Vighi Security Doors has updated its procedures for the protection of data of Customers and Suppliers in accordance with the indications of article 13 of (EU) Regulation 2016/679
Privacy Information Statement pursuant to Article 13 EC Regulation 2016/679 (hereinafter “GDPR”)
EU Regulation 2016/679 protects the confidentiality of personal data guaranteeing the freedom and rights of the data subjects. Therefore, it imposes a precise set of obligations on those in possession of and those who "process" personal information referred to other subjects.
Among the most important obligations imposed by the new Community regulatory framework is that of informing data subjects and acquiring their consent to processing in the prescribed cases, especially where the processing activity requires that the data be communicated to other further subjects.
In the light of the above, we hereby inform you pursuant to Article 13 of the GDPR in question - Vighi Security Doors SpA collects and processes the personal data of the data subjects concerned without their express consent pursuant to Article 24, letters a), b), c) of the Privacy Code, and Article 6, letters b) and e) of the GDPR solely for purposes related to the management of ordinary business relationships, specifically for the preparation of purchase orders, the issuance of invoices and credit notes, the compilation of lists of personal data, the keeping of customer/supplier accounting, managing credit, fulfil all obligations imposed by the laws in force, and internal statistical processing as part of Quality and market research activities.
The data of the Data Subject may be disclosed to third parties only for technical and operational requirements that are closely related to the purposes set out above, and in particular to the following categories:
a) Bodies, professionals or other structures entrusted by us to fulfil tax, administrative, accounting, and management obligations related to the ordinary conduct of our business activity, also for credit recovery purposes;
b) Public authorities and administrations for the purposes related to tax and legal obligations;
c) Banks, financial institutes, technical operators or other persons to whom the transfer of such data is necessary for the performance of the activity of our company in relation to the performance on our part of the contractual obligations entered into with you.
Personal data may be used for the following marketing purposes only with the prior specific and separate consent of the data subject (Articles 23 and 130 of the Privacy Code and Article 7 GDPR):
- Sending newsletters, commercial communication and/or advertising material on products and services offered by the Data Processor, and detecting the degree of satisfaction with the quality of services via e-mail, mail, sms and/or telephone contacts;
- Sending third-party marketing communications or advertising via e-mail, mail, sms and/or telephone contacts.
Your personal data is processed through the operations indicated in Article 4 of the Privacy Code and Article 4, No. 2), GDPR, namely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data is processed both on paper and in electronic and/or automated form.
The Data Controller will process personal data for the time necessary to fulfil the aforementioned purposes and in any case for a period of no more than 10 years from the termination of the relationship, for administrative/accounting purposes, and for no more than 2 years from the collection of data for marketing purposes.
Processing can be carried out using both IT and manual tools in compliance with all the precautions needed to guarantee the security and confidentiality of the information.
In your role as Data Subject, you have the rights referred to in Article 7 of the Privacy Code and Article 15 of the GDPR, and precisely:
i. To obtain confirmation of the existence or not of your personal data, even if not yet registered, and its communication in an intelligible form;
ii. Obtain the indication of: a) the origin of the personal data; b) the purposes and methods of the processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) identity details of the data controller, data processor, and the representative appointed pursuant to Article 5, paragraph 2, of the Privacy Code and Article 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, data processors or people designated for the processing;
iii. Obtain: a) the updating, correction, or, when there is founded and concrete interest, the integration of data; b) the deletion, transformation into anonymous form or blocking of data processed unlawfully, including data that does not need to be kept for the purposes for which the data was collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where this is impossible or involves the use of means manifestly disproportionate to the protected right;
iv. To object, in whole or in part: a) for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of the collection; b) to the processing of your personal data to send sending advertising or direct sales material or for carrying out market research or commercial communications, through the use of automated call systems without the intervention of an operator, e-mail and/or through traditional telephone and/or paper mail marketing methods. The Data Subject's right to opposition provided for in point b) for direct marketing purposes through automated means is also extended to traditional means. The Data Subject party may elect to receive communications only through traditional methods, only automated communication or neither type of communication.
Where applicable, the Data Subject enjoys the rights referred to in Articles 16-21 GDPR ("Right of rectification, right to be forgotten, the right to the restriction of processing, the right to data portability, the right of opposition) as well as the right of complaint to the Data Protection Authority. Always and in any case in compliance with the Data Controller's obligations deriving from the law.
You can exercise your rights at any time by sending:
- A registered letter with return receipt to Vighi Security Doors SpA - Via A. Volta No. 3 – 43052 Colorno (PR)
- E-mail to firstname.lastname@example.org
The Data Controller is Mr. Lorenzo Muratori - Via A. Volta No. 3 - 43052 Colorno (PR)
The updated list of data processors and persons in charge of processing is kept at the Data Controller's registered office.
Colorno, 22 May 2018