Dear User, the writer Piuma Care S.r.l., with registered office in Via Pitagora, 10 – 30020 Noventa di Piave, Venice (Italy) as “Data Controller” informs you, pursuant to articles 13 and 14 of European Regulation no. 679/2016 (hereinafter “EU Regulation”), that your data will be processed as indicated below:
1. Object of the treatment
The Data Controller processes personal and identification data (for example, name, surname, company name, address, telephone, e-mail, payment references) – hereinafter, “personal data” or even “data” – communicated by you on the occasion the signing of the contract or the provision of services by the Owner.
2. Purpose of the treatment
Your personal data are processed: A) without your express consent pursuant to art. 6 lett. b), e) GDPR, for the following Service Purposes: – purposes related to the execution of the supply contract concluded with the Owner and / or to fulfill the pre-contractual charges deriving from existing relationships; – the fulfillment of a legal obligation to which the Data Controller is subject; – the fulfillment of the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for example in the matter of anti-money laundering); – the pursuit of a legitimate interest of the Data Controller inherent in the execution of the contract in place, such as merely by way of example, the defense in court of their rights deriving from the execution of the contract concluded.
B) Only with your specific and distinct consent pursuant to art. 7 GDPR, for the following Marketing Purposes: – sending of information emails, newsletters, commercial communications and / or advertising material on products and / or services offered by the Owner and detection of the degree of satisfaction with the quality of services.
C) Only with your specific and explicit consent pursuant to art. 22 GDPR for the purpose of detecting the degree of satisfaction on the quality of services by third parties (by way of example, business partners, social networks) as well as profiling activities.
We would like to point out to you that if you are already our customer, we will be able to send you commercial communications relating to the owner’s services and products similar to those you have already usedexcept for when your dissent is given.
3. Processing methods and data retention period
The data can be subjected to both paper and electronic and / or automated processing and precisely by means of the operations of collection, registration, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, cancellation and destruction of data.
The data are kept for the period necessary to fulfill the purposes inherent in the execution of the contract and in any case no later than ten years from the termination of the relationship for the purposes inherent in the fulfillment of the obligations established by law and / or by the pursuit of the legitimate interests of the Data Controller.
The data processed for purposes relating to profiling and / or marketing in all its forms are kept for no more than 5 years from the data collection.
4. Access to data
Your data may be made accessible for the purposes referred to in art. 2.A), 2.B) and 2.C): – to employees and collaborators of the Data Controller or of the group companies in Italy and abroad, in their capacity as persons in charge and / or internal data processors and / or administrators system; – to third-party companies or other subjects (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourcing activities on behalf of the Owner, in their capacity as external managers of the treatment.
5. Recipients of the data
Furthermore, your data may be disclosed to third parties, for technical and operational needs strictly connected to the purposes set out above and in particular to the following categories of subjects: a) entities, professionals, companies or other structures entrusted by us with the processing connected to the fulfillment of administrative, accounting and management obligations related to the ordinary conduct of our economic activity, also for credit recovery purposes; b) to public authorities and administrations for the purposes related to the fulfillment of legal obligations or to persons entitled to access them by virtue of legal provisions, regulations, community regulations; c) banks, financial institutions or other subjects to whom the transfer of the aforementioned data is necessary for the performance of our company’s activities in relation to the fulfillment, on our part, of the contractual obligations assumed towards you. d) suppliers of installation, assistance and maintenance services for IT and telematic systems and all services functionally connected and necessary for the fulfillment of the services covered by the Contract.
6. Data transfer
Personal data are stored on servers located within the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures from now that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission.
7. Nature of data provision and consequences of refusing to answer
The provision of data for the purposes referred to in art. 2.A) is necessary for the conclusion of the supply contract. In case of failure to communicate, the Data Controller cannot guarantee the services referred to in art. 2.A. The provision of data for the purposes referred to in art. 2.B) is optional. The interested party can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, the communications referred to in art. 2.B) will not be made .
8. Rights of the interested party
We inform you that regarding the processing of your personal data you can exercise the following rights: a) Right to obtain access to personal data and the following information: – confirmation that the processing of your personal data is in progress; – the purposes of the treatment; – the categories of personal data; – the recipients or categories of recipients to whom the personal data have been or will be communicated; – if the data are not collected from the interested party, all information available on their origin; – the existence of an automated decision-making process, including profiling; – a copy of the personal data being processed. b) Right to rectification and integration of personal data; c) Right to erasure of data (“right to be forgotten”) if one of the following reasons exists: 1.personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; 2. the interested party revokes consent to the processing of data and there is no other legal basis for the processing; 3. the interested party opposes the treatment and there is no prevailing legitimate reason to proceed with the treatment; 4.the personal data have been unlawfully processed; 5.Personal data must be erased to fulfill a legal obligation under Union or Member State law to which the data controller is subject; If the data controller has made public personal data and is obliged to delete them, he must inform the other data controllers who process the personal data of the request to delete any link, copy or reproduction of his data. d) Right to limitation of processing in the event that: 1. The interested party disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data; 2.The treatment is unlawful and the interested party opposes the cancellation of personal data and instead requests that their use be limited; 3.While the data controller no longer needs it for processing purposes, personal data are necessary for the interested party to ascertain, exercise or defend a right in court; 4. The interested party opposed the treatment, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party. e) Right to lodge a complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority www.garanteprivacy.it. f) Right to data portability: i.e. the right to receive the personal data concerning him provided to a data controller in a structured format, commonly used and readable by an automatic device and possibly transmit them to another data controller, if the processing is based on consent or on a contract and is carried out by automated means. Where technically possible, the interested party has the right to obtain the direct transmission of data from one data controller to another. g) Right to object: at any time to the processing of personal data, including profiling, in particular if: 1.The processing takes place on the basis of the legitimate interest of the owner, after explicitly explaining the reasons for the opposition; 2.Personal data are processed for direct marketing purposes. h) Right not to be subjected to a decision based solely on automated processing, including profiling, except in cases where the decision: is necessary for the conclusion or execution of a contract between the interested party and a data controller, is authorized by Union or Member State law to which the data controller is subject or is based on the explicit consent of the data subject. i) Right to withdraw consent at any time; obviously with any consequence deriving from the impossibility of being able to comply with legislative or contractual provisions if the treatment is established by these provisions. The exercise of rights is not subject to any form constraint and is free of charge.
9. How to exercise your rights
You can exercise your rights at any time by sending: -a registered letter with return receipt to: PIUMA CARE S.r.l., C.F. and VAT IT04532430271, in the person of the pro tempore legal representative, based in Noventa di Piave (VE), via Pitagora n. 10, ZIP code 30020. -an e-mail to the address: firstname.lastname@example.org
10. Normative requirements
The full text of the GDPR and the Privacy Code can be consulted on the Guarantor’s website accessible at the link www.garanteprivacy.it
11. Changes to this information on data processing
The Data Controller reserves the right to make changes to this information at any time, giving immediate notice.
12. Holder of the treatment
PIUMA CARE S.r.l., Via Pitagora, 10 30020 Noventa di Piave (Ve) ITALY C.F. and VAT IT04532430271
The updated list of data processors is kept at the registered office of the Data Controller.