Pursuant to Article 13 of EU Regulation 2016/679, hereinafter referred to as GDPR (General Data Protection Regulation), we inform you of the following:
ITALCHAIR intends to use the personal data you provide for the following purposes only:
a) stipulation and execution of the contract and all activities related thereto, such as, by way of example, invoicing, credit protection, administrative services, management services and all organizational and functional services required for the execution of the contract;
b) compliance with all legal obligations, regulations, the governing laws and other provisions issued by authorities with legal power and by supervisory and control bodies.
The processing of personal data for the purposes mentioned above does not require your express consent Art.† 6 letters b) c) and e) of GDPR.
a) marketing and promotional activities for products and services of the data controller, sales communications, both by automated means without operator intervention (e.g. SMS, fax, MMS, e-mail, etc..) and traditional means (by phone, mail).
The processing of personal data for the purposes mentioned above requires your consent Art. 7 of the GDPR. The consent concerns both the automated communication methods and the traditional ones described above. You shall have the right to object at any time in an easy manner and free of charge, in whole or in part, to the processing of your data for the purposes mentioned above, excluding for example the automated means of contact and expressing your willingness to receive commercial and promotional communications exclusively by traditional means of contact.
The data required for the purposes mentioned above and referred to in letters a) and b) must be provided in order to comply with all legal obligations and / or to conclude and execute the contractual relationship and to provide the requested services. Therefore, refusing, even partially, to provide such data makes it impossible for the Supplier to establish and manage the relationship and provide the requested service.
The provision of personal data as required for the purposes mentioned above and referred to in paragraph c) is optional. Refusing to provide such data makes it impossible to provide the activities described therein.
The processing of personal data occurs by means of the operations listed under Art. 4 no. 2) GDPR, for the purposes mentioned above, both on paper and via computer, by means of electronic and/or automated tools, observing the legal provisions. We are committed to collecting, using and retaining personal data, in a fair, transparent and secure way protecting your customer rights. Your data is processed by the organization of the data controller, its managers and / or agents.
Strictly in line with the obligations, tasks and purposes mentioned above and in compliance with the current legislation on the subject, your personal data may be forwarded to the following circles:
1) people to whom such information must be forwarded in order to comply to or to require the fulfillment of specific legal obligations, regulations and / or European Community laws;
2) companies belonging to the data controllerís Group, such as parent companies, subsidiaries or associated companies pursuant to Art. 2359 of the Italian Civil Code, which act as either data processors or for administrative and accounting purposes (purposes in connection with all activities regarding internal organisation, administration, finance and accounting, especially, when compliance of contractual and pre-contractual obligations is concerned);
3) external natural and/or legal persons who provide services that are crucial to the activities of the Data Controller for the purposes referred to in point 1 above. (e.g. call centres, suppliers, consultants, companies, bodies, professional firms). These people may act as data processors.
Personal data will in no way be disseminated.†
The personal data will be stored for the whole term of the contract concluded with the data controller and it will be stored according to the terms required by law for the storage of administrative documents. Data will be deleted after retention times have expired.
Personal data is stored on servers located within the European Union. However, the Data Controller, shall have the right to move the servers outside the EU, if necessary. In this case, the Data Controller guarantees that the transfer of non-EU data will take place in accordance with the legal provisions, by applying the standard contractual clauses provided for by the European Commission.
As the party concerned, you are granted the rights referred to in the GDPR, namely the right:
1. to know whether your personal data has been collected or not, even if it is not yet registered, and to receive such data in intelligible form;
2. to know: a) the source of the personal data; b) the purposes and methods of processing; c) the logic applied if processing occurs by electronic means; d) the identification data concerning the data controller, data processors and the representative designated pursuant to Art. 3, paragraph 1, GDPR; e) the entities or categories of entity to whom or which the personal data may be forwarded and who or which may get to know said data in their capacity as designated representative(s) in the State's territory, data processor(s) or person(s) in charge of the processing;
3. to be informed about: a) updates, rectification or integration of the data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, also related to their contents, to the entities to whom or which the data were communicated, unless this requirement proves impossible or involves a disproportionate effort compared to the right that is to be protected;
4. to oppose, in whole or partially: a) on legitimate grounds, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising materials or implementing direct selling activities, for market research or commercial communication, through the use of automated calling systems without the intervention of an operator either by e-mail or by using traditional marketing methods such as telephone and / or mail. It should be noted that the right of opposition of the person concerned, as established under point b), for direct marketing purposes by means of automated methods extends to the traditional methods and that the possibility for the person concerned to exercise the right of opposition even in part remains unaffected. Therefore, the party concerned may decide to receive notifications by traditional means only or only automated communications or neither of the two. Where applicable, you are also granted the rights set up under Articles. 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right of opposition), as well as the right of complaint to the guarantor.
In order to exercise the rights mentioned above, pending questions or further information regarding the processing of your data and the security measures adopted, you may forward your request to the following
Marketing and promotional activities for products and services provided by the Data Controller, commercial communications, both by automated means without operator (e.g. SMS, fax, MMS, e-mail, etc.) and traditional means (by telephone, mail).