(ART 13 and 14 GDPR REG EU 2016/679)
(Legislative Decree 196/2003 as amended by Legislative Decree 101/2018)
CANGINI BENNE S.R.L. with registered office at Via Savio n.29/31, 47027 SARSINA (Forlì-Cesena, Italy), in the person of its current legal representative Mr Giorgio Cangini (hereinafter, “Data Controller”), in its capacity as data controller pursuant to art.13 Regulation (EU) no. 2016/679 (hereinafter “GDPR”) and the amendments introduced by Legislative Decree no. 196 of 30.6.2003 as amended by Legislative Decree 101/2018 (hereinafter, “Data Protection Code”),
Definitions and legal framework
Personal Data (or Data): personal data are defined as any information may identify or allow the identification of a natural person, directly or indirectly and also in association with any other data, including a personal identification number.
Use Data: these consist of information collected, including; the IP addresses or domain names of the computers used to connect to this Website; addresses in URI (Uniform Resource Identifier); notation of the requested resources; the time of the request; the method used to issue the request to the server; the size of the file obtained in response; the numerical code indicating the status of the response given by the server (success, failure etc.); the country of origin; information on the user’s web browser and operating system; various visit times (e.g. the time spent browsing each page); and details on the path followed within the Application, with particular reference to the sequence of pages viewed and parameters relating to the User’s operating system and IT environment. The data collected in any form and by any means by the Data Controller, in both paper and digital format,
Data Subject: The natural person to whom the Personal Data refer.
Data Controller (or Controller): The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data and the tools used, including the security measures relating to the operation and use of this Website. Unless otherwise specified, the Data Controller is the owner of this Website.
European Union (or EU): Unless otherwise specified, all references to the European Union in this document apply to all current member states of the European Union and the European Economic Area.
Legal framework: This policy statement is drawn up on the basis of a large number of items of legislation, on the basis of Italian law and in particular the Data Protection Code, including articles 13 and 14 of Regulation (EU) 2016/679.
In view of the above, the Data Controller CANGINI BENNE S.R.L.
Hereby informs you
that your data will be processed by the procedures and for the purposes described below.
- Subject of the Processing
The Data Controller processes the personal identification data (for example name, surname, company name, address, telephone number, email address, and bank and payment details – hereinafter, “personal data” , or also “data“) which you contribute when agreeing contracts for the Data Controller’s services.
- Purposes of the processing
Your personal data are processed:
- a)without your specific consent (art. 6 commas b) and e) of the GDPR), for the following Service Purposes:
- to finalise contracts for the Data Controller’s services;
- for compliance with pre-contractual, contractual and fiscal obligations arising from the business relationship with the data subject;
- for compliance with the obligations enforced by the law, a regulation, Community regulations or an Authority order (such as measures to prevent money laundering);
- for the exercise of the Data Controller’s rights, such as the right to defend itself before the Courts;
- b)Only with your specific, separate consent (art. 7 GDPR), for the following Marketing Purpose, such as the sending to you via email, post and/or text message and/or telephone contacts, of newsletters, marketing communications and/or advertising material on products or services offered by the Data Controller and surveying of the degree of satisfaction with the quality of the services; the sending to you via email, post and/or text message and/or telephone contacts, of marketing and/or advertising materials. Please note that if you are already our customers, we may send you commercial or marketing communications relating to the Data Controller’s services and products similar to those you have already purchased, unless you specifically object (art.130 c.4 Data Protection Code).
- Data processing procedures
The processing of your personal data takes place through the operations specified in art. 4, comma 2) GDPR, and specifically: collection, recording, organisation, storage, consultation, treatment, alteration, selection, retrieval, comparison, use, interconnection, freezing, communication, erasure or destruction of data. Your personal data are processed both on paper and by electronic and/or automated means.
The Data Controller will process the personal data for the time needed to fulfil the purposes referred to above, and in all cases:
- For communication and/or newsletter processing activities, for a maximum period of 3 years, in view of the need to conserve records for the duration of the validity of the consent corresponding to the obsolescence of the products which are the subject of the marketing activity;
- For administrative and/or tax-related activities, for a maximum duration of 10 years;
- For active labour and HR management, selection and recruitment policies, for a maximum duration depending on the end of the current employment relationship and/or selection procedure;
- Access to data
Your data may be rendered accessible for the purposes set out in art. 2.a) e 2.B) to the Data Controller’s employees and associates, in their capacity as internal data processors and/or persons in charge of the processing and/or system administrators; to external companies or other entities (such as banks, professional practices, consultants, insurance companies for the provision of insurance services, etc.) which provide outsourced activities to the Data Controller, in their capacity as external data processors.
