Pursuant to Regulation EU 2016/679 (hereinafter the Regulation or "GDPR") and the national legislation in force concerning the protection of personal data, this information is provided: to natural persons operating in the name and on behalf of the Customers, to the Customer themselves, if they are a natural person (e.g. individual firm or professional), to the site visitors, hereinafter also Data Subjects.
1.Data Controller: MARCATO SPA, with registered office at 12 via Rossignolo in Campodarsego (PD), Tax Code/VAT Number 00729930289, Tel. +39.049.9200988, fax. +39.049.9200970, e-mail: firstname.lastname@example.org.
3. Purpose, legal basis of the processing and mandatory provision of the data - The Data Controller processes personal data:
- for purposes strictly connected and instrumental to the management and performance of contracts with customers (e.g. acquisition of information prior to the conclusion of a contract, preparation of quotations, provision of services, management of developmental requests, assistance, etc.). The provision of personal data for this purpose and their processing are required to the extent that the Data Subjects consider it necessary to disclose them in order to guarantee the effectiveness of the pre-contractual, supply and assistance activities performed by the Controller. Such processing operations do not require the consent of the Data Subjects. The legal basis of the processing is identified in the need to stipulate or perform a contract;
- in the case of an individual firm or a professional, for the purpose of protecting the assets and the rights of the Controller, such as the acquisition of information pertaining to the solvency thereof or the recovery of debts. The data are necessary for the stipulation of the contract. The legal basis of the processing is identified in the legitimate interest of the Data Controller and consent is not required;
- for direct/indirect marketing purposes (illustrative and non-exhaustive list): sending of commercial information and newsletters, communication of promotional initiatives and events organised by the Controller or by its sector partners.
The provision of personal data for these purposes is not mandatory and the relative processing requires the consent of the data subjects. Failure to provide consent will not affect the service provided but will make it impossible for the Controller to send you commercial communications. The legal basis of the processing is identified in the express consent.
4. Categories of recipients of the personal data: the personal data, within the limits and with the purposes indicated, may be disclosed to or become known and therefore be processed by:
- employees and consultants of the Controller, agents, companies that provide IT services (site management, Internet services, etc.), in their capacity as external processors;
- freight forwarders or carriers for the goods to be delivered;
- companies specialising in information systems on the solvency of Customers, companies and/or professionals for debt collection;
- producers of the goods supplied by the Controller;
- persons that may access the data according to law, or community legislation, within the limits set by the law;
The complete list of recipients is available at the office of the Controller.
5. Data retention period: the personal data in question are processed for the entire duration of the business relationship and also subsequently for a maximum of 10 years; for marketing purposes, the data are processed and stored until consent is withdrawn.
6. Transfer of data abroad: processing is normally carried out in Italy; for specific business processes, the personal data may be transferred to countries outside the European Economic Area (EEA), in which case data protection is ensured by specific contractual clauses.
7. Automated decision-making processes: any automated decision-making process is excluded, including profiling.
8. Rights of the data subject: the Data Controller informs that, in reference to the data provided, you as the Data Subject have the following rights:
- to access data and acquire a copy: obtain from the Data Controller confirmation that your Personal Data are being processed and, in this case, obtain access to the Personal Data and to the information set forth by art. 15 of the GDPR, including, by way of example: the purposes of the processing, the categories of Personal Data processed, etc.;
- rectification: obtaining from the Data Controller the rectification of your Personal Data which are inaccurate as well as, taking into account the purposes of the processing, the completion thereof, if they are incomplete, providing adequate documentation;
- erasure of the personal data: request the Data Controller to erase your Personal Data, for one of the reasons provided for by art. 17 of the GDPR, including, by way of an example, if the Personal Data are no longer necessary with respect to the purposes for which they were collected or otherwise processed or if the consent on which the processing of your Personal Data is based has been withdrawn by you and there are no other legitimate grounds for the processing. The Controller may not erase your Personal Data: if their processing is necessary, for example, for the fulfilment of a legal obligation, for the establishment, exercise or defence of legal claims;
- restriction of processing: obtain the restriction of the processing of your Personal Data in one of the cases envisaged by art. 18 of the Regulation, including, for example: if you contest the accuracy of your Personal Data, for a period enabling the Controller to perform the appropriate checks; objection to processing, pending the verification whether the legitimate grounds of the Controller override those of the data subject;
- to the portability of electronic data that are subject to automated processing: obtain from the controller a copy of the Personal Data you provide in a structured, commonly used and machine-readable format (example: computer and/or tablet); transmit your Personal Data received to another Data Controller, without impediment by the Data Controller itself and based on your precise authorisations and instructions;
- to object to the processing: block the processing if this is carried out for the pursuit of a legitimate interest of the Controller (including profiling), unless there are legitimate reasons to proceed with the processing (reasons overriding the interests, rights and the freedoms of the data subject), or the processing is necessary for the establishment, exercise or defence of legal claims;
- to withdraw consent to processing, without prejudice to the lawfulness of the processing based on the consent acquired before the withdrawal;
- to lodge a complaint with the competent supervisory authority: Italian Data Protection Authority.
9. Contact details: for any clarification and to exercise their rights, the data subjects may contact the Data Controller by writing to:
12 via Rossignolo
35011 Campodarsego (PD)