.org - tel. + 39 0423 666411
Purposes and legal bases of the processing
Personal data we collect from you will be processed only for the following purposes:
a) stipulation and performance of the contract and all activities related hereto, such as orders collection, price quotation, invoicing, credit protection, protection of rights and interests of the controller, administrative, managing, logistics/organizational services for the performance of the contract;
b) discharge of obligations laid down by law, regulations and provisions issued by authorities with legal power and by supervisory and control bodies.
Data processing legal bases for purposes a) and b) are: the performance of a contract or the implementation of pre-contractual measures taken at your request, and compliance with legal obligations.
c) marketing and promotional activities relating to the controller’s products and services; these activities consist of commercial and promotional communications, using both traditional means (e.g. telephone, mail) and automated methods (e.g. sms, fax, mms, e-mail)
Only data processing for the purpose referred to in point c) requires your express consent. This consent concerns both automated and traditional methods of communication.
However, under Article 6(1)(f) and Recital 47 of the GDPR, where the data subject is already a client, the controller has a legitimate interest for processing personal data for the purposes referred to in letter c).
You have the right to withdraw your consent or restrict the processing, at any time, by sending a request to email@example.com. The withdrawal or restriction of consent does not affect the lawfulness of processing based on consent before its withdrawal/restriction.
How we process your data
Personal data processing operations are defined in Article 4(1)(2) GDPR for the above-mentioned purposes, both in paper and electronic format, using electronic or automated instruments.
We process personal data lawfully, fairly, in a transparent manner, safeguarding the client’s rights and consistently with data privacy and protection laws.
The processing is performed by the controller, its processors and/or persons in charge of processing activities under the supervision of the controller or the processor.
Compulsory or optional nature of personal data provision and possible consequences of failure to provide such data
Personal data required for the purposes referred to in letters a) and b) must be provided in order to comply with legal obligations and/or to conclude and execute the contract and to provide the requested services/products. Therefore, refusing, even partially, to provide such data makes it impossible for the supplier to establish and manage the contractual relationship and to provide the requested service/product.
The provision of personal data required for the purposes referred to in letter c) is optional. Refusing to provide such data makes it impossible to provide the activities described therein.
Communication and dissemination of personal data
Your personal data may be disclosed, strictly in line with the obligations, tasks and purposes mentioned above, to:
- people to whom such information must be forwarded in order to fulfil to, or to require the fulfilment of, obligations laid down by contracts, laws, regulations and European Union law;
- supervisory and control public bodies/authorities;
- natural and/or legal persons who provide services that are crucial to the activities of the data controller for the above-mentioned purposes (e.g. suppliers, consultants, companies, bodies, professional firms, contractors, agents). These persons may act as data processors or as persons in charge of processing activities.
Your personal data will not be disseminated.
How long we keep your data
We will retain your personal data for the whole term of the contract. After the termination of the contract itself, your data will be stored in order to comply with legal obligations, to provide legal product warranties and for the storage of administrative documents. After the retention period, your data will be deleted.
The ordinary retention time is 10 years after the complete execution of the contract, unless more time is needed because of judicial or extra-judicial disputes.
Personal data required for marketing/promotional purposes will be processed for no longer than 1 year after the last marketing/promotional communication.
Your personal data will be stored on servers located within the European Union.
However, the data controller shall have the right to move the servers outside the EU, if necessary. In this case, the data controller guarantees that the transfer of non-EU data will take place in accordance with the legal provisions, by applying the standard contractual clauses provided for by the European Commission.
Your data protection rights
According to the GDPR, you have the following rights:
1. to obtain confirmation as to whether your personal data are being processed, even if they are not registered yet, and to receive such data in intelligible form;
2. to know: a) from which source the personal data originate; b) the purposes of the processing and how data are processed; c) the existence of automated decision-making and the logic involved; d) the identification data concerning controller, processors and representatives designated pursuant to Article 3(1) GDPR; e) the recipients or categories of recipient to whom the personal data have been or might be disclosed;
3. to obtain: a) the updating, rectification or – taking into account the purposes of the processing – integration of personal data; b) the erasure of personal data (‘right to be forgotten’ pursuant to Article 17 GDPR), data anonymization or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) restriction of processing in the cases specified by Article 18 GDPR; d) confirmation that the operations mentioned in points a) and b) have been brought to the attention, including with regard to their content, of those to whom the data were disclosed, except where this proves impossible or implies the use of means that are clearly disproportionate to the right being protected; e) where applicable, the right to data portability in accordance with Article 20 GDPR.
4. to object, in whole or partially: a) on legitimate grounds, to the processing of your personal data, even though they are relevant to the purpose of the collection; b) the processing of your personal data for the purpose of sending advertising materials or implementing direct selling activities, for market research or commercial communications, by means of e-mails and/or traditional forms of communication such as telephone and/or mail; you may choose to receive marketing communications by traditional means only or only automated communications or neither of the two.
You have therefore all the rights set up under Articles 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object).
Furthermore, you have the right to lodge a complaint with a Data Protection Authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.
In order to exercise the above-mentioned rights, for questions and for more information about data processing and safeguard measures, you may email to firstname.lastname@example.org.
select your position