Information notice for clients and prospects
Information notice for clients and prospects
pursuant to article 13 Regulation (EU) 2016/679
By means of this information notice the Data Controller, as defined below, wishes to inform you on the purposes and methods of the processing of your personal data and on the rights that Regulation (UE) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) entrusts you.
- DATA CONTROLLER
Conceria Montebello S.p.a., with registered office in Via Lungo Chiampo, 123 - 36054 Montebello (Vicenza) Italy is the Data Controller of your personal data (“Data Controller” or “Montebello”).
You may contact the Data Controller by e-mail at the following address: firstname.lastname@example.org, or by regular mail at the office indicated above, to the attention of the Privacy Office.
- PERSONAL DATA PROCESSED
For the purposes set forth in this information notice, the Data Controller processes your identification data and business contact details, as indicated in the data collection form, in your quality as reference person of the Data Controller’s potential/current clients, as indicated in the data collection form (the “Data”).
- PURPOSES OF PROCESSING AND RELEVANT LEGAL BASIS
3.1 Pre and post-contractual phases
The processing of your Data aimed at managing pre-contractual negotiations and the execution, performance and management of sale and purchase agreements, as well as any pre and post-sale assistance, is based on the performance of a contract, pursuant to Article 6, first paragraph, letter b), of the GDPR; therefore, your consent is not necessary to allow the processing.
3.2 Compliance with the law
The processing of your Data aimed at complying with European and/or EU Member State’s applicable laws and/or regulations (e.g. on invoicing, accounting, etc.) is based on the necessity to comply to legal obligations to which the Data Controller is subject, pursuant to Article 6, first paragraph, letter c), of the GDPR; therefore, your consent is not necessary to allow the processing.
3.3 Direct marketing
The processing of your Data aimed at providing you with promotional information on products and services marketed by Montebello (e.g. by newsletter or invitations to special events), or at involving you in market surveys, is based on your consent, pursuant to Article 6, first paragraph, letter a), of the GDPR, that you may grant us by ticking the relevant box in the data collection form above.
Even if you grant us your consent, you may request us to cease the processing for marketing purposes at any time, by sending an email to the following address: email@example.com, or by clicking on the link contained in each promotional e-mail you will receive.
- NATURE OF THE DATA PROCESSING AND CONSEQUENCES OF A REFUSAL TO PROVIDE THEM
The processing of your Data is a mandatory requirement for the processing mentioned above, that therefore may not be performed in case of your refusal to provide such Data.
If you refuse to grant us your consent for marketing purpose described under paragraph 3.3 above, we will not be able to inform you about special offers and/or new products and services marketed by Montebello or to invite you to special events; however, this will not impair the duly management of the activities described under paragraphs 3.1 and 3.2 above.
- METHODS BY WHICH DATA WILL BE PROCESSED
Your Data will be processed, pursuant to the provisions of the GDPR, by means of paper, electronics or digital means, for the purposes indicated above and with adequate methods to guarantee their security and confidentiality in accordance to Article 32 of the GDPR.
The processing of your Data for marketing purposes as per paragraph 3.3 above may be carried out through e-mail, regular email, telephone and sms.
- DISCLOSURE OF DATA TO EUROPEAN AND NON-EUROPEAN ENTITIES
For the purposes described under paragraph 3 above, your Data will be disclosed to employees, freelance workers and, in general, Montebello’s personnel, who will act as person authorized to the processing of personal data, specifically appointed.
In addition, your Data may be disclosed to and processed by the following third parties:
- IT service providers for the management of the IT system;
- Legal, tax and accounting advisors for the management of the business relationship with you or with your employer or for complying with the law applicable to the Data Controller;
- financial institutions and insurances for the management of payments and possible financing;
- public authorities and administrations to comply with the law or to ascertain, exert or defend a right in a judicial or administrative proceeding;
- arbitrators, mediators, experts and other subjects that may be involved in the prevention or resolution of disputes in relation to the management of the business relationship with you or with your employer;
- logistic service providers for the performance of contracts with you or with your employer;
- marketing service providers for sending newsletters and organizing events or promotional campaigns;
- other service providers for the management of the business relationship with you or with your employer.
The above subjects shall act, in some cases, as autonomous data controller, in other case as data processors specifically appointed by the Data Controller pursuant to Article 28 of the GDPR. You may request at any time the list of our data processors by contacting the Data Controller at the addresses indicated in article 1 above.
Your Data will not be disclosed to the public.
- DATA RETENTION PERIOD
If contact with you or your employer does not result in the conclusion of a contract, your Data will be retained by the Data Controller for a period of 2 years with effect from the last formal contact and then deleted.
In the event of the conclusion of a contract between you or your employer and the Data Controller, your Data will be kept for 10 years after the last transaction / accounting record relating thereto and subsequently deleted.
With regard to the marketing activities referred to in paragraph 3.3, your Data will be processed until your consent is revoked or until your decision to object to the processing.
- YOUR RIGHTS AS DATA SUBJECT
With regard to the processing described in this information notice, you may exercise any of the rights described in this section in accordance with Articles from 15 through 21 of the GDPR, within the limits set by the law. In particular:
- Right of access – Article 15 of the GDPR: obtaining confirmation as to whether or not your Data are being processed, and, where that is the case, information regarding (inter alia): purposes of the processing, categories of personal data concerned and relevant retention period, recipients to whom the personal data may be disclosed.
- Right of rectification – Article 16 of the GDPR: obtaining, without undue delay, the rectification of inaccurate personal data or the integration of the same.
- Right to erasure – Article of the 17 GDPR: obtaining, without undue delay, the erasure of your Data, in the cases provided for by the mentioned article.
- Right to restriction on processing – Article 18 of the GDPR: obtaining from the data controller the restriction of processing in the cases provided for by the mentioned article.
- Right to data portability – Article 20 of the GDPR: receiving, in a structured format, commonly used and readable by an automatic device the Data, and obtaining that the same are transmitted without hindrance to another data controller, in the cases provided for by the mentioned article.
- Right to object – Article 21 of the GDPR: objecting at any time to the processing of your Data, unless the Data Controller has legitimate grounds for continuing the processing.
- Consent withdrawal – Article 7 of the GDPR: withdrawing the consent previously given with the same ease as it was granted;
- Complaints – file a complaint to the Italian Data Protection Supervisory Authority, at one of the following addresses: Piazza di Monte Citorio n. 121 - 00186 Roma, e-mail: firstname.lastname@example.org, or to the data protection Supervisory Authority of your habitual residence, place of work or place of the alleged infringement. You may find a list of the contact details of the Supervisory Authorities operating in the EU Member States by following this link: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
The rights listed above may be exercised by contacting the Data Controller at the addresses indicated in paragraph 1 above. Please note that we may ask you to verify your identity before processing your request.