PRIVACY CONSENT POLICY
Notice to interested parties in accordance with art. 13 Legislation Decree.. 196/2003 (Personal Data Protection Act)
art. 13 GDPR 679/2016 (The European General Data Protection Regulation)
We wish to inform you persuant to the data protection Legislative Decree No. 196/2003 and to GDPR 679/2016, as subsequently amended, is to provide the protection of persons and other subjects under the processing of personal data.
In accordance with the regulations in force, this notice shall be in line on the principles of integrity, fairness, legality and transparency to safeguard and protect your privacy rights.
to fulfill Personal data shall be collected and processed in compliance with the current provisions of the privacy code (Legislative Decree No. 196/2003 and GDPR 679/2016).
1) The identity of the holder and contact details:
the Data Controller of such data is Simex S.r.l., San Giovanni in Persiceto (BO), Via Newton, 29-31-33, TAX code 04034530370 VAT No. 00692551203, ph. 051 6810609, p.e.c. firstname.lastname@example.org. A list of the additional parties responsible for processing personal data and of any eventual authorized data processing will be safeguarded and managed at the headquarter’s address.
2) Scope of the authorisation:
a) for the purpose to fulfil Legal obligations (to include administrative, tax and accounting obligations, civil law, under the community and non-EU legislation) and contractual obligations of best business practices shall be subject to the fulfillment of sales contracts with a view to supplying specific goods, maintenance and assistance related to Simex products.
b) the purpose to implement and fulfil activities directly related to the provision of services/goods/sales on behalf of Simex as well as in general for the scope of exercising business closely linked to Simex is formed on the basis of a contractual relationship to meet the demands prior to the conclusion of any contract and to suit the specific requirements to include pre-contractual information; To also fulfil the purpose of all necessary order processing operations and post-contractual obligations; to comply or enforce compliance with obligations concerning the keeping of accounting registers and tax obligations; to perform mediation activities aimed at settling possible disputes, to take necessary legal measures and depending on the circumstances, to impose the transfer of receivables to third parties (to include factoring/credit recovery companies);
c) to fulfil the purpose designed to promote the business by way of example, sending updates and promotional material to also include trade-related matters, advertising, the offering of goods and services. Promotional activities shall be undertaken and not limited to the following in the form of: mail, internet, phone, multi-media messaging service, E-mailing, text messaging, newsletters from both Italy and overseas (to include non-EU countries), on behalf of Simex as well as third parties with whom all have contractual relationships in connection with the aforementioned headquarters.
3) personal data subject to processing purposes:
any sensitive data concerning identifying or identifiable subjects,( natural persons) directly or indirectly is considered identifying in particular by reference to an identifier such as a name, identification number, location data, an online identifier.
4) purposes and methods for handling data:
is carried out by means and/or without aid of automated mechanisms for individual operations or series of operations and in any case in such a way to guarantee security, confidentiality, collection, recording, storage, organization, processing, selection, extraction, comparison, interconnection, communication, blocking, erasure and destruction of data.
5) Conferring data:
mandatory and/ or optional. It is necessary to explicitly grant the consent of processing the data in order to fulfil trading purposes mentioned in section 2) letter C).
6) The Consequences of failing to provide data:
impossibility of contractual conclusion for the requested provision of mandatory data.
7) Data communication and Dissemination:
data provided on public entities for legal obligations, natural persons or legal entities are entrusted and managed by the Data Controller and/or person in charge with the processing of data. Personal processed data shall not be disseminated but communicated to well-defined subjects. Based upon the roles and performed tasks, internal and external personnel are entitled to perform their respective competences within the limits of his or her expertise in accordance with the instructions appointed to them by the Data Controller. This information may be designated to persons who are entitled to comply under the provisions of the law, regulations and legislation, as to correspondence societies, banking and credit institutes, law firms, consultancy firms, insurance-related companies (including credit institutes), computer equipment maintenance companies, specialists or companies providing financial services, fiscal authorities, tax advisors, self-employed or temporary professionals, agents, third party societies acquiring the company or business branches or individual credits (or lots). The list of third parties to whom the data may be communicated shall be stored and managed via the data controller at the aforementioned headquarters.
8) Rights of the data subject:
as indicated to art. 7 of the Legislative Decree. 196/2003 and according to art. 15 (right of access), 16 (right to rectification), 17 (right to erasure), 18 (right to restriction of processing), 20 (right to data portability), 21 (right to object) persuant to GDPR 679/2016; The data subject may exercise his or her rights in writing to the Data Controller at the above address or send an email directly to email@example.com
9) Transfers of personal data
the Data Controller shall not transfer any personal data to third countries; however it reserves itself the possibility of utilizing Cloud storage and in this case service providers will be selected among those who provide adequate guarantees, as foreseen in art. 46 GDPR 679/2016.
10) data storage
the aforementioned Data Controller shall keep and process personal data within an appropriate time-limit, insofar as this is closely relevant to the purposes mentioned and anyhow exceed no later than a maximum period of ten years or for a period of time subject to the tax, civil code provisions governing.
11) revocation of consent
having regard to art. 23 of the Legislative Decree No. 196/2003 and art. 6 persuant to GDPR 679/2016, the data subject may revoke the consent at any time in writing to the Data Controller at the above address or via e-mail to: firstname.lastname@example.org
12) Right to Lodge a Complaint
the data subject shall have his or her rights to lodge a complaint with a supervisory authority, in particular in the Member of State of his or her habitual residence.
13) Data source and methods:
processed personal data are provided by the data subject of interest and carried out for the following purposes: for information requirements or for information to be obtained via emailing, by filling-in “contact request” forms, making trade visits or telephone communications, arranging meetings at exhibitions/trade-fairs or shows, the scope to meet and contact retailers/dealers, the request of services or sales activities/procurement of goods and for former commercial transactions.
14) Automated decision-making processing
the Data Controller shall not apply any processing of data that is carried out solely on automated decision-making means.
23 May 2018