SAN MARTINO VINI S.R.L. - Via Crosere, 30 - Visnà di Vazzola (TV) - 31028
VAT No. 01836320265 - Telephone 0438 441325 - Telefax 0438 443091
E-Mail: firstname.lastname@example.org - P.E.C.: email@example.com - Website: www.sanmartinovini.it
HOW WE USE YOUR DATA
(art. 13 of Italian Legislative Decree 196/2003 as amended, and arts. 13 and 14 of EU General Data Protection Regulation 679/2016)
We wish to provide some required information regarding the method we use and purpose for which we process personal data collected when entering into agreements and/or from our corporate website.
1. Type of Data and their Collection
Personal data provided to San Martino Vini S.r.l. is indispensable for carrying out contracts/mandates. If you refuse to provide the required data, the contract/mandate cannot proceed or will be immediately revoked.
2. Purpose of Processing
Your personal data will be used for the following purposes:
- To manage and carry out pre-contractual and contractual obligations;
- To invoice, manage general accounting and fulfil fiscal/corporate obligations;
Connected to the fulfilment of legislative, contractual and/or pre-contractual obligations:
- Processing to carry out a contract or provide a service to the data subject concerned, or pre-contractual measures;
- Processing to fulfil legal obligations on the part of the Data Controller;
- The data subject has given explicit consent to the processing of personal data for a particular purpose;
- Processing required to fulfil the obligations and exercise the rights of the Data Controller or data subject regarding work and social security and protection;
- Data Controller’s prevailing legitimate interest: to check and assess the result and progress of the relationship, and the risks involved (such as truthfulness of the data provided, solvency also during the relationship, litigation, IT security, fraud prevention) and for direct marketing purposes. If you are already one of our customers, your data may be used to offer you our products and/or services similar to those already purchased (art. 130, clause 4, Italian Legislative Decree 196/2003 as amended). In any case you may opt out of such communications by sending an email to the Data Controller at firstname.lastname@example.org, or choosing to do so now.
The San Martino Vini S.r.l. Data Controller will process your personal data only in as far as it is necessary for the above-mentioned purposes, according to current legislation regarding personal data protection, and in compliance with the general indications of the Italian Personal Data Supervisory Authority.
3. Processing Method
Data provided by the data subject is processed by the following means: collection from website and platform contact forms/external cookies, registration, organisation, storage, processing, modification, selection, extraction, comparison, interconnected use, blocking, communication, erasure and destruction of data.
- name, tax ID No., VAT No., addresses, e-mails, credentials, images and other identifying elements;
- economic and financial data;
- bank references
will be processed with suitable security. The protective measures indicated by the GDPR, applicable legislation and those established by the Data Controller are implemented. Your data will be processed by technological means and/or on paper, by authorised subjects, such as external data processors/sub-data processors and/or persons within or outside the company in charge of processing, whose names will be provided at the data subject’s request.
Only personnel duly authorised by the Data Controller may access the data.
4. Data Communication and Transfer
The data collected by the Data Controller and those mentioned above can be communicated, for example, to:
- the categories for which communication is strictly necessary and compatible with the laws regulating the processing of your data:
- tax collectors;
- banks, loan institutes and Post Office;
- chambers of commerce/companies register;
- local authorities;
- exchange system (SDI);
- credit recovery companies;
- factoring companies;
- IT companies;
- credit insurance companies;
- commercial/credit information companies;
- outsourced professionals (e.g. notaries, tax consultants, labour consultants, surveyors, architects).
Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country (also outside the EU) by means of: cloud computing to archive and conserve the data; newsletters; social networks; Google Analytics (analytical instrument by Google to assist website and app owners in understanding how visitors interact with their contents. This service may use a series of cookies to collect information and generate statistics regarding the use of websites, without providing visitors’ personal information to Google). In such cases your data will be protected by the data processors.
If strictly necessary for the above-mentioned purposes, processing may also regard images (photographs, videos…), in compliance with the law.
5. Automated Decision-making and Profiling
Your data will not be processed:
- using automated decision-making processes;
- using profiling methods.
The email address provided when registering for the newsletter will be included in a list of contacts who will receive communications, including advertising, regarding San Martino Vini S.r.l. Such mailing list is managed by the communications service known as Mailchimp.
6. Data Subject’s Rights
The data subject enjoys the rights described in Sections 2, 3 and 4 of Chapter 3 of EU GDPR 679/2016 (e.g. ask the Data Controller for access to personal data and their rectification or erasure; restriction of the processing of personal data concerning the data subject or objection to such processing). Data subjects have the right to:
- obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, access to the personal data and the information in art. 15 of EU GDPR 679/2016;
- obtain from the Data Controller rectification of inaccurate personal data concerning the data subject;
- obtain from the Data Controller the erasure of personal data concerning him or her when the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or if other conditions apply pursuant to art. 17 EU GDPR No. 679/2016, provided that the conditions in paragraph 3 of art. 17, EU GDPR No. 679/2016 do not apply;
- obtain from the Data Controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead or requires processing for the purpose of verifying or defending a legal claim;
- where personal data have not been collected from the data subject, the Controller shall provide the data subject with all the information available regarding their origin;
- receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to require the Data Controller to transmit those data to another controller;
- object at any time to processing of personal data concerning him or her which is based on Art. 2, paragraph 2 of EU GDPR No. 679/2016;
- lodge a complaint with the supervisory authority.
The data subject can exercise the above-mentioned rights by sending an e-mail to: email@example.com.
7. Data Records
The personal data you provide to us will be kept until the agreed service has been completed, and stored for the time needed to carry out such service, plus a further ten years. Storage may take place by:
- Paper archives;
- Storage on the hardware/data centres/web hosting used by the Data Controller or its processors;
- archiving pursuant to the Digital Administration Code; in which case, if the Data Controller does not process directly using its own applications it will make exclusive use of subjects accredited under the terms of art. 29 of the DAC.
Definitions that describe the activities carried out and relationships between them and the personal data provided. It is therefore desirable for you to be informed of the following definitions, pursuant to art. 4 EU GDPR No. 679/2016:
- personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- special categories of data (sensitive data): personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
- processing: any operation or series of operations wholly or partly by automated means and the processing other than by automated means of personal data, such as collection, registration, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or whatever, comparison, interconnection, restriction, erasure or destruction;
- data controller: a natural person or legal entity, public authority, service or other body, that individually or together with others establishes the purpose and means for processing personal data; when the purpose and means for processing personal data are established by the Union or a Member State, the Data Controller or the special criteria applicable to its designation may be determined by Union or Member State law;
- data processor: a natural person or legal entity, public authority, service or other body, that processes personal data on behalf of the Data Controller;
- profiling: any form of automated personal data processing evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements;
- pseudonymisation: personal data processing so that the personal data cannot be attributed to a specific data subject without the addition of further information, on condition that such additional information is kept separately and subject to technical and organisational measures which guarantee that such personal data are not attributed to an identified or identifiable natural person.