Pursuant to Legislative Decree no. 196 of 30 June 2003 (“Code regarding the protection of personal data”) and the European Regulation (EU) no. 2016/679 (GDPR), and by Legislative Decree 101/2018, the processing of personal data is based on the principles of lawfulness, correctness and transparency, and the protection of your privacy and your rights. Pursuant to art. 13 of Legislative Decree no. 196/2003 and art. 13 of the GDPR:
- Identity of the data controller: the data controller is the company ESYS S.R.L., with registered office in Rende (CS), in Via Spagna, 240/242 – z. ind. c \ da Cutura – 87036 – firstname.lastname@example.org, tel. 0984.485917.
- Purpose of processing: all information, acquired and in our possession, as well as those that will be subsequently collected, will be processed exclusively for purposes strictly related to the fulfillment of contractual obligations, therefore without the need for express consent (Article 7 of the GDPR), in particular: for the insertion of personal data in the company’s IT databases; for keeping the accounts, collections and payments with possible communication to our tax consultant to proceed with the accounting and tax obligations; to fulfill the obligations established by law, regulations, community legislation, civil and tax laws.
The Data Controller may process your personal data, only with specific consent (Article 7 of the GDPR), for the following marketing purposes: to detect the degree of customer satisfaction with the quality of services and for supplier qualification operations (sending a questionnaire customer satisfaction and supplier evaluation questionnaire); for promotional purposes (company brochures, sending environmental, safety and social responsibility information, sending periodic environmental analysis, company policy);
- Legal basis of the processing: the legal basis of the processing consists of legal, tax and accounting obligations (registrations, billing, etc.) as well as the contractual relationship stipulated between the parties, or the consent given by the interested party.
- Consequences of failure to communicate personal data: with regard to personal data relating to the execution of the contract or relating to the fulfillment of a regulatory obligation (as reported in points 2.1-2.2-2.3), the failure to communicate personal data prevents the completion of the relationship contractual itself. The provision of data relating to points 2.4 and 2.5 is optional and therefore requires your consent to be processed.
- Methods of data processing: the processing is carried out through paper and computer media by the owner and by the persons in charge duly informed and instructed about the minimum and suitable obligations and measures to be adopted and with the observance of every precautionary measure that guarantees its safety and confidentiality.
- Recipients of personal data: your personal data for the purposes of legal and contractual obligations and for the purposes indicated above, may be communicated in Italy and / or abroad to: legal, administrative, tax consultancy firms, auditing companies, courier and freight forwarding credit recovery companies; credit institutions for the management of receipts and payments; to our collaborators and employees specifically appointed and within the scope of their duties;
- Data retention: The Data Controller retains and processes personal data for the time necessary to fulfill the purposes indicated as regards the purposes of the contracts. Subsequently, the personal data will be stored, and not further processed, for the time established by the current provisions on civil and fiscal matters;
- Profiling and dissemination of data: Your personal data are not subject to disclosure or to any fully automated decision-making process, including profiling.
- Rights of the interested party: in the capacity of interested party according to art. 7 of the Privacy Code and art. 15-21 of the GDPR you have: The right to request and obtain access to your data; The right to request and obtain the correction and / or integration and / or updating of data; The right to be forgotten, or the right to request the deletion of data and all existing copies; The right to limit the processing; The right to portability; The right to object.
- How to exercise the rights of the interested party: the interested party may at any time exercise their rights by sending a registered letter to the address of Via Spagna, 240-242 c / da Cutura – 87036 Rende (CS) – email@example.com, to the attention of the Data Controller.
- Owner and authorized subjects: The Data Controller is the company ESYS SRL with registered office in Via Spagna, 240-242 c / da Cutura – 87036 Rende (CS).
- Right to lodge a complaint with the Guarantor: each interested party can lodge a complaint with the Data Protection Authority