Policy on the processing of personal data
(art 13-14 GDPR 679/2016)
Pursuant to Article 13 of EU Regulation 2016/679 (hereinafter, “GDPR”), as Data Controller, Scotton S.p.A. Via Vallina Orticella 1, 31030 Borso del Grappa, Treviso, Italy, Tel. +39 042 391 3300 / Fax +39 042 391 3399 - email firstname.lastname@example.org, tax code 00605260264 / VAT no. 01981300245 (hereinafter, “Data Controller”), informs you that your data will be processed in the following manner and for the following purposes:
1. Subject of data processing
The Data Controller processes personal, identity and non-sensitive data (in particular, first and last name, tax code, VAT number, email address, telephone number—hereinafter “personal data” or “data”) communicated by you during business relations.
2. Purpose of data processing
Your personal data are processed:
- without your express consent (Article 6b of the GDPR), for the following Service Purposes:
- to comply with pre-contractual, contractual and fiscal obligations arising from dealings with you
- to comply with the obligations required by a law, regulation, EU legislation or an order by the Data Protection Authority
- to exercise the Data Controller’s rights, e.g., the right of defence in court
- only with your specific and direct consent, for the following Marketing Purposes:
- to send you by email newsletters, commercial communications and/or information on products or services offered by the Data Controller
If you are already our customer, we may send you commercial communications regarding the Data Controller’s services and products similar to those you have already used, unless you refuse (Article 130 par. 4 of the Italian Privacy Code).
3. Processing methods and storage time
Your personal data are processed by means of the operations indicated in Article 4 of the Italian Privacy Code and Article 4.2 of the GDPR: collection, recording, organisation, storage, consultation, processing, modification, selection, retrieval, comparison, use, networking, blocking, dissemination, deletion or destruction. Your personal data undergo both paper and electronic and/or automated processing.
The Data Controller processes your personal data for the time necessary to fulfil the aforementioned aims, and in any case, for no more than ten years after termination of the relationship for the Service Purposes and no more than two years after the collection of the data for Marketing Purposes.
Your data may be made accessible for the purposes set out in Articles 2.A) and 2.B):
- to employees and collaborators of Scotton S.p.A., in their capacity as internal processing agents and/or managers and/or system administrators
- partners with which Scotton S.p.A., as Data Controller, collaborates (e.g., for support activities in examining the feasibility of the customer's project, for technical management of the project, for the storage of personal data, etc.) or with third parties (e.g., suppliers, banks, professional practices, etc.) performing outsourcing activities on the Data Controller’s behalf, in their capacity as external data processors, in addition to the Data Controller’s companies or within the Group
4. Communication of personal data
The Data Controller may communicate your data without your express consent for the purposes set out in Article 2.1) to supervisory bodies, judicial authorities and to all other persons to whom communication is required by law for the specified purposes. Your data will not be disclosed.
5. Transfer of personal data
Personal data will be managed and stored on the servers of the Data Controller and/or third-party companies entrusted with this service and duly appointed as data processors located within the European Union. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller may change the location of the servers in Italy and/or the European Union and/or non-EU countries, if necessary. In this case, the Data Controller hereby guarantees that data will be transferred outside the EU in accordance with applicable legal provisions, by entering into agreements guaranteeing adequate protection and/or by adopting the standard contractual clauses provided for by the European Commission, if necessary.
6. Nature of the provision of personal data and consequences of refusal to respond
The provision of personal data for the purposes set out in Article 2.1) is mandatory. If personal data are not provided, we will not be able to guarantee the Services under Article 2.1).
The provision of personal data for the purposes set out in Article 2.2) is optional. Therefore, you may decide not to provide any data or to subsequently deny processing of data already provided: in this case, you will not receive newsletters, commercial communications or advertising material related to the services offered by the Data Controller. In any case, you will continue to be entitled to the Services mentioned in Article 2.1).
7. Rights of the data subject
As a data subject, you have the rights established in Articles 15 et seq. of the GDPR, and in particular:
- to receive confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in an intelligible form
- to obtain information on: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied for processing using electronic media; d) identification of the data controller, managers and representative appointed in accordance with Article 5, paragraph 2 of the Italian Privacy Code, and Article 3, paragraph 1 of the GDPR; e) the subjects or categories of subjects to whom personal data may be communicated or that may become aware of them as designated representatives in the State, managers or processors
- obtain: a) updating, correction or, when necessary, integration of the data; b) deletion, transformation into anonymous form or blocking of data processed in violation of the law, including data not required to be stored for the purposes for which they were collected or subsequently processed; c) proof that the operations and their content referred to in points (a) and (b) have been brought to the attention of those to whom the data have been communicated or disclosed, except where this would be impossible or involves the use of means that are patently disproportionate to the right protected;
- oppose, in whole or in part: a) the processing of personal data concerning you for legitimate reasons, even if processing is relevant to the purpose of data collection; b) processing of personal data concerning you for the purpose of sending advertising materials, for direct sales or for market research or commercial communication, using automated calling systems without human intervention, through email and/or through traditional marketing methods by telephone and/or post. Please note that the data subject’s right of opposition, as set out in point b) above, for direct marketing purposes using automated methods extends to traditional methods as well, and that the data subject is entitled to exercise the right of opposition even in part. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.
You also have the right to complain to the Data Protection Authority.
8. Means of exercising these rights
You may exercise your rights at any time by sending and e-mail to email@example.com
9. Data controller, managers and processors
The Data Controller is Scotton S.p.A. An up-to-date list of data managers and processors is kept at the Data Controller’s premises.
10. Modifications to this Policy
This Policy may change. Therefore, we recommend that you regularly review it and refer to its most current version.