POLICY ON PROCESSING OF PERSONAL DATA UNDER ARTICLES 13-14 OF EU REG. 2016/679

Entities concerned: customers.

As Controller of your personal data, under the terms and by the effects of EU Reg. 2016/679 (hereinafter ‘GDPR’), Fontanara S.r.L. hereby informs you that the above-mentioned regulation covers the processing of data subjects’ personal data and that said processing shall be based on the principles of correctness, lawfulness, transparency and the protection of your privacy and your rights.

Your personal data will be processed in accordance with the legal dispositions of the above regulation and the confidentiality obligations set out therein.

Purpose and legal basis of the processing: your specific data will be processed for the following purposes linked with complying with legal and contractual obligations:

  • - mandatory compliance by law on tax and accounting matters;
  • - after-sales assistance;
  • - handling of litigation;
  • - client management;
  • - quality management;
  • - scheduling activities;
  • - customer invoicing history.

You data may also be used for the following purposes regarding the performance of measures connected with contractual or pre-contractual obligations:

  • - assessing the degree of customer satisfaction.

Your personal data may also, with your consent, be used for the following purposes:

  • - to provide information regarding our possible promotional activities;
  • - sending commercial information by e-mail or text message;
  • - where required, to carry out market surveys, statistical analyses and for promotional activities concerning the delivery of advertising and promotional material.

Handling and processing methods. Your personal data may be processed in the following ways:

  • - creation of profiles relating to customers, suppliers or consumers;
  • - processing by electronic devices;
  • - manual processing in hardcopy archives.

Each processing is performed in compliance with the methods set out in Articles 6 and 32 of the GDPR with the adoption of appropriate security measures.

Your data will be processed only by staff expressly authorized to do so by the Data Controller and, specifically, by the following categories of employee:

  • - agents;
  • - Administration office;
  • - Sales office;
  • - Marketing office.

Communication: Your data may be communicated to external subjects for correct management of the relationship and specifically to the following categories of Recipients including all duly appointed Data Processors:

  • - banks and banking organizations;
  • - notification under the law on anti-money laundering (Law No 197 dated 5 July 1991 and subsequent amendments, Legislative Decree No 56 dated 20 February 2004, Law No 29 dated 25 January 2006, Ministerial Decrees Nos 141, 142 and 143 dated 3 February 2006; UIC (Italian Exchange Office) Provision dated 24 February 2006);
  • - consultants and freelancers, even working as associates;
  • - insurance companies;
  • - shippers, transporters, landlords, post offices, logistics firms.

Disclosure: The data may be disseminated with:

  • - Contractual fulfillment;
  • - Legal Obligations.

Storage Period. Please note that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to Article 5 of the GDPR, the storage period for your personal data shall be set:

  • - for no longer than is necessary for the purposes for which they are collected and processed for the performance and implementation of the contractual terms;
  • - for no longer than is necessary to perform the services provided;
  • - for no longer than is necessary for the purposes for which they are collected and processed in compliance with the mandatory time frames required by law.

Data Controller: the Data Controller, pursuant to the Law, is Fontanara S.r.l (Via Alexander Fleming, 10/12 , 37036 San Martino Buon Albergo (VR); e-mail: privacy.fontanara@fontanara.it; telefono: +39 045 8394600; Italian VAT no: 03964470235) in the person of PATRIZIA BOCCHI.

You have the right to obtain from the Data Controller the erasure (right to be forgotten), limitation, updating, correction, portability, opposition to the processing of personal data concerning you, as well as at a more general level to exercise all the rights set out in Articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.

EU REG. 2016/679: ARTICLES 15, 16, 17, 18, 19, 20, 21, 22 - DATA SUBJECT'S RIGHTS

  1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form and the possibility to make a complaint to the supervisory authorities
  2. A data subject shall have the right to be informed:
    • a. of the source of the personal data;
    • b. of the purposes and methods of processing;
    • c. of the logic applied to the processing, if the latter is carried out with the help of electronic means;
    • d. of the identification data concerning data controller, data processors and the representative designated as per Section 5(2);
    • e. of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State's territory, data processor(s) or person(s) in charge of the processing.
  3. A data subject shall have the right to obtain:
    • a. updating, rectification or, where interested therein, integration of the data:
    • b. erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
    • c. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
    • d. data portability.
  4. A data subject shall have the right to object, in whole or in part:
    • a. on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
    • b. to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.