INFORMATION PURSUANT TO THE RULES OF THE U.E. REGULATION No. 2016/679 (so-called GDPR)
Preg.mo interested in the treatment, ie the one to whom the personal data refer (including the common, sensitive, judicial or so-called details, from now on for convenience generically called personal data) that will come into contact and will have reports negotiation with the undersigned data controller La informo, which, according to the provisions of Articles 13 and ss of EU Regulation no. 2016/679 (hereinafter also only "GDPR"), the personal data you have provided to MONETTI SRL normally from the time of booking and requesting services and until the termination thereof, will be processed in compliance with the aforementioned law. For this purpose I provide you with the following information.
1.- THE IDENTITY AND CONTACT DETAILS OF THE HOLDER OF THE TREATMENT
HOLDER of the TREATMENT, that is in the meaning of which to the art. 4 GDPR that is the one who decides the purposes and means of the processing of personal data, is MONETTI SRL, c.f.-p.iva 01319680532, Strada dell'Airone 11C / 11D, 58010 Albinia GR (Italy) tel. 0564 860877 email of the Owner: email@example.com - from now on also called only "owner".
2.- CONTACT DATA OF DATA PROTECTION MANAGER (DPO or RPD)
There is no legal obligation, the holder has NOT appointed a data protection officer (DPO)
3.- PERSONAL DATA PROCESSED, THE PURPOSE OF THE TREATMENT TO BE DESTINED, PROCESSING METHOD AND THE LEGAL BASIS OF TREATMENT
PERSONAL DATA PROCESSED AND HOW WE COLLECT PERSONAL DATA
The undersigned treatment holder has, as indicated in the notice, as a business object a commercial activity of:
production, design, assembly, wholesale and retail trade of products related to safety and emergency system components, control units for automation and remote controls, pyrotechnic products, explosives and accessory products, postponing otherwise to what is indicated in the Chamber of Commerce .
Given that customers are mostly made up of commercial companies in a corporate form and therefore outside the scope of application of the GDPR, nevertheless the undersigned has wanted to make its own legislation on personal data protection.
The data we process are obtained mostly directly from you, for example if you contact us directly by going to our office or via our website, via e-mail or by telephone through our direct line, in order to request information on our services o goods, if you buy one of our goods or services, for example through our websites or our social networks (Face book etc.); If you participate in an event organized by us; there are also the data collected through the Social where we also manage the reviews. Newsletters, on-line questionnaires, internet site, remote possibility of registration of Wifi asking for data entry are possible. Data may also be collected that also concerns you via the video surveillance system once it is installed.
If you provide personal data on behalf of someone else, it is your responsibility to ensure, before you do so, that you have read this Privacy Notice. If you are under 18, please do not give us any personal data, except through the person who exercises parental authority over you.
WHAT DATA CATEGORIES OF PERSONAL DATA WE COLLECT
The processing of personal data takes place in a lawful and correct, inspired by the principles of necessity, correctness, lawfulness, transparency, protection of confidentiality, relevance and non-excess or minimization of data with respect to the purposes of treatment, without prejudice to the obligations of which it is further the data controller is kept on matters of confidentiality and professional secrecy and their dissemination or communication is limited to the cases prescribed by current laws, regulations or Community legislation.
We treat the data of the following subjects even if not all are qualified as interested according to the GDPR: Customers, Users, Suppliers, Employees, Collaborators.
In general we treat name, surname, email address, residential address, domicile, telephone number, city, country, region, VAT number, tax code, bank details eg IBAN code in case of activation of payment methods eg cash orders etc.), paychecks, billing data including electronic, household, identity card, data of candidates who send their curriculum vitae. Biometric or genetic or judicial data are not processed (in the meaning referred to in the GDPR).
USERS: Those who access the WEB services we offer (website and Facebook and other social networks if they are active); name, surname, email address, telephone number, mobile phone number, residential address.
SUPPLIERS: Company name, VAT number, iBan code, Address of the office, e-mail address, telephone number, mobile phone number, country, region.
CUSTOMERS: Name, surname, email address, residential address, telephone number, city, country, region, VAT number, tax code, purchase history.
