1. Data Controller
Villa Guelfa s.r.l., with registered offices in Via Andrea Doria 15 – 10123 Turin (TO)- Italy, VAT no. 02537910040 (hereinafter, “Data Controller”), as data controller, informs you pursuant to art. 13 of Legislative Decree no. 196 dated 30.6.2003 (hereinafter, “Privacy Code”) and art. 13 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following ways and for the following purposes:
2. Source of your personal data
Personal, identifying data (e.g., name, surname, company name, address, telephone number, email address, bank and payment references – hereinafter, “personal data” or also “data”) are collected and processed directly c/o the Data Subject upon the latter’s entering, with the Data Controller, into contracts having as their purpose the supply of goods marketed or manufactured by the latter, for sending quotations and costs estimates via email.
3. Purpose of processing
Your personal data are processed without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
– to execute contracts for the Data Controller’s services;
– to fulfil pre-contractual, contractual and fiscal obligations arising from existing relations with you;
– to fulfil the obligations provided for by law, by a regulation, by Community legislation or by an order of the Authority (such as, for example, anti-money laundering);
– to exercise the rights of the Data Controller, such as the right of defence in court.
4. Processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 n. 2) GDPR and precisely: collection, recording, organisation, storage, consultation, processing, amendment, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of the data. Your personal data shall be subject to processing using both paper and electronic and/or automated media.
The Data Controller will process your personal data for the time necessary to fulfil the above purposes and in any case for no longer than 10 years from the termination of the agreement for Service Purposes.
5. Access to data
Your data may be made accessible for the purposes referred to in article 2:
– to employees and collaborators of the Data Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators;
– to third-party companies or other entities (by way of example, credit institutions (banks), professional firms, consultants, insurance companies for the provision of insurance services, carriers, etc.) that carry out activities in outsourcing on behalf of the Data Controller, in their capacity as external data processors.
6. Communication of data
Without the need for express consent (pursuant to art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2 to Supervisory bodies (such as IVASS), judicial authorities, insurance companies for the provision of insurance services, as well as to those entities to which communication is required by law for the fulfilment of the aforementioned purposes. Such entities will process the data in their capacity as autonomous data controllers.
Your data will not be disseminated.
The data are kept and controlled by adopting suitable preventive security measures, aimed at reducing to the utmost the risks of loss and destruction, unauthorised access, unauthorised processing and processing that differs from the purposes for which the processing is carried out.
8. Data transfer
The management and storage of the personal data will take place within the European Union.
9. Rights of the data subject
In your capacity as data subject, you have the right pursuant to article 15 GDPR and specifically the rights to:
– obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
– obtain information on: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out with the aid of electronic instruments; d) the identity of the data controller, data processors and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1 of the GDPR; e) the entities or categories of entities to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the Country, data processors or persons in charge of processing;
– obtain: a) the updating, rectification or supplementing of the data; b) the erasure, transformation into anonymous form or blocking of data processed in breach of the law, including data, the retention of which is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, including as regards their contents, to the entities to whom or which the data have been communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
– object, in whole or in part, on legitimate grounds, to the processing of personal data concerning you, even though they are relevant to the purpose of collection.
Where applicable, you also have the rights referred to in articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Supervisory Authority.
10. How to exercise your rights
You may exercise your rights at any time by sending a communication
• By e-mail, to the address: email@example.com
• By post with recorded delivery to: Villa Guelfa s.r.l., Sede Operativa Strada Statale 231, no. 183 – 185 – 12069 Santa Vittoria d’Alba (CN) Italy
11. Data Controller, data processor and persons in charge of processing
The Data Controller is Villa Guelfa s.r.l.
The updated list of data processors and persons in charge of the processing is kept and can be referred to at the headquarters of the Data Controller.
Pursuant to EU Regulation no. 2016/679 and its subsequent amendments/supplements, it should be noted that the information contained in this message and any attachments thereto are confidential and for the exclusive use of the recipient(s). It is therefore forbidden to copy, disseminate or disclose, even in part, the data contained therein to persons not authorised by the same. Anyone who receives this message by mistake is requested to return it to the sender and destroy its contents. We also declare that all files attached to this message have been tested by our anti-virus system before sending. In any event, we would ask the recipient(s) to check them with their own anti-virus program(s) before opening them.