POLICY ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13 AND 14 OF EU REGULATION 2016/679
Pursuant to Arts. 13 and 14 of EU Regulation no. 2016/679 on the protection of personal data (hereinafter the "GDPR" or "Regulation"), Selle Royal S.p.A. (hereinafter the "Selle Royal" or the "Controller") hereby informs you that the personal data (hereinafter the "data") relating to you or your company (hereinafter the "Customer" or "Data Subject") and to the natural persons acting on behalf of the latter acquired from the Customer or third parties, will be processed in compliance with the provisions of the Regulation and in accordance with the following policy.
It is understood that it is the responsibility of the Customer to inform the natural persons acting on its behalf of the data processing referred to in this policy and request their consent, where necessary.
1. DATA CONTROLLER
The Data Controller is Selle Royal S.p.A., with registered office in Via V. Emanuele, 119, 36050 Pozzoleone (VI); tel. +39 0444461100; e-mail firstname.lastname@example.org
2. PURPOSE AND LEGAL BASIS OF PROCESSING
The data will be processed by the Controller for the following activities:
- registration of customers and management of requests for contact and/or information material
- activities related to management of the contractual relationship
- activities related to promotional campaigns and information on the activities of and events organised or participated in by Selle Royal S.p.A.
Processing takes place in the context of the contract in place between the Companies or of execution of pre-contractual measures between the same and to fulfill legal obligations, as provided for by Art. 6(1) (b) and (c) of the GDPR. In the context of the existing contractual relationship, pursuant to Art. 130(4) of Legislative Decree 196/03, this also includes the sending of promotional material related to that purchased by the Customer and information about the Controller's activities.
3. DATA PROCESSING METHODS
Personal data relating to natural persons acting as a contact between the customer company and the Data Controller will be processed by means of paper archives and media or with the aid of IT and telematic media, respecting their confidentiality.
4. DATA RETENTION PERIOD
The data will be retained for the duration of the contract for the activities referred to in point 2; while the contact details and contact persons of the Company will be retained for 10 years from the end of the contractual relationship, as required by national legislation, for activities limited to the fulfilment of obligations (e.g. of a tax and accounting nature) that persist even after termination of the contract.
This without prejudice to cases in which the rights deriving from the contract and/or from registration need to be asserted in court, in which case the personal data of the Data Subject necessary for such purposes, will be processed for the time necessary for their achievement.
5. RECIPIENTS OR CATEGORY OF RECIPIENTS
Processing is carried out by personnel authorised and trained by the Data Controller.
The communication of the personal data of Data Subject takes place vis-a-vis third parties whose activities are necessary for performance of the activities concerning the relationship established such as:
- Service providers
- Public Administration
The data controller will not transfer your personal data to countries where the GDPR does not apply (non-EU countries) unless there are specific indications to the contrary, in which case you will be informed in advance and, where necessary, your consent will be requested.
6. RIGHTS OF THE DATA SUBJECT
a) obtain confirmation of whether or not personal data concerning them is being processed;
b) where processing is in progress, obtain access to the personal data and information relating to such processing and request a copy of such personal data;
c) obtain rectification of inaccurate personal data and integration of incomplete personal data;
d) obtain, where one of the conditions laid down in Art. 17 of the GDPR is met, erasure of the personal data concerning them;
e) in the cases provided for by Art. 18 of the GDPR, obtain restriction of processing;
f) receive personal data relating to them in a structured, commonly used and machine-readable format and request its transmission to another controller, if technically feasible.
In order to ensure that the above rights are exercised by the data subject and not by unauthorised third parties, the controller may request the same to provide any additional information necessary for this purpose.
7. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
Data subjects may lodge a complaint with the Personal Data Protection Authority if they believe that their rights under the GDPR have been violated, in the manner indicated on the website of the Authority available at: www.garanteprivacy.it.
For further information on this policy or on any privacy issue, or if you wish to exercise your rights or withdraw your consent, you can contact the persons listed in the “DATA CONTROLLER” section.