EMPLOYEES and co-workers: office clerks the trader processes their data and hiring / training courses / residence / medical certificates and they process company data eg. of colleagues and customers on documents and management; employees in the warehouse and direct sales to the counter have access to the management system and to the personal data - accounting cards of the customers themselves so the owner processes their data and they process those of the company; other employees manage only the goods (we process their data but they do not process company and customer data) - as for the production workers, the owner deals with their data and hiring / training courses / residence / medical certificates, but they do not come in contact with company data.
technicians for interventions: the owner processes their data and they come in contact with the basic data of our customers eg: residence, domicile and address.
In addition, at the time of purchase and the stipulation of a possible loan, the following additional requirements are requested: Iban Code, payroll, family unit, identity card, health card, driving license, tax documentation, etc.
The data of users on the web are currently collected by nomra for ecommerce, for the purpose of soft marketing and improvement of the service and kept for legal obligation; customer data, such as paychecks, identity documents, family units, bank details, etc. are collected for the execution of sales contracts or (if required) financing. All other customer data is collected by law and improvement of services; Supplier data is collected by law and internal functions necessary for the activity.
With regard to the so-called sensitive or particular data processed, apart from those of employees or collaborators to fulfill legal obligations, the undersigned holder may occasionally process health data concerning you and / or your children under 18, necessary for obtain, if any, subsidies or discounts due to the presence of disability or incapacity, also referred to in the note "law 104" or in the event of any request for damages.
Trying to define what is now explained below are the following categories of personal data concerning you and / or your children under 18 and can be collected through the various services and contact channels described in this Privacy Notice:
a) Contact details - information regarding name, address, telephone number, useful data for issuing / sending documents (invoices - ddt etc.), organization of interventions also at their home, shipment of goods, email address, to contact them in order to organize interventions and for any communications - reminders; internal annotations to list communications made and answers / info provided by the customer; IP address (eg data for registration on the site and, if present, in case of use of the WIFI service).
b) Payment details - Information relating to the payment systems chosen by you, such as credit card number, debit card, IBAN ID, etc., bank details for issuing orders or requests for payment, ri.ba , even for unpaid debts.
c) Complete identification data - information relating to your identity, including the tax code, the residence, derived from the identity documents required by law such as identity card, passport, driving license, etc.
d) Interest and preferences - information that you provide us with regard to your interests, for our commercial purpose or ancillary services, if and when activated.
e) Other personal data - optional information that you provide to us for the exclusive purpose of personalizing the service.
f) Use of the Site information relating to the way in which it uses our site, opens or forwards our communications, including information collected through cookies and other tracking technologies.
g) Your account details - information to your account on our site.
h) Images - images that depict your person collected through photos and / or videos made during events organized with us with your consent or via the video surveillance system installed.
i) Data relating to your state of health or other data belonging to particular categories - information that you provide us with regard to some of your physical conditions (eg in the presence of invalidity or if you have difficulty in ambulating or if you are entitled to to the law 104 foreseen for specific hypotheses of disability / invalidity etc.)
Therefore, within the limits of the purposes and methods described in this Notice, information that may be considered as "Simple or common personal data", which include your personal details, your bank details, your contact details (such as for example, mobile phone number, e-mail address, hereinafter, jointly, "Personal Data") and as "Special Data" as characterized, in accordance with the GDPR, by a particular nature; they refer, in fact, to physical health and, more generally, they are able to provide information on the state of health of the user.
For convenience of reference, within the present Information, the expression "Personal Data" shall be understood as a reference to all your personal data, unless otherwise specified.
WHAT ARE THE PURPOSES AND CONDITIONS OF LAW TO TREAT YOUR PERSONAL DATA (PURPOSE AND LEGAL BASIS OF TREATMENT)
The Personal Data collected will be processed for the purposes and on the basis of the following legal bases:
Legal basis of the processing
Categories a), b) (when relevant): for the management of your contractual relationship or to execute pre-contractual measures (such as, for example, the request for information or the estimate, the provision of the service). In this case, you are free to give your Personal Data also particular; however, failure to provide it (when essential to the performance of the contractual relationship) will not allow you to establish the aforementioned relationship and satisfy your request or obtain benefits
the treatment is necessary in relation to the execution of a contract of which you are a part - art. 6 GDPR lett. B)
Category c): for communications required by the public security regulations or fiscal obligations. Failure to provide data implies the impossibility of providing the service in its favor
the treatment is necessary for a legal obligation - art. 6 GDPR lett.c)
Categories d), e), f), g), h) and i) in some cases subject to your specific consent, for the personalization and improvement of the service with specific reference to specific needs. The lack of data communication does not prevent the service but prevents the personalization and improvement.
