POLICY ON DATA PROCESSING CONