PRIVACY
Information pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”)
Dear Sirs, we would like to inform you that the Regulation (EU) 2016/679 (the GDPR) provides for the protection of persons with regard to the processing of personal data. In accordance with the aforementioned law, such processing will be based on the principles of correctness, lawfulness and transparency, protecting your confidentiality and your rights. Pursuant to Article 13 of the aforementioned Regulation, we therefore provide you with the following information.
1. Personal data processed, source of the Data, purpose of the processing of the Data, legal basis of the processing and period of storage
By “Data” we mean those related to natural persons processed by Phonocar S.p.A. for the stipulation and execution of the contractual relationship with its customers/suppliers, such as, for instance, those of the legal representative of the customer/supplier who signs the contract in the name and on behalf of the latter, of the employees/consultants of the customer/supplier involved in the activities referred to in the contract, the Data of the companies of the group of the customer/supplier for which the latter signs the contract with the necessary powers of representation, as well as any other information necessary for the execution of the contract and/or the supply of the service/s (also indicated below).
The source of the Data is the customer/supplier.
In particular, said Data will be processed for the purposes indicated below
A. Management of the contractual/commercial relationship, such as: fulfilling specific requests of the data subject before the conclusion of the contract; conclusion, modification, execution of the contract; provision and management of related services (installation, activation, migration, maintenance and/or assistance activities); complaint management.
The legal basis of the processing is:
– the execution of the contract, for the Data of the legal representative of the supplier/customer;
– the legitimate interest, for the Data of the supplier’s/customer’s employees/consultants involved in the activities referred to in the contract.
Data storage period: contractual duration and, after termination, for a further 10 years. In case of litigation, for the whole duration of the litigation itself, until the exhaustion of the time limit for appeals.
B. Administrative-accounting, such as: invoicing; management of payments, delays and non-payments; communication of the Data between companies of the group, for internal organisational, administrative, financial and accounting purposes functional to the aforementioned activities.
The legal basis of the processing is the need to fulfil a legal obligation to which Phonocar S.p.A. is subject.
Period of conservation of the Data: contractual duration and, after termination, for a further 10 years. In case of judicial litigation, for the whole duration of the same, until the exhaustion of the time limit for appeals.
C. Fulfilment of obligations or exercise of rights under national or European Union law or collective agreements
in accordance with national law, such as: compliance with obligations under EU and national legislation, in particular laws, regulations, including contingent and urgent measures for the protection of public order, detection and prosecution of criminal offences.
The legal basis for the processing is the need to fulfil a legal obligation to which the data controller is subject.
Period of storage of the Data: contractual duration and, after termination, for a further 10 years. In the case of legal disputes, for the entire duration of the same, until the time limit for appeals is exhausted.
D. Out-of-court debt recovery (in the case of customers), such as: protection and eventual recovery of the credit, directly or through third parties (credit recovery agencies/companies) to which they will be, for this purpose only, communicated. The legal basis of the processing is legitimate interest.
Period of conservation of the Data: contractual duration and, after termination, for a further 10 years. In the case of legal disputes, for the entire duration of the same, until the time limit for appeals is exhausted.
E. If necessary, to ascertain, exercise and/or defend rights in court
The legal basis for the processing is legitimate interest. Period of conservation of the Data: contractual duration and, after termination, for a further 10 years. In case of litigation, for the duration of the litigation itself, until the time limit for appeals is exhausted.
H. Security, pursuant to Legislative Decree 81/2008
with particular reference to the identification data freely provided by the guest/visitor at our premises (name, surname, entity or company to which he/she belongs), the processing has the exclusive purpose of guaranteeing compliance with the company’s formally applied security procedures, also in accordance with the provisions of the law in force (e.g. entry in the visitors’ register/database, assignment of temporary identification badges, application of legal obligations regarding safety at work).
Legal basis of the processing: need to fulfil legal obligations to which the Data Controller is subject.
Data retention period: Data will be retained for the period of time provided for by law.
Once the above mentioned retention period has expired, the Data will be destroyed or made anonymous, compatibly with the technical procedures of cancellation and backup.
Legal basis of the processing: need to fulfil legal obligations to which the Data Controller is subject.
Data storage period: the Data will be stored for the period of time provided for by law.
Once the above-mentioned retention period has expired, the Data will be destroyed or made anonymous, compatibly with the technical procedures of cancellation and backup.
2. Scope of communication, subjects authorised to process & transfer of Data to countries outside the European Union
The Data may be communicated to external subjects operating as data controllers, by way of example, authorities and supervisors and, in general, public or private subjects entitled to request the Data (e.g. banks and credit institutions; public administrations and other public authorities).
The Data may be processed, on behalf of the Data Controller, by external parties designated as data processors, who carry out specific activities on behalf of the Data Controller, including, by way of example, its distribution network, companies and agents who perform debt recovery activities for the Data Controller, legal, tax and administrative consultants
The Data may be processed by the employees of the company functions assigned to the pursuit of the aforementioned purposes, who have been expressly authorised to do so and who have received adequate operating instructions.
As a rule, no personal data of the data subject will be transferred to a third country outside the European Union or to International Organisations. Should this be necessary for the fulfilment of the object of the contract to be stipulated or already in place with the data controller and, more in general, of the purposes referred to in this information notice, the data controller undertakes to ensure that any transfer takes place in compliance with the provisions of Articles 45 (on the basis of an adequacy decision by the Commission) and 46 (on the basis of the existence of adequate guarantees), if applicable, or in any case pursuant to Article 49 of the Regulation.
3. Provision of Data.
The provision of Data by the customer/supplier is optional, however, refusal to provide such Data may result in the non-execution or partial execution of the contract/service.
4. Data Controller and Data Protection Officer
The Data Controller is Phonocar S.p.A., with registered office in via F.lli Cervi 167/c, telephone number 0522 941621, telephone number 0522 1602093,
e-mail [email protected].
5. Rights of the data subject.
By contacting Phonocar S.p.A. by e-mail at [email protected]. the data subject may request from Phonocar S.p.A. access to the Data concerning him/her, their cancellation, the rectification of inaccurate Data, the integration of incomplete Data, the cancellation of the Data, the limitation of the processing in the cases provided for by art. 18 GDPR, as well as object, for reasons related to his/her particular situation, to the processing carried out for legitimate interests of the data controller.
Furthermore, the data subject, in the event that the processing is based on consent or contract and is carried out by automated means, has the right to receive in a structured, commonly used and machine-readable format the Data, as well as, if technically feasible, to transmit them to another controller without hindrance.
The Data Subject has the right to lodge a complaint with the competent supervisory authority in the Member State in which he/she normally resides or works or in the State in which the alleged infringement occurred.
The data subject has the right to withdraw consent given at any time for marketing purposes and to object to the processing of Data processed for the same purposes. The data subject who prefers to be contacted for the aforementioned purposes exclusively through traditional means may express his/her opposition only to receiving communications through automated means.
6. Changes to the privacy policy
The Data Controller reserves the right to make changes to this policy at any time, giving appropriate notice to users of the site. In order to view any changes made, the user is invited to regularly consult this policy, which in any case indicates the date of last update.
Date of update: 25/05/2018
Phonocar S.p.A