(Articles 13 and 14 EUROPEAN REGULATION No. 679/2016)
GRS srl, located in Via Cavalieri di Vittorio Veneto, 14 – 30030 Martellago (Venice), F.C. and VAT n. 04071710273 as “Data Controller” informs you, pursuant to articles 13 and 14 of European Regulation no. 679/2016 (hereinafter “EU Regulation”), that your data will be processed as indicated below:
- Object of the data processing
The Data Controller informs you that personal data, such as name, surname, company name, address, telephone number, e-mail address, bank and / or payment details, etc.), hereinafter referred to as “personal data” or even simply “data”, related to you, even verbally acquired in the past, both directly or through third parties, such as those that will be collected in the future, may be processed in full compliance with the EU Regulation. The Data Controller carries out the processing in a lawful manner specifically for the execution of a contract of which you are a part or for the execution of pre-contractual measures (e.g. preparation of an offer, etc.) requested by you (art. 6 of the EU Regulation).
Data processing means any operation or set of operations concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, diffusion and destruction of the data.
- Legal basis and Purpose of the data processing
Legal basis: EU Regulation n. 679/2016
- A) without your express consent (Article 6 letters b), c) and e) of the EU Regulation), for the following purposes:
– pre-contractual, contractual and tax obligations deriving from existing relations with you;
– obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering);
- exercise the rights of the Data Controller, for example the right of defense in court;
- for the keeping of the general accounts;
- for management purposes (invoicing, possible document management, etc.);
- for credit management;
- for statistical analysis and quality control;
- for insurance operations;
- for technical assistance.
In particular, your data will be processed for purposes related to the implementation of the following obligations, related to legislative or contractual obligations:
- Technical and functional access to the site no data is kept after closing the browser;
- Advanced navigation purposes or personalized content management;
- Statistics and analysis of navigation and users.
- B) Only after your specific and distinct consent (Article 7 of the EU Regulation), for the following commercial and / or marketing and / or profiling purposes:
- sending by e-mail, mail and / or SMS and / or telephone contacts of newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller and / or detection of the degree of satisfaction on the quality of what was done on your request;
- sending by e-mail, mail and / or sms and / or telephone contacts of commercial and / or promotional communications of third parties (for example, business partners).
- Method of data processing
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) of the EU Regulation and precisely: the collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form, comparison or interconnection, limitation, cancellation or destruction, blocking. Your personal data are subjected to both paper and electronic and / or automated processing (suitable to guarantee the security and confidentiality of data).
- Data retention times and other information
The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no longer than the legal terms from the termination of the relationship for the purposes referred to in the current relationship. With reference to the personal data processed for the purpose of marketing or processing for purposes of profiling, the same will be retained in accordance with the principle of proportionality and in any case until the purposes of the processing have been pursued or until the withdrawal of the specific consent by the interested party. Specifically, the Data Controller will process data for no more than 2 years from data collection for Marketing Purposes and one year for data collected for profiling purposes.
The personal data you provide will be treated “lawfully, fairly and transparently” protecting your privacy and your rights.
- Access to data
Your data may be made accessible for the purposes referred to in paragraphs 2.A) and 2.B):
– to shareholders, employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
– to third-party companies or other entities that carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors (indicative: associated studies, lawyers, data processing companies, certifying bodies, accounting / tax consultants, credit institutions, professional offices, consultants, insurance companies for the provision of insurance services, financial offices, municipal authorities and / or municipal offices, consultants and service companies and for job security, who can communicate the data, or grant access to them in the context of their members, users and related parties for specific market researches. Data collected and processed can also be communicated, in Italy and abroad, to subcontractors, suppliers, for the management information systems, transporters, shippers and customs agents).
For brevity, the detailed list of these figures is available at our office and is at your disposal.
- Data Communication
Without the need for express consent (Article 6 letter b) and c) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in paragraph 2.A) to supervisory authorities, judicial authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of the purposes indicated above.
These subjects will process the data in their capacity as independent data controllers.
During and after browsing your data may be disclosed to third parties, in particular to:
- Google: Advertising Service, Target Advertising, Analytics / Measurement, Content Customization, Optimization;
- Google AdWords: Advertising Service, Target Advertising, Analytics / Measurement, Content Customization, Optimization;
- Google Analytics: Target advertising, Analytics / Measurement, Optimization.