Your consent and legitimate interest of the owner (ecommerce, marketing, satisfaction assessment, personalization of the service, etc.) ARTT. 6, 7, 9 GDPR
Categories d), e), f), g), h) and i) subject to your specific consent the completion (and subsequent use) of surveys and to contact you, at the addresses provided, in order to verify the quality of service rendered to you and your degree of satisfaction; these activities will however be limited and limited, in the spirit of discretion of our structure and the lack of consent prevents us from getting to know its degree of satisfaction.
your consent and legitimate interest of the holder (as specified above)
ARTICLES. 6.7, 9 GDPR
Categories a), d), e), i) subject to your specific consent, to send you pro-memories and promotional communications; communications relating to events organized by the owner or by the commercial partners (together with "marketing purposes") these activities will in any case be limited and limited, in the spirit of discretion of our structure. Failure to consent or revoke the consent previously provided prevents us from being able to contact you in relation to our initiatives.
Your consent and legitimate interest of the holder (as specified above)
ARTICLES. 6.7, 9 GDPR
Category a) to send you communications relating to services for which, if already our client, has already shown interest and stops the possibility for you to object to these communications. This activity will however be limited and limited, in the spirit of discretion of our structure. Failure to consent prevents us from being able to contact you in relation to our initiatives.
Legitimate interest of the holder (as specified above)
ARTICLES. 6 (also letter f), 7, 9 GDPR
HOW THE TREATMENT OF YOUR PERSONAL DATA COMES
Personal Data will be processed using manual, computerized or telematic tools, suitable for guaranteeing security and confidentiality, and will be carried out by personnel duly trained in compliance with the Applicable Regulations.
In addition to cases in which it is necessary to contact you for needs related to our business, where you consent to the processing of your data for other purposes indicated herein, you may be contacted by e-mail, text message, mobile messaging or through any electronic tool equivalent or by paper mail or call by operator to all the addresses provided. If you prefer to be contacted only to one or some of these addresses, you can make a specific request by request at the email address of the holder
If you express your consent, your personal data may be processed and stored even after the statutory deadline in a computerized archive of management of customer relations and possibly stored in one or more appropriate archives or databases of the company.
Therefore the treatment is aimed only at the fulfillment of contractual and regulatory obligations, for the correct and complete execution of the requested service, received and connected to activities or other services requested by you, including the administrative management of the various contractual obligations (for example preparation, enveloping, sending correspondence and communications also in electronic format or by telephone, including via mobile phone and its messaging, etc.).
I remind you that pursuant to art. 4 n. 2 GDPR data processing is any operation or set of operations performed with or without the use of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction . Reference should also be made to the legislation that regulates the business of the owner and which regulates the related activities
4.- THE POSSIBLE ADDRESSEES OR THE POSSIBLE CATEGORIES OF ADDRESS OF PERSONAL DATA - therefore TO WHO WE COMMUNICATE YOUR DATA
The processing, in compliance with the provisions of the GDPR 2016/679, may take place by:
- owner's staff (eg employees or collaborators, etc.) specially appointed by the owner, periodically also trained to protect personal data; the personnel in charge will normally only process the personal identification data and those relating to the payment of the service.
In any case, personal data may also be processed by
The data of customers and suppliers can be accessed by the accountant and the auditor (if appointed) for the correct management of company accounts. In the case of an electronic invoice, the data passes through an interchange system (SdI), managed by the Revenue Agency directly visible also by the State Accounting Office. The user data are communicated, through automated systems, to GOOGLE following its own policy conservation and privacy for the data processed;
- third parties as external process managers specifically identified such as, for example, third parties or companies that provide support services to the company's activities, or to professionals with whom specific agreements have been signed pursuant to the Regulations or for support in the management of the activities;
- there is also the trusted IT technician and our management system who can come into contact with your data in the maintenance and revision operations of the computer hardware and software system and control of the backup copy; then there is the website operator who can view all personal data left on the web by the interested party; I remain at your disposal, upon your express request, to provide you with the name of the trusted computer technician, web agency as well as any other external manager or person in charge of processing indicated in this statement.
