Information provided pursuant to art. 13 of EU Regulation 2016/679 (GDPR)
Tecno Imballi S.r.l. (C.F./P.I. 00722530193), company that designs and manufactures special wooden packaging, with registered office in 20122 – Milan (MI), Corso Vittorio Emanuele II n. 15, as data controller pursuant to and for the effects of EU Regulation 2016/679 (hereinafter also “GDPR” or “legislation”), recognizes the importance of confidentiality and protection of personal data protection, such as rights fundamentals of the individual. Consequently and by virtue of the aforementioned legislation, the processing of personal data of the interested parties will be carried out and protected according to the principles of correctness, lawfulness, transparency, confidentiality, purpose limitation and conservation, minimization, accuracy, integrity, accountability and, in any case , in compliance with the GDPR.
1. Data controller
The data controller, Tecno Imballi S.r.l., can be contacted at the e-mail address firstname.lastname@example.org, in order to allow the interested party to exercise your rights specified below and to acquire information on the subjects or categories of subjects to whom your personal data may be communicated.
2. Recipients of data processing and categories of data processed
This information describes the management methods of the website www.tecnoimballi.net (hereinafter “the site”), aiming to identify, as recipients of the processing of personal data, the subjects with whom Tecno Imballi S.r.l., for whatever reason, entertains relationships or contacts, or to whom you otherwise provide personal data, for the purposes and under the additional conditions of this statement. Personal data may, specifically, be communicated to third parties appropriately designated as “Data Processors” and provided with suitable legal guarantees.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with other data, also held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
Common personal data provided voluntarily by the user.
The optional, explicit and voluntary sending of an e-mail address as well as the relative message (also transmission of curriculum vitae) to the addresses indicated on the site, as well as the sending of messages via the published collection forms, involves the subsequent acquisition of the sender’s address and any other personal data entered, necessary to respond to requests, as well as any other personal data included in the message. Furthermore, any further personal data (e.g. name, surname, data relating to the professional activity, company reason or name, residence or registered office, contact details, etc.) provided to the owner and necessary for carrying out the business activity as well as indispensable for allow the identification of users, suppliers and/or customers, will be treated in accordance with this information and within the limits established by the GDPR.
In any case, we ask you not to send or communicate so-called data. particulars through the site or by any other means. By “particular data” we mean, pursuant to the GDPR, any data suitable for revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data to uniquely identify a natural person, data relating to the person’s health or sex life or sexual orientation.
3. Purpose and legal basis of the processing
The personal data acquired through the site are processed, in accordance with the GDPR, for the following purposes, according to the various legislative, contractual or consensual legal bases:
a) the provision of services, including responses to requests from data subjects and users; on this point, it should be noted that the optional, explicit and voluntary sending of e-mails, also using the form in the “Contacts” section, by its very nature entails the subsequent acquisition of the sender’s e-mail address;
b) allow you to be registered in the company records, both on paper and electronically;
c) manage and maintain the aforementioned company master data;
d) the conclusion and execution of contracts;
e) the fulfillment of pre-contractual, contractual and tax obligations deriving from existing relationships, as well as managing the necessary communications connected to them;
f) the fulfillment of obligations deriving from mandatory rules, both of a national and Community nature;
g) the exercise of a legitimate interest as well as a right of the owner (e.g. the right of defense in court, the protection of credit positions, ordinary internal needs of an operational, managerial and accounting nature);
h) marketing and promotional activities as well as sending newsletters, technical and commercial communications, information circulars, catalogues, price lists and samples, subject to your consent.
If you intend to carry out treatments for purposes other than those listed above, a further and specific consent will be requested from the interested parties.
The personal data of the interested parties are not, without explicit consent, subject to dissemination or to any fully automated decision-making process, including profiling, except for the necessary communications which may involve the transfer of data to public bodies, consultants or other subjects , for the fulfillment of legal obligations.
5. Data retention period
The personal data of the interested parties are processed for the time strictly necessary to achieve the aims and purposes set out in paragraph 3), as well as for the time in which the owner is subject to conservation obligations, for tax purposes or for other purposes, envisaged by law, or when this is imposed by mandatory rules, both national and community. With regard to access traces, these are kept for six months.
6. Rights of the interested party
The interested parties, to whom the personal data refer, may exercise at any time, when the legal conditions are met, the following rights recognized by the GDPR:
a) request and obtain confirmation as to whether or not personal data concerning them is being processed;
b) if a treatment is in progress, request and obtain access to personal data;
c) request and obtain, without unjustified delay, the rectification of inaccurate personal data concerning them as well as the integration of incomplete personal data;
d) request and obtain without unjustified delay, upon occurrence of one of the conditions set out in art. 17, paragraph 1, GDPR, the cancellation of personal data concerning them, except for the provisions of art. 17, paragraph 3, GDPR;
e) request and obtain, in the cases provided for by art. 18, paragraph 1, GDPR, the limitation of the processing of personal data;
f) oppose at any time the processing of personal data, in the event of the occurrence of particular situations that concern them. Specifically, in the event of opposition, personal data will no longer be processed, except for the existence of compelling legitimate reasons to proceed with the processing which prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court;
g) obtain the portability of personal data concerning them, i.e. receive them from the data controller in a structured format, commonly used and readable by an automatic device and request their transmission to another data controller, without impediments;
h) in the event that consent is required for the processing of personal data, revoke the consent already given, limited to the cases in which the treatment is based on the consent of the interested parties for one or more specific purposes or in the case of treatment of particular categories of data (for example, data revealing racial origin, political opinions, religious beliefs, health status or sex life). The processing based on consent and carried out prior to the revocation of the same does not affect and, therefore, retains its lawfulness;
i) propose a complaint to a supervisory authority (Authority for the protection of personal data), in the event that they believe that their rights have been violated pursuant to the GDPR, according to the methods indicated on the website of the Guarantor itself, accessible at www.garanteprivacy.it.
In the event that you wish to exercise one of the rights listed above, letters from a) to h), you can contact the data controller directly at the e-mail address email@example.com.
7. Data Protection Officer (DPO)
Tecno Imballi S.r.l. has not appointed a data protection officer.
Last modification: 11.07.2018