- Disclosure of data
With no need for specific consent (art. 6 commas b. and c. of the GDPR), the Data Controller may disclose your data, for the purposes referred to above, to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, consultants and professionals (Lawyers, Accountants, employment consultants, etc.) and the entities to which communication is compulsory by law for the fulfilment of the stated purposes. The said entities will process the data in their capacity as independent data controllers.
Your data will not be disseminated to third parties other than the entitles referred to above, unless this is necessary by law and/or requested by an Authority, and in all cases only with the prior notification of the data subjects.
Only with your specific, separate consent (art. 7 GDPR), for the following Marketing Purpose, such as the sending to you via email, post and/or text message and/or telephone contacts, of newsletters, marketing communications and/or advertising material on products or services offered by the Data Controller and surveying of the degree of satisfaction with the quality of the services; the sending to you via email, post and/or text message and/or telephone contacts, of marketing and/or advertising materials.
- Data transfer
The personal data are stored on servers located in Italy and in all cases within the European Union. However, it is understood that the Data Controller may transfer the servers outside the EU if necessary. In this case, the Data Controller hereby assures you that data will be transferred outside the EU in compliance with the relevant legal requirements, further to signing of the standard contract clauses required by the European Commission, and notification of data subjects if necessary.
- Nature of contribution of data and consequences of refusal to reply
The contribution of data for the purposes as per art. 2.A) is compulsory. If they are not contributed, we will be unable to ensure you the Services covered by art. 2.A). However, the contribution of data for the purposes as per art. 2.B) is optional. You may decide not to contribute any data or to withdraw your consent to the processing of data already supplied at a later date: in this case, you will not be able to receive newsletters, marketing communications and advertising material relating to the Services offered by the Data Controller. However, you will continue to be entitled to the services as per art. 2.A).
- Rights of the data subject
In your capacity as data subject, you hold the rights specified in art. 15 of the GDPR, and specifically the following rights.
- To obtain confirmation as to whether or not personal data concerning you exist, regardless of their being already recorded, and disclosure of such data in intelligible form;
- To obtain the following information: a) the origin of the personal data; b) the purposes and procedures of use of the data; c) the logic applied in case of electronic processing of the data; d) the identity of the data controller, the trustees and the representative designated under art. 5, comma 2 of the Data Protection Code and art. 3, comma 1 of the GDPR; e) the subjects or categories of subjects to which the personal data may be provided or which may become aware of the same as designated representative, within the State, data processors or persons in charge of processing;
- To obtain: a) the updating, correction and, when this is in your interest, the integration of the data; b) the deletion, transformation into anonymous form or freezing of data used in breach of the law, including those the conservation of which is not necessary for the purposes for which the data were collected or subsequently used; c) the certification that the amendment and deletion operations as per points a) and b) have been reported, also with regard to their contents, to those to whom the data have been communicated or distributed, unless this proves impossible or involves a disproportionate effort;
- To object, completely or partially: a) to the use of the personal data relating to you, for legitimate reasons, even if such use is relevant to the purposes for which they were collected; b) to the processing of personal data concerning you, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys, with the use of automated systems not involving an operator, by email and/or by traditional marketing means using the telephone and/or paper mail. It should be noted that the data subject’s right to object, as per point b) above, with regard to direct marketing by automated means, also extends to traditional means, and that in all cases the data subject retains the right to exercise the right to object even only partially. Therefore, the data subject may decide only to receive communications by traditional channels, or only automated communications, or neither of the two types of communication.
- In accordance with articles 15 to 22 of Regulation (EU) no. 2016/679, at any time you may exercise the following rights:
- to request confirmation of whether or not personal data concerning you exist;
- to obtain information concerning the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and, when possible, the storage period;
- to obtain the rectification and erasure of the data;
- to obtain the restriction of processing;
- to obtain the portability of the data, meaning to receive them from a data controller in a commonly used, machine-readable format, and to transmit them to another data controller without impediment;
- to object to the processing at any time, also in case of processing for direct marketing purposes ;
- to object to an automated decision-making process relating to natural persons, including profiling;
- to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
- to withdraw consent at any moment, without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal;
- to lodge a complaint with a Supervisory Authority.
Please also note that the contact data which can be used for the exercise of your above rights, or for any information you may require are as follows. The Data Controller is Cangini Benne S.r.l. with registered office in Via Savio n.29/31, 47027 SARSINA (FC) and the Internal Data Processor is Mr Giorgio Cangini.
In accordance with art.37 of the Regulation, the Company has appointed a company DPO.
You may contact the Data Controller, the Data Processor or the DPO in order to exercise your rights as envisaged by art. 7 of the Data Protection Code (and the related articles) and Title III of the Regulation.
You may contact:
- Data Controller and/or Processor: email@example.com, T.+39.0547.698020.
- DPO: firstname.lastname@example.org, T.+39.0547.698020.
13 June 2019 Cangini Benne S.r.l.