INFORMATION DOCUMENT PURSUANT TO ART. 13 OF THE EU REGULATION 2016/679
(GDPR – General Data Protection Regulation)
This information document was issued to inform you about the processing of your personal data.
1. Identity and contact details of the Data Controller
The data controller is ITALCARRELLI S.p.A., in the person of the pro tempore legal representative, with registered office in Chiampo (VI), via Monte Rosa 9, www.italcarrelli.eu. ITALCARRELLI S.p.A. intends to supply the data subject with all the information regarding the purposes and methods of personal data processing.
2. Methods of data processing
Personal data (such as biographical data, phone contacts, e-mail addresses, etc.) are processed on computer storage media or by using computer or automated tools, in compliance with the minimum safety standards to ensure data integrity, safety and confidentiality.
3. Purposes of data processing
ITALCARRELLI S.p.A. will process your personal data for the following purposes:
1) To conclude and fulfil contracts and any other business relationships, to prepare, request and evaluate proposals, to define the terms and conditions of contractual relations and to manage the product development activity with our clients, suppliers, service suppliers, and competitors, of which you are a representative or employee;
2) To transmit your personal data within the Company for internal administrative purposes (e.g. accounting);
3) To transmit and manage your personal data within the Company for staff recruitment;
4) To fulfil contracts with our suppliers, in particular internal and external IT suppliers, which support our business processes;
5) To ensure compliance with the safety regulations both inside and outside the building and the plant (including
the necessary video surveillance for the security of our premises);
6) To fulfil pre-contractual, contractual and fiscal obligations deriving from the existing business relationship with you;
7) To fulfil legal obligations or orders issued by the Authorities;
8) To exercise the Data controller’s rights and the legitimate interests;
9) To send newsletters and/or commercial information from ITALCARRELLI S.p.A.;
10) To communicate/transfer your data to third parties for marketing purposes.
Your personal data will be primarily processed only for those purposes strictly linked to and necessary for the fulfilment of the obligations specified in points 1) – 10) above.
The consent you have given forms the legal basis of the processing, in compliance with art. 13, paragraph 1), letter c) of the GDPR.
4. Nature of the data provision
With reference to the processing purposes mentioned in points 1) – 10) of article 3 above, the consent for data processing is optional and can be declared using the dedicated box. The lack of this consent will only imply the following consequence: ITALCARRELLI S.p.A. will be not be allowed to send commercial information and communicate/transmit your personal data to third parties for marketing purposes. In any case, even if you have given ITALCARRELLI S.p.A. your consent to fulfil the purposes mentioned in points 1) – 10), you are free to withdraw it at any time simply by sending a message to the e-mail address firstname.lastname@example.org.
After receiving your opt-out request, ITALCARRELLI S.p.A. will promptly remove and delete your data from its databases used for the processing related to the purposes specified in points 9) and 10). It will then inform the third parties to which your data has been given to so as to make them carry out the same deletion procedure. Receiving a request for cancellation automatically implies confirmation that the data has been deleted.
5. Recipient category or recipients of the personal data
The personal data you provide for the purposes described above may be made available to employees and/or collaborators of ITALCARRELLI S.p.A. and communicated to the following subjects:
1) Third companies entrusted by ITALCARRELLI S.p.A. for the enforcement of those legal obligations to which ITALCARRELLI S.p.A. is subject by law;
2) Medical practices and professionals (such as the Health and Safety Manager), for the fulfilment of those obligations related to hygiene and work safety;
3) Professionals, service companies, insurance companies, credit institutions and business organisations engaged by our Company for administrative and management purposes;
4) All subjects (including Public Authorities) that necessarily need to have access to the data for legislative or administrative purposes.
The personal data that you provide and that are later processed in relation to the management of the service requested, will not be disclosed.
6. Data retention period
Your personal data will be retained up to the deadline established by the law on Company fiscal document retention obligations, that are hereunder specified in compliance with article 13, paragraph 2, letter a) of GDPR:
1) Personal data collected for purposes related to the fulfilment of a contract between the Data controller and the User will be retained until the contract has been completely fulfilled;
2) Personal data collected for purposes attributed to a legitimate interest of the Data controller will be retained until this interest has been fulfilled;
3) Documents and data of a civil, accounting and fiscal nature will be retained for ten years, as prescribed by the laws in force;
7. Rights of the data subject
Pursuant to articles 13, paragraph 2, letters b) and d), 15, 18, 19 and 21 of GDPR, the data subject has the right to:
a) obtain confirmation of the presence or not of personal data and the communication of such data in intelligible form;
b) obtain information regarding the source of the personal data, the data processing purposes and methods, the logic applied when processing is carried out using electronic systems;
c) obtain access to and the rectification, restriction or integration of the related data;
d) obtain the erasure, the transformation into anonymous form or the blocking of data that has been illegally processed, including those that need to be retained for the purposes for which they were collected or subsequently processed;
– receive confirmation that the operations specified in the above points have been notified, including their contents, to those to whom the data was communicated or disseminated, except when this operation proves to be impossible or the means to do this outmeasure the operation itself;
e) obtain the portability of the data;
f) oppose, in whole or in part:
– the processing of personal data, even though pertinent to the purpose for which it was collected, for legitimate reasons;
– the processing of personal data for commercial purposes, for sending advertising material, for direct selling, for market research or for commercial communication surveys.
The rights mentioned above can be exercised by sending a request to the Data Controller (the contact details are specified in art. 1).
We specifically and separately inform you, as required by article 21 of the GDPR, that if the personal data have been processed for marketing purposes, the data subject has the right to object at any time and that should the data subject oppose this, his/her personal data will not be subject to processing for these purposes anymore.
g) lodge a complaint, as the interested natural person, with the Privacy Authority for the Protection of Personal Data, following the procedures and the indications published on the official website of this Authority www.garanteprivacy.it.
The exercise of the data subject’s rights is not subject to any restrictions of form and is free. The e-mail address to exercise these rights is email@example.com.
For further information about cookies and their use, please refer to the relevant Cookie Notice.