- At the moment we do not have a cloud manager but if there is any intention in the future, we will choose a reliable one and with servers in EU countries and that complies with the privacy legislation referred to in GDPR.
- Your personal data will also be processed by third-party external managers, eg the accountant, labor consultant, occupational physician, also in order to fulfill the obligations envisaged in the tax and accounting field and in this case only common personal data will be provided ; furthermore, if you request us, we will provide your data to those who will carry out the controls required by law.
- all'Istat if required by law;
Your personal data may also be communicated as an example to the following subjects or to the categories of persons indicated below: Banking institutions for the management of payments; Financial administrations, private companies, professional firms (lawyers in the presence of litigation, etc.) or public or private bodies in each case to fulfill regulatory obligations; lawyers, service companies, law firms for the protection of contractual rights. Regarding the payment of the owner's compensation, except for the case of cash (within the limits of the law), whether you use your bank transfer or check or credit card or debit card, I inform you that in case of use of the service pay pal or booking and payment via the website or through the pos and in this case the data are processed exclusively and directly by the bank, and / or paypal; in any case it is possible that, by providing your bank details, even only the Iban, you can emerge where you have the current account, in which Agency etc., since the system of bank payments is so set on the basis of laws and regulations without that the holder has no decision-making power in this regard. In general, your personal data, object of treatment for the purposes indicated above, can not be disclosed to third parties except when it is necessary or required by law such as the Public Security or Judicial Authority or when the conditions of law exist; in other cases, behind your express and free consent. Personal data will in no case be disseminated (usually we refer to social media, etc.) without your consent.
- from browsing our site you can see the history of the services used, browsing history online, images of expenses incurred, acts relating to the person; in these cases your data are provided such as name, surname, address, date and place of birth, landline or mobile phone number, credit card, email address, reason of stay, data to register at Wifi if activated by the holder, data bank accounts of customers or agencies in case of return of deposits or incorrect charges. If the browsing history is not deleted by you as an internet user, it remains with all your data if, for ex. use the Pc station.
5.- TRANSFER PERSONAL DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION
The data controller does not transfer personal data to a third country that is not a member of the European Union (nor in any Member State of the European Union) or to an international organization. Furthermore, your data will not be transferred either to Member States of the European Union, or to third countries not belonging to the European Union. If there is any intention in the future, the holder will provide you with appropriate information and all that is necessary to be in line with the current privacy legislation.
6.- PERIOD OF CONSERVATION OF PERSONAL DATA OR THE CRITERIA USED TO DETERMINE THIS PERIOD
Below is a table that contains the indications of the retention times (or the criteria of determination) of Personal Data, after which your data will be deleted; in general, the personal data of customers and suppliers are kept for a maximum of 10 years for the purpose of carrying out the company's activities; the personal data of the USERS category are kept for 180 days for statistical purposes and for the improvement of the service and for any commercial communications, but a longer deadline than the following is allowed:
Purposes Time of conservation
Categories a), b) (contract) For the entire duration of the relationship and subsequently for 10 years also for tax and anti-money laundering purposes
Category c) The time prescribed by law
Category d), e), f), g), h), i) service improvement 24 months after the end of the contract or service
Category d), e), f), g), h), i), verify satisfaction 24 months from collection, due to the possibility, frequently in practice, of further relations with you, without prejudice to the possibility for the data subject to modify and / or revoke their will at any time regarding the consent
Category d), e), f), g), h), i), marketing 24 months from the end of your last relationship with us, due to the possibility, frequent in practice, of further relations with you, without prejudice to the possibility for the interested party to modify and / or revoke their will at any time with regard to consent
Your personal data, object of treatment for the above mentioned purposes, will be conserved for the whole duration of the contractual relationship and, in compliance with the civil and fiscal regulations, for the following ten years starting from the end of the relationship.
With your express consent, even in your interest, this holder is available to keep your personal data for a further period than the ordinary one, even for over ten years.
In any case, where provided, the data are kept for the times prescribed by the regulations in force.
7.- CONSEQUENCES OF FAILURE TO COMMUNICATE PERSONAL DATA OR REFUSAL TO TREATMENT
With regard to personal data the processing of which is necessary and functional for the performance and fulfillment of the performance and contract of which you are a part or for the fulfillment of a regulatory obligation (for example, those related to the keeping of accounting records and tax records as well as, for example, for the correct application of security measures also for the electronic tools of the owner), failure to communicate personal data or any refusal to treatment make it impossible to improve or continue the contractual relationship. In the cases instead in which you decide not to give consent for the so-called treatment. optional of your personal data, ie in cases where the performance of the service and the contractual relationship is allowed (eg processing by third party external managers, when "optional", previously recalled or sending of advertising material, etc. ) Your data will be processed as you requested and will be processed only the data necessary for the "basic" performance and the performance of the contract. In these cases, therefore, you will not be able to use additional services of our structure as, not allowing the sending of information, you will not be aware of it. In cases where the treatment is based on consent, you have the right to revoke the consent at any time, without obviously prejudicing the lawfulness of the processing (and based on the consent given) before the revocation.
8.- RIGHTS OF THE INTERESTED PARTY
You, as an interested party, may exercise, with reference to your personal data, the rights provided for in articles 15 to 22 of the GDPR and that are delivered separately for further information and in general the right: - to see your data processed with transparency (articles 5 and 12 GDPR); - to receive the information; - right of access to your personal data; - the right to obtain correction or limitation of the processing that concerns you; - the right to obtain cancellation of the same (the right to be forgotten, in certain circumstances);
- the right to object to the treatment (interrupting the processing of your personal information); - right to data portability (law applicable to data in electronic format), as governed by art. 20 GDPR that allows, upon your request, to transfer your data from the undersigned to another holder indicated by you in electronic format, readable by the new owner; the data portability rights only apply to personal information we have obtained directly from you and only if our processing is done automatically, based on consent or execution of a contract; - the right to withdraw the consent at any time without prejudice to the lawfulness of the treatment based on consent before the revocation; - the right to lodge a complaint with the supervisory authority by contacting the competent Guarantor Authority; for further information or models you can consult the institutional website of the Privacy Guarantor www.garanteprivacy.it - the right to request any information concerning the processing of your data, also through the persons in charge of processing at the owner's office. You can always ask us to: confirm if we are processing your personal information, receive information on how we process your data, obtain a copy of your personal information, update or correct your personal information. In particular on the right to object to the processing, you have the right to request that your personal information be processed: • for marketing purposes, • for statistical purposes, • where such processing is based on our legitimate business interests, unless we are able to demonstrate a legitimately grounded reason for such processing or if the processing of your personal information is necessary to ascertain, exercise or defend a right in court.
Right to limit the processing; has the right to request that the processing of your personal information be limited: • if you are considering or taking steps to respond to your request to update or correct your personal information, • if they are no longer required or required by us, but desires that we retain data to ascertain, exercise or defend a right in court, • if you have submitted an opposition to processing on the basis of our legitimate business interests and are awaiting our response to that request. If we would restrict the processing of your personal information in accordance with your request, we will inform you before involving you again in such processing.
SENDING REQUESTS RELATING TO YOUR RIGHTS:
your requests can be sent to the email address above; we will reply to all requests of this type within 30 days of receipt of the request, unless there are mitigating circumstances, in which case it may take up to 60 days for the reply. We will inform you if we anticipate that it may take more than 30 days for our response. However, some personal information may be excluded from these rights under applicable data protection laws. Furthermore, we will not respond to any request unless we can adequately verify the applicant's identity. We could charge you, when required by the rules, a reasonable amount for the subsequent copies of the data you are requesting. Right of withdrawal of consent: you have the right to withdraw your consent to any processing that we conduct exclusively on the basis of your consent (such as sending direct marketing materials to your personal email address). You can withdraw your consent by contacting the email address above-The withdrawal of consent, however, does not affect the lawfulness of the treatment based on consent before the revocation itself.Our services are not intended for persons under 18 and personal data concerning them and we do not knowingly collect data concerning them.
9.- EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING THE PROFILING
We do not use automated decision systems and we do not resort to profiling, that is direct to use your personal data to analyze or predict aspects concerning professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or trips etc. (art.22 para 1 and 4 GDPR).
GROSSETO, 24.05.2018 THE HOLDER OF THE TREATMENT