Legal Principle and Purpose of Processing
The Controller processes personal data for several purposes:
To adopt the pre-contractual measures required by the data subject, e.g. sending information about products or services (including brochures, catalogues and/or other corporate material) or an estimate, as well as to pursue the Controller’s legitimate interests by checking the data subject’s solvency and to manage any litigation: the legal basis for processing is the need to pursue such aims;
To use the data subject’s e-mail address to transmit commercial communications containing information about products or services, including promotions or invitations to events in which the Controller will participate: this requires express consent.
Data Storage Period
The Controller will adopt the following time criteria when processing the data:
In the event of requests for information the data will be processed for the time needed to reply; in the event of a request for an estimate, the data will be processed for no longer than five years, subject to storage for the time needed to define any controversy arising;
For the aims mentioned in clause 2), data will be processed for 24 months after the last communication, subject to consent being withdrawn earlier.
Provision of Data and Refusal
Provision of personal data for the aims mentioned in clause 1) is necessary in order to forward the request and receive a reply: failure to provide the data, therefore, will make it impossible for the Controller to comply with the request. Provision of personal data for the other aims mentioned is optional: if not provided, the Controller cannot carry out the related activities, but can legitimately pursue the aims mentioned in clause 1).
Categories of Recipients
The Controller will not disseminate the data, which will be communicated exclusively within the company to persons authorised to process data as a result of their corporate positions, or to sales agents, commercial information agencies, consultants, business associations and/or organisations, professionals or service agencies and public and private bodies, also to respond to inspections and checks.
If such recipients process data on behalf of the Controller, they will be nominated data processors with a special contract or other legal deed.
Transferring Data to a Third Country and/or International Organisation
Under normal circumstances personal data will not be transferred to non-Member third States or to international organisations. To send newsletters the Controller uses the Mailchimp platform, whose servers are located in the USA: please not that this supplier declares it is committed to compliance with the Privacy Shield Framework, considered by the European Commission a guarantee of suitable security measures.
Transferring Data to a third country and/or international organisation
To send newsletters the Controller uses the Mailchimp platform, whose servers are located in the USA: please note that this supplier declares it is committed to compliance with the Privacy Shield Framework, held by the European Commission to guarantee suitable security measures.
Rights of Data Subjects
Data subjects have the right to unsubscribe from this service at any time and to request from the Controller access to and rectification of inaccurate information concerning him or her, or erasure of personal data or restriction of processing concerning the data subject or to object on legitimate grounds to processing, as well as the right to portability of personal data provided by the data subject, only if they are processed electronically on the basis of consent or a contract. The data subject also has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
To exercise their rights, data subjects can use the form available in the link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924 and forward it to the Controller at the following email address: [firstname.lastname@example.org]. Data subjects also have the right to lodge a complaint with a supervisory authority, (in Italy Garante per la protezione dei dati personali (www.garanteprivacy.it).