PERSONAL DATA TRATEMENT

Privacy Policy on Customers’ Personal Data Processing granted under EU Regulation 679/2016

The present document complies with Art. 13 of EU Regulation no. 679/2016 on the protection and processing of personal data.
The aim of the present policy is to describe how NASTRIFICIO DE BERARDI S.r.l. will process their customers’ personal data.
The Data Controller is NASTRIFICIO DE BERNARDI S.r.l., registered office in Via Monte Grappa, 83-85 Concorezzo (MB), represented by DE BERNARDI CARLO. The Company can be contacted by e-mail at [email protected] and at the Certified e-mail [email protected], even to exercise the rights of data subjects listed below (former Articles 15 – 22 of EU Regulation no. 679/16).

Legal basis:
The processing of personal data is carried out observing the following legal principles (Art. 6, par. 1, letters (a), (b), (c), (f)):

  • consent request: the data subject has given consent to the processing of their personal data for one or more specific purposes;
  • fulfilment of contractual obligations;
  • compliance with legal obligations to which the Data Controller is subject;
  • legitimate interest of the Data Controller or third parties to whom the data are communicated.

 

Purpose of processing:
NASTRIFICIO DE BERNARDI S.r.l. processes personal data for the following purposes:

  • to allow the logging in the Company’s website in order to load and download the latest catalogues showing their products;
  • to send commercial information on the services and products supplied;
  • to send newsletters about the latest updates in their services and products;
  • for the correct and complete execution of the assignments received;
  • to contact the users via telephone or email;
  • to comply with current administrative, accounting and tax requirements.

Categories of data processed:
The categories of data processed by NASTRIFICIO DE BERNARDI S.r.l. are mainly identification data such as, for example: personal data (i.e. first name and surname, tax code, address, telephone number, email address, bank and payment de-tails); data concerning legal persons (i.e. personal details, contact details, bank and payment details); information to achieve an effective management of commercial relationships and to update the customers on the offered services.
Browsing data: the computer systems and software procedures used for the functioning of this website may require, during normal operation, the acquisition of some Personal Data whose transmission is implicit in the use of the Internet communication protocols.
Data communicated by the user: the optional, explicit and voluntary sending of messages to the contact addresses of NASTRIFICIO DE BERNARDI S.r.l., the messages sent to the Company’s social media profiles/pages, as well as the com-pletion and submission of the forms on the website, entails the acquisition of the sender’s contact data, necessary to re-ply, and all the personal data included in communications.

Any refusal to provide such data implies the failed delivery of the services offered by NASTRIFICIO DE BERNARDI S.r.l., insofar their usefulness in the performing of the same.

Data Recipients:
Any personal data related to said processing will be communicated to and processed by internal staff, trained and au-thorized by NASTRIFICIO DE BERNARDI S.r.l. in compliance with current legislation on privacy and the GDPR. If necessary for the management of the contractual relationship and for the pursuit of the legitimate interest of the Data Controller, your data will be conveyed to the following subjects:

  • persons whose right to access your data is recognised by legal provisions or by secondary or Community legisla-tion;
  • persons to whom the transfer of your personal data is necessary or essential to the performance of our Compa-ny’s activities (freelancers, consultants, etc.);
  • subjects delegated and/or appointed by the Company to carry out any activity strictly related to the pursuit of the aforementioned purposes (including technical maintenance interventions of the systems);
  • data may be disclosed to Third Parties to defend the rights as well as to fulfil the obligations provided by law or by regulations and upon request of the competent Authorities.

Communication and disclosure.
NASTRIFICIO DE BERNARDI S.r.l. will use the collected data for the complete and correct accomplishment of the contract. They may be disclosed to Third Parties to defend the rights as well as to fulfil the obligations provided by law or by regula-tions and upon request of the competent Authorities. NASTRIFICIO DE BERNARDI S.r.l. does not transfer data to Third Countries and does not employ any automated decision-making process concerning natural people, including profiling. However, data may be transferred to EU and non-EU countries. Such transfers may be performed by organisations and/or companies, as specified in the section “data recipients” above.

Data Retention:
Data shall be archived for the duration of the contract. Upon the end of the period under consideration, NASTRIFICIO DE BERNARDI S.r.l. will store the data for ten years, in full compliance with current regulations. Afterwards, every January, any data having expired the storage period of ten years will be deleted from all archives.

Existence of an automated decision-making process, including profiling.
NASTRIFICIO DE BERNARDI S.r.l. does not employ any automated decision-making process concerning natural people, including profiling, pursuant to Article 22, paragraphs 1 and 4, of EU Regulation no. 679/2016.

Processing Methods:
The processing is performed by the Data Controller and/or other trained persons in charge of the processing. The principles relating to the processing of Personal Data are described below, as defined by Article 5 of EU Regulation 679/2016:

  • lawfulness, fairness and transparency of processing with regard to the Data Subject;
  • purpose limitation, included the obligation to ensure that any potential subsequent processing is not incompatible with the purposes of data collection;
  • data minimization: data must be adequate, relevant and limited to what is strictly necessary to achieve the purposes for which they are collected;
  • accuracy and updating of data, included the prompt deletion of incorrect data;
  • storage limitation: personal data must be stored for no longer than it is necessary to achieve the purposes for which they are processed;
  • integrity and confidentiality: it is necessary to ensure the safety of the personal data processed.

Rights of Data Subjects:
In relation to the data collected in the processing referred to in this document, data subjects have, at any time, the right to:

  • access their personal data (Art.15 EU Regulation no. 679/2016);
  • correct their personal data (art.16 EU Regulation no. 679/2016);
  • cancel their personal data (art.17 EU Regulation no. 679/2016);
  • limit their personal data (art.18 EU Regulation n. 679/2016);
  • data portability, understood as the right to obtain the data from the data controller in a structured format of common use and legible by any automatic device, to send it to another data controller without impediment (Ar-ticle 20, EU Regulation n. 679/2016);
  • object to the processing of their data in the cases provided for by the law (art.21 EU Regulation no. 679/2016);
  • revoke the consent to the processing of their personal data, without affecting the lawfulness of the processing based on the consent given before the revocation (Article 7, par. 3 EU Regulation no. 679/2016). In any case, the revocation of the consent to the processing of personal data will cause the ending of the ongoing work-ing/collaboration relationship, since such consent is an essential requisite for the correct execution of said rela-tionship.
  • lodge a complaint with the National Guarantor Authority for the Protection of Personal Data, headquartered in Piazza Venezia n. 11, 00187 Rome (art.77 EU Regulation no. 679/2016) in case of violation of their rights.