Customer policy pursuant to artt. 13-14 of the EU Regulation n. 2016/679 (GDPR)
The company Salumificio Panzeri S.r.l., with registered office at Strada Comunale dei Roganti n. 4 – Prosto di Piuro – Italy, as Data Controller of the personal data, with the present communication, intends to provide you an adequate notice in accordance with artt. 13 -14 of the GDPR n. 2016/679 “EU General Data Protection Regulation”.
- Data forming the subject-matter of processing
The data processed are personal data and contact data you provided on the occasion of: visits or phone calls or emails; direct contacts obtained following participation in events, etc .; requests of commercial information, offers; requests through our website, transmissions and business transactions subsequent to the supply of services or goods (provided / purchased) or by email;
- Purposes of the processing
Your personal data are processed for:
- forward commercial communications through various means of communication (email and regular mail);
- make requests or dispatch the received requests;
- exchange information aimed at the performance of contractual obligations, including pre-contractual and post-contractual activities, as well as the related assistance;
- performance of obligations provided by laws, regulations or EU legislation, as well as to comply with provisions issued by legitimate public Authorities or by supervisory and control bodies to which the Company is subject (i.e. tax audits, etc.).
The supply of personal data is optional, however, any refusal to communicate them may compromise, in whole or in part, the contractual relationship or the pre-contractual and post-contractual activities. Failure to provide your data for promotional purposes, instead, does not compromise the main contractual relationship.
- Legal basis of the processing
The processing is necessary for the performance of a contract of which you are a party or for the performance of pre-contractual or post-contractual measures adopted at your request pursuant to art. 6.1, lett. b) of the GDPR, or for the fulfillment of a legal obligation pursuant to art. 6.1, lett. c) of the GDPR.
The commercial communications sent by the Company to customers fall within the so-called soft spam, therefore, the legal basis is the legitimate interest of the same.
- Methods of processing
Your data will be processed in accordance with the principles of lawfulness, fairness and transparency, using manual or automated tools even through the compilation into databases, lists suitable for storage, management and transmission of data, in the manner and within the limits necessary for the pursuit of the aforementioned purposes.
The company has provided adequate security measures in order to protect personal data.
The data will be processed exclusively by persons authorized to process such data in relation to the purpose of the processing.
The data are not processed through an automated decision process nor subject to a profiling system for the purposes indicated.
- Recipients of the data
The personal data processed by the Data Controller will not be disclosed nor will be disseminated to unknown subjects, in any possible way, including the availability or simple consultation by third parties. They may be communicated, to the extent strictly necessary, to subjects whom, for the purpose of our orders or requests of information and quotes or offer, shall supply/deliver goods and/or provide/receive upon our/your order, performances or services. Our technicians or external consultants or persons in charge of companies that provide these services, appointed for this reason responsible for processing, may have access to the data (for the purpose of assistance on SW applications, computer networks and connectivity). Eventually, such data may be communicated to subjects entitled to have access to it in accordance with the provisions of the law, regulations, EU legislations.
The data may be processed by companies of the Group appointed as data processors.
- Transfer of data
The Data Controller does not transfer personal data to third countries or international organizations.
Even though at the moment all the subjects who process the data on behalf of the Company as external processors are established within the European Union, in the future it may be necessary to provide such data also to subjects that may be established outside the European Union; in such cases, the Company will transfer the data outside the European Union only if the precautions established by the Privacy Code and the European Regulation have been adopted and after obtaining the necessary guarantees from the subjects indicated and with the consent of the interested parties. In any case, such transfer will take place only to give effect to the object of the contract or to pre-contractual measures.
- Data retention
The Data Controller retains and processes personal data for the time necessary to fulfill the indicated purposes and in any case for a period not exceeding 10 years, unless otherwise required by law or by the necessity to exercise certain rights, including in court, by the Company. Customers’ data related to commercial activities will be stored as long as there are commercial relationships.
When there is no longer necessity to store such personal data these will be deleted or destroyed.
- Rights of the data subject
Pursuant to articles 15 to 21 of the EU Regulation, you can exercise the following rights:
- seek confirmation of the existence of their personal data;
- obtain the information concerning the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, if possible, the retention period;
- obtain the rectification and deletion of data;
- obtain the restriction of processing;
- (where applicable) to obtain the portability, which means the right to receive the personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without limitations;
- object to the processing at any time and even in the case of processing for direct marketing purposes;
- request access to personal data to the data controller as well as seeking their rectification or cancellation or to limit or opposing their processing, in addition to the right to data portability;
- withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before such revocation.
Such rights, where exercisable, may be enforced by writing to email@example.com specifying the subject of the request, the right that the interested party intends to exercise and attaching copy of a valid ID document certifying the legitimacy of the request.
Please note that you can write at any time to firstname.lastname@example.org to stop receiving commercial communications.
The person concerned has the right to lodge a complaint with the Supervisory Authority of his country of residence.