PERSONAL DATA TRATEMENT

Privacy Policy for the Processing of Personal Data of Customers under EU Regulation 679/2016

This document is written in accordance with Article 13 of EU Regulation 679/2016 on the protection and management of the processing of personal data.
This information sheet aims to describe the methods of processing personal data of customers of NASTRIFICIO DE BERARDI S.r.l. The Data Controller is the company NASTRIFICIO DE BERNARDI S.r.l. with registered office at Via Monte Grappa, 83-85 Concorezzo (MB), represented by DE BERNARDI CARLO. Contact can be made via email at debernardi@nastrificiodebernardi.com and PEC nastrificiodebernardi@registerpec.it for the exercise of the rights of the data subjects listed below under Articles 15-22 of EU Regulation 679/16.

Legal Basis and Purposes:
The processing of data is carried out in compliance with the following legal principles (Article 6, para. 1, letters a), b), c), f)):

  • Fulfillment of contractual obligations;
  • Legal obligations to which the data controller is subject;
  • Legitimate overriding interests of the data controller or third parties to whom the data is communicated.

 

NASTRIFICIO DE BERNARDI S.r.l. processes personal data for the following purposes:

  • Allowing users to register on the company website to send and download updated catalogs of offered products;
  • Sending users useful commercial information about services and products provided;
  • Sending newsletters to keep users updated on services and products;
  • Proper and complete execution of received assignments;
  • Contacting users by phone or e-mail;
  • Compliance with current administrative, accounting, and tax obligations.

Refusal to provide such data may result in NASTRIFICIO DE BERNARDI S.r.l. being unable to provide the service to the extent that the data is necessary for the service.

Categories of Processed Data:
The types of data processed by NASTRIFICIO DE BERNARDI S.r.l. primarily include identifying data such as personal data (name and surname, company name, tax code and VAT number, address, phone/fax, email), information for effective management of business relationships, and keeping customers updated on the provided services.

Recipients of the Data:
The personal data related to the processing in question will be communicated and processed by internal personnel, trained and authorized according to the instructions given by NASTRIFICIO DE BERNARDI S.r.l. and in full compliance with the current privacy regulations and GDPR. If necessary or functional to the management of the contractual relationship and the pursuit of the legitimate interest of the data controller, your data may be communicated to the following subjects:

  • Entities with the legal right to access your personal data according to legal or secondary or community regulations;
  • Entities to which the transfer of your personal data is necessary or functional for the performance of our company’s activities;
  • They may eventually be disclosed to third parties for the defense of rights, as well as to fulfill obligations provided by law or regulations and upon request by competent authorities.

Data Retention:
The data will be kept for the entire duration of the contract. At the end of this period, NASTRIFICIO DE BERNARDI S.r.l. will archive all data for a period of ten years, as required by current regulations, and then proceed with the permanent deletion of the data processed from all archives. The deletion of data that have exceeded ten years of archiving will be carried out in January of each subsequent calendar year.

Processing Methods:
The processing is carried out by the data controller and authorized persons specifically trained in data management. Each processing of personal data is carried out in accordance with the principles set out in Article 5 of Regulation (EU) 2016/679, which are briefly summarized as follows:

  • Lawfulness, fairness, and transparency of processing towards the data subject;
  • Limitation of the purpose of processing, including the obligation to ensure that any subsequent processing is not incompatible with the purposes for which the data was collected;
  • Data minimization: i.e., the data must be adequate, relevant, and limited to what is necessary for the purposes of processing;
  • Accuracy and updating of data, including the timely erasure of data that are inaccurate with respect to the purposes of processing;
  • Limitation of storage: i.e., it is necessary to store the data for no longer than is necessary for the purposes for which the processing was carried out;
  • Integrity and confidentiality: it is necessary to ensure the appropriate security of the personal data subject to processing.

 

NASTRIFICIO DE BERNARDI S.r.l. does not transfer data to third countries, does not have an automated decision-making process concerning individuals, and does not carry out profiling. The data may be transferred to countries within and outside the EU; such transfers may be made by entities and/or companies designated as data recipients as specified under the “Recipients of the Data” section.

Rights of Data Subjects:
With regard to the data subject to the processing described in this information notice, the data subject is granted the right to:

  • Access their personal data (Article 15 of EU Regulation no. 2016/679);
  • Rectify their personal data (Article 16 of EU Regulation no. 2016/679);
  • Erase their personal data (Article 17 of EU Regulation no. 2016/679);
  • Restrict the processing of their personal data (Article 18 of EU Regulation no. 2016/679);
  • Obtain the portability of their personal data, meaning the right to receive the personal data concerning them in a structured, commonly used, and machine-readable format and to transmit those data to another data controller without hindrance (Article 20 of EU Regulation no. 2016/679);
  • Object to the processing of their personal data in cases provided by law (Article 21 of EU Regulation no. 2016/679);
  • Withdraw consent to the processing of their personal data, without prejudice to the lawfulness of the processing based on consent before its withdrawal (Article 7, para. 3 of EU Regulation no. 2016/679). In any case, the withdrawal of consent to the processing of the data subject’s personal data will result in the termination of the ongoing employment or collaboration relationship, as consent to the processing of data is an essential requirement for the proper execution of the employment or collaboration relationship.
  • Submit a complaint to the National Data Protection Authority, located at Piazza Venezia n. 11, 00187 Rome, Italy (Article 77 of EU Regulation no. 2016/679) in the event of a violation of their rights.