CUSTOMER PRIVACY POLICY
Dear Customer,
in compliance with the obligations established by the European Privacy Regulation EU / 2016/679 (GDPR) and by Legislative Decree 196 of 30 June 2003 (Code regarding the protection of personal data) we hereby inform you that the G.P.R. Italia srl, with registered office in Via Vecchia Chimica, 1820070 Riozzo di Cerro al Lambro (MI) – ITALY, VAT number 11011800155, as Data Controller, will process the personal data concerning you and that have been or may come to us, by you or by other subjects conferred / communicated in the course of the relationship with our structure.
The processing of data, freely provided by you or otherwise collected, will be carried out in compliance with the privacy regulations in force; based on principles of correctness, lawfulness and transparency and carried out in compliance with the principles of relevance, completeness and non-excess.
The data will be collected and recorded only for the purposes referred to in point 1) and will be kept for these purposes for a period not exceeding 1 year from their collection.
Therefore, according to the provisions of article 13) of the European Privacy Regulation EU / 2016/679 (GDPR) and of Legislative Decree 196/03, we inform you that:
1. The data you provide will be processed for the following purposes:
- For the regular performance of the following institutional activities and / or activities envisaged by the corporate purpose:
- For requirements relating to the stipulation of contracts and assignments, their execution, subsequent amendments or variations and for any obligation envisaged for the fulfillment of the same.
- For operational, organizational, managerial, fiscal, financial, insurance and accounting needs relating to the contractual and / or pre-contractual relationship established.
- To fulfill any type of obligation required by laws, regulations or community legislation.
- For the registration, management and storage of logs of any access to the company website, the company information system and company offices.
- For the needs of monitoring the methods of supplying products / services, the progress of relations with suppliers and the analysis and management of risks associated with the contractual relationship.
- For traditional marketing activities such as: sending brochures, catalogs and commercial and / or technical documentation by paper mail and telephone calls with operator (subject to obtaining your explicit consent).
- For marketing activities with automated or similar tools such as: Fax, E-mail, SMS, MMS, Instant Messaging, Chat and telephone calls without operator (after obtaining your explicit consent);
- For online marketing, web marketing and web advertising activities (subject to obtaining your explicit consent).
- For profiling and / or management of automated decision-making processes (after obtaining your explicit consent).
In this case, you have the right not to be subjected to a decision based solely on automated processing and therefore you may at any time request and obtain human intervention by the Data Controller, express your opinion and contest the final decision. Jack. We also inform you that the automated process will be based on a specific calculation algorithm, which will allow you to make the following decisions that may have legal effects on your person:
2. The treatment will be carried out in the following way:
- Fully automated The treatment may consist of the following operations:
- Collection, registration, organization and storage;
- Consultation and use;
- Processing, modification;
- selection, extraction, comparison;
- Interconnection;
- Transmission and communication;
- diffusion;
- cancellation and destruction;
- blocking and limiting.
The processing will be carried out both with the use of paper supports and with the aid of electronic, IT and telematic tools suitable for guaranteeing the security and confidentiality of the data in accordance with the provisions of art. 32) of the European Privacy Regulation EU / 2016/679 (GDPR) and by art. 31) of Legislative Decree 196/03 on the subject of “suitable security measures” and article 33) of Legislative Decree 196/03 regarding “minimum security measures”.
In carrying out the processing operations, all the technical, IT, organizational, logistical and procedural security measures will always be adopted, as provided for in Annex B of Legislative Decree 196/03, so that the minimum level of protection is guaranteed. of the data required by law. The aforementioned methodologies, applied for processing, will guarantee access to data only to the subjects specified in points 4) and 5).
3. The provision of data
- mandatory and does not require your consent to achieve purposes related to obligations under EU laws, regulations or regulations;
- indispensable and does not require your consent for all personal data essential for the correct establishment, management and continuation of the commercial and / or contractual relationship;
- indispensable and does not require your consent to safeguard the vital interests of a natural person;
- indispensable and does not require your consent for the performance of tasks of public interest or exercise of public authority to which we have been invested;
- indispensable and does not require your consent for the pursuit of the following legitimate business or third party interests;
- optional and requires your explicit consent for all personal data collected for purposes not directly and / or indirectly connected to contractual, pre-contractual, legal obligations, to safeguard vital interests, to carry out public tasks, to exercise public powers or for the pursuit of legitimate interests.
Any refusal, even if legitimate, to provide all or part of the above data, could compromise the regular development of the relationship with our structure and in particular, for the personal data defined as mandatory and indispensable, it could make it impossible to our part to carry out the normal conduct of business operations and the regular supply of the requested products / services.
4. The subjects or categories of subjects who may come to know
of the data or to which the data may be disclosed are the following:
- Legal Representative of the Data Controller: in the name of the pro-tempore administrator;
Personal data may also be disclosed, but only in aggregate, anonymous form and for statistical purposes.
5. If the processing could also concern personal data falling within the category of “sensitive” data (ie data suitable for revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties , trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data suitable for revealing the state of health and sexual life) or “judicial” (ie data suitable for revealing judicial records , of the registry of administrative sanctions depending on the crime and of the related pending charges or the quality of accused or suspected) the treatment will be carried out within the limits indicated by the General Authorizations of the Privacy Guarantor, in the manner provided by Legislative Decree 196/03 for the purposes strictly necessary for the regular performance of company activities, operations relating to the supply of products / services and imentation of contractual and / or legal obligations /
regulation.
In this case, the subjects or categories of subjects who may become aware of the sensitive data or to whom the data may be communicated are the following:
- Legal Representative of the Data Controller: in the name of the pro-tempore administrator;
- Data processors:
- Direction;
- Administration and finance;
6. Personal data may also be disclosed to Public Bodies, Police Forces or other Public and Private Entities, but exclusively for the purpose of fulfilling legal obligations, regulations or community legislation.
The data in question will not be disclosed to other subjects other than those provided for in this information and the data suitable for revealing the state of health of the interested party will in no case be disclosed.
7. The processed data may be processed and transferred, for the purposes referred to in point 1) and according to the methods referred to in point 2), also to subjects referred to in points 4) and 5) located in the countries present in the territory of the European Union.
Based on one of the following assumptions:
- European Commission Adequacy Decision;
- Adequate Privacy Guarantees;
- Authorization by the Privacy Authority.
8. Legal basis of the processing
The Data Controller processes Personal Data relating to the User if one of the following conditions exists:
- the User has given consent for one or more specific purposes; Note: in some jurisdictions the Data Controller may be authorized to process Personal Data without the User’s consent or another of the legal bases specified below, as long as the User does not object (“optout”) to such processing. However, this is not applicable if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
- the processing is necessary for the execution of a contract with the User and / or for the execution of pre-contractual measures;
- the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
- the processing is necessary for the execution of a task of public interest or for the exercise of public authority vested in the Data Controller;
- the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.
9. In any case, you can always request at any time at
- Legal Representative of the Data Controller in the name of the pro-tempore administrator or to the e.mail support@gpr.it
Copy of your personal data, information regarding the location in which your personal data are processed and an updated list with the identification details of all the Data Processors and System Administrators authorized to process your data.
10. At any time, you can freely revoke the consent given, without any burden and prejudice to the lawfulness of the treatments carried out up to that moment, and exercise the following rights of the interested party towards the Data Controller as provided for by the European Privacy Regulation EU / 2016 / 679 and by Legislative Decree 196/03:
Access;
- Rectification;
- Cancellation;
- Limitation;
- Opposition;
- Portability;
Complaint to the Privacy Guarantor