Privacy information on data processing for customers / suppliers Information document articles 13 and 14 EU Reg. 2016 / 679- GDPR
This information is provided to customers / suppliers natural persons and to natural persons who operate in the name and on behalf of customers / suppliers legal persons, of the company DEENOVA S.r.l. pursuant to art. 13 GDPR 679/2016 – “European regulation on the protection of personal data”.
Data Controller and Data Protection Officer (DPO)
The Data Controller is DEENOVA S.r.l., with registered office in Via Vittime della Strada – 29010 Gragnanino (PC). The Data Protection Officer (DPO) is Alessandra Romani, available at the email [email protected] or by phone +39/0523.623104.
Purpose of the processing
The personal data of customers / natural persons suppliers, if provided, are processed by the Data Controller for:
A. customer / supply management (acquisition of pre-contractual data and information, customer / supply administration, assistance, reliability and solvency control to prevent possible fraud, insolvency and / or defaults, administration of contracts, orders and invoices);
B. marketing, promotional and statistical purposes for internal use only.
The personal data processed by the Data Controller will not be disclosed, that is, it will not be disclosed to indeterminate subjects, in any possible form, including that of making them available or simple consultation. Instead, they may be communicated to workers who work for the Owner and to some external subjects who collaborate with them. In fact, they may be communicated, within the strictly necessary limits, to the following subjects:
• Managers, appointees, collaborators and / or employees who, on the basis of their roles and work duties, have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given to them by the Data Controller.
Transfer of data
The Data Controller does not transfer personal data to third countries or to international organizations.
The Data Controller keeps and processes personal data for the time necessary to fulfill the purposes indicated. Subsequently, the personal data will be stored, and not further processed, for the time established by the current provisions on civil and tax matters.
Rights of the interested party
With reference to articles 15-22 of the GDPR 679/16, the interested party can at any time:
• ask for confirmation of the existence or otherwise of their personal data;
• obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
• obtain the rectification and cancellation of data;
• obtain the limitation of the processing;
• obtain data portability, ie receive them from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without impediments;
• oppose the processing at any time and also in the case of processing for direct marketing purposes;
• oppose an automated decision-making process relating to individuals, including profiling.
• ask the data controller to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability;
• withdraw the consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
• propose a complaint to a supervisory authority.
The interested party exercises his rights by writing to the Data Controller at the above addresses, specifying the subject of his request, the right he intends to exercise and attaching a photocopy of an identity document certifying the legitimacy of the request.
Proposition of complaint
The interested party has the right to lodge a complaint with the supervisory authority of the state of residence.
Nature of the provision of data and consequences of refusing to respond
The provision of data is mandatory on the basis of legal obligations, regulatory regulations and conditioning the possibility of correctly and effectively fulfilling the contractual obligations assumed (purpose A).
The provision of further personal data may be necessary to improve the quality and efficiency of the transaction (purpose B).
Therefore, refusal to provide additional data may compromise in whole or in part the fulfillment of other requests and the quality and efficiency of the transaction itself.
In particular, the refusal of consent to the processing of data for purpose B will prevent the provision of the aforementioned services but will not compromise the fulfillment of the contractual obligations undertaken.
Revocation of consent
With reference to art. 6 of the GDPR 679/16, the interested party can revoke any consent given at any time.
Automated decision-making processes
The Data Controller does not carry out treatments consisting of automated decision-making processes on the data of customers / suppliers, natural persons, or of natural persons who operate in the name and on behalf of customers / suppliers, legal persons.