Your information will not be disclosed.
- Data transfer
Personal data are stored on devices located at the headquarters of the Data Controller or at providers within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move data even in non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the contractual clauses and standard verifications by the European Commission.
As regards the data present on its devices, and for any data present at the provider, the Data Controller has implemented appropriate technical and organizational measures to ensure a suitable level of security, in full compliance with the provisions of art. 32 of the EU Regulation.
Navigation: your browsing data may also be transferred, limited to the purposes indicated above, in the following states: – EU countries, – United States.
- Nature of providing data and consequences of refusing to answer
The provision of data for the purposes referred to in paragraph 2.A) is mandatory. In their absence, we can’t guarantee the Services as indicated in 2.A).
The provision of data for the purposes referred to in paragraph 2.B) is optional. You can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications and advertising material and / or anything else related to the Services offered by the Data Controller.
However, you will continue to be entitled to the Services referred to in point 2.A).
- Rights of the interested party
As an interested party, you have the rights set forth in art. 15 of the EU Regulation below and precisely:
- the right to obtain from the Data Controller confirmation that it is or is not undergoing treatment of personal data concerning you and, in this case, to obtain access to personal data and the following information:
- a) the purposes of the processing;
- b) the categories of personal data;
- c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
- d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
- e) the existence of the right of the interested party to request the Data Controller to rectify or delete personal data or limit the processing of personal data concerning you or to oppose their treatment;
- f) the right to lodge a complaint with a supervisory authority (the Guarantor for the protection of personal data);
- g) if the data are not collected from the data subject, all information available on their origin;
- h) the existence of an automated decision-making process, including profiling pursuant to art. 22, paragraphs 1 and 4 of the EU Regulation, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this treatment for the data subject.
- If your personal data are transferred to a third country or to an international organization, you have the right to be informed of the existence of adequate guarantees pursuant to art. 46 of the EU Regulation concerning the transfer.
- The Data Controller will provide you with a copy of your personal data being processed in case you request it.
If you request further copies, the Data Controller may charge you a reasonable fee based on administrative costs. If you submit the request by electronic means, and unless otherwise specified, the information will be provided in a commonly used electronic format.
- The right to obtain a copy referred to in paragraph 3 shall not affect the rights and freedoms of others.
Moreover, where applicable, you can enjoy the rights referred to in Articles 16 to 21 of the EU Regulation and precisely have:
- the right to rectify personal data;
- the right to be forgotten (right to cancel);
- the right to limit processing;
- the right to data portability;
- the right to object;
- the right of complaint to the Guarantor Authority.
You also have the right to revoke at any time any consent already given without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation.
- How to exercise rights
You can exercise your rights at any time by sending:
- a registered letter with return receipt to the following address: GRS Srl, Via Cavalieri di Vittorio Veneto 14 – 30030 Martellago (VE);
- an e-mail to email@example.com
What is offered by the Data Controller and the subject of your relationship with you does not provide for the intentional acquisition of personal information relating to minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of the interested party.
- Personal data not obtained from the interested party
It may happen that the writer is not the Data Controller to which you have given your personal data, but it appears to be co-owner of the treatment or responsible for external processing and that therefore your data have come to the writer secondly due to of a contract that regulates the parties. In this case it is specified that the writer will do everything possible to make sure that you have been informed and gave consent to the processing. You can ask the writer at any time about the source of acquisition of your data.
- Data Controller, Data Processor, D.P.O. (R.P.D.) and Persons in charge
The Data Controller is GRS srl – Via Cavalieri di Vittorio Veneto 14 – 30030 Martellago (VE), Tel. +39 041 8505096, e-mail: firstname.lastname@example.org.
The Data Controller has appointed Ms. Melissa Cogo as Data Processor, who is also responsible to the legitimate and correct use of your personal data and who can be contacted for any information or request at the following addresses: Tel +39 041 8505096, e-mail: email@example.com.
You can also contact the Data Protection Officer (DPO-RPD) to get information and forward inquiries about your data or to report any service or any problem you may encounter. The Data Controller has appointed Mr. Nicola Ghinello as Data Protection Manager who can be contacted at the following addresses: Tel. +39 348 3165267, e-mail: firstname.lastname@example.org. You can view the information by visiting our website: www.grsnet.it.
Persons in charge The updated list of persons in charge of processing is kept at the Data Controller headquarters.