Policy for Customers and Suppliers on the processing of personal data pursuant to Legislative Decree No. 196/2003 and Art. 13 of the GDPR EU 2016/679
Koh-i-noor Carlo Scavini & C. S.r.l., with registered office in Via Meucci, 10 – 21049 Tradate (VA), Tax Code 00870430154 and VAT Number 00716390125 (hereinafter referred to as the “Data Controller”), as Data Controller, informs you pursuant to Art. 13 of Legislative Decree 196/03 (hereinafter referred to as the “Privacy Code ”) and to Art. 13 of the GDPR EU 2016/679 (hereinafter referred to as the “GDPR”) that your data will be processed in the manner below and for the following purposes.
- Subject of the processing
The Data Controller processes personal data, such as name, surname, company name, address, telephone number, e-mail address, bank and payment details) – hereinafter referred to as the “personal data” or even “data”) that you have communicated on the occasion of pre-contractual activities or the conclusion of contracts for the supply of goods and / or services of the Data Controller.
- Processing purpose
Your personal data are processed without your express consent (Article 24 subparas. a), b), c) of the Privacy Code and Art. 6 subpara. b), e) of the GDPR), for the following purposes.
- Contractual purposes Entering into contracts for the supply of goods and/or services of the Data Controller; fulfilling the pre-contractual, contractual and tax obligations deriving from relations with you.
- Administrative and accounting purposes. For the purposes of the application of the provisions regarding the protection of personal data, the processing performed for administrative-accounting purposes are those related to the performance of organizational, administrative, financial and accounting activities, regardless of the nature of the data processed. In particular, these objectives are pursued by internal organizational activities, those functional to the fulfillment of contractual and pre-contractual obligations, the management of the employment relationship in all its phases, the keeping of accounting and the application of the rules on tax, trade union, social security, health, hygiene and safety at workplace matters.
- Information and promotion. E-mails and Newsletter.
- Security purposes, pursuant to Legislative Decree No. no. 81/2008. With particular reference to the identification data freely given by the visitor/guest to our offices (name, surname, institution or company), the processing has the exclusive purpose of ensuring compliance with the corporate security procedures formally applied, even in force of the regulations in force (i.e. registration in the visitor register/database, assignment of temporary identification badge, applications of legal obligations in the field of safety at workplace).
- Exercising the rights of the Data Controller and the right of defense in Court.
- Processing methods
The processing of your personal data is carried out by means of the operations set forth in Art. 4 of the Privacy Code and Art. 4 no. 2) of the GDPR and more precisely: collection, registration, organization, storage, consultation, processing, amendment, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic and/or automated processing.
The Data Controller will process the personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of service.
- Access to data
Your data may be made accessible for the purposes referred to in para. 2 of this document to:
- employees and collaborators authorized by the Data Controller
- Data Processors and System Administrators designated by the Data Controller;
- third-party companies or other subjects (for example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, third party technical service providers, postal carriers, hosting providers, IT companies, communication agencies, etc.) that perform outsourced activities on behalf of the Data Controller, appointed, if necessary, as Processing Managers.
- subjects that provide services for the management of the information system used by the Data Controller and telecommunications networks and that take care of the maintenance of the technological part (including emails and newsletter service);
- freelancers, firms or companies in the field of assistance and consultancy relationships;
- subjects that carry out checks, audits and certification of the activities carried out by the Data Controller;
- competent authorities for the fulfillment of obligations of laws and/or provisions of public bodies, at their request.
Your data may also be processed, on behalf of the Customer, by professionals and/or companies in charge of carrying out technical, development, management and administrative – accounting activities.
- Data transfer
The Data Controller processes personal data by implementing appropriate security measures to prevent unauthorized access, disclosure, amendment or destruction of personal data. Processing is carried out using IT and/or telematic tools, with organizational and with logic methods strictly related to the purposes shown.
Personal data are processed at the registered office of Koh-i-noor Carlo Scavini & C. S.r.l., and through the use of servers, which are made available by third-party providers and which are located within the European Union; for more information, please contact the Data Controller. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the signature of contracts that provide for the procedures set out in Chapter V of the GDPR.
- Nature of providing data and consequences of refusing to answer
With regard to the data that we are obliged to know, in order to fulfill the obligations arising from existing contracts and obligations under laws, regulations, community legislation or provisions issued by the Authorities legitimated by law and by supervisory and control bodies, failure to provide such data will make it impossible to establish or continue the relationship, in so far as such data are necessary for its execution.
- Rights of the Data Subject
In your capacity as the Data Subject, you have the rights set forth in Articles 15-21 of the GDPR and specifically: obtaining confirmation of the existence of data, knowing data content and origin, verifying data accuracy, requesting data integration, updating, correction, deletion, limitation of processing, portability, and opposing, for legitimate reasons, to their processing.
Where applicable, Data Subject also has the right data are forgotten, as well as the right to complain to the Guarantor.
- How to exercise the rights
You can exercise your rights at any time by sending:
- a registered letter with acknowledgment of receipt to Koh-i-noor Carlo Scavini & C. S.r.l., Via Meucci, 10 – 21049 Tradate (VA), Italy;
- an e-mail to email@example.com.
The updated list of Data Processors and Data Managers is kept at the registered office of the Data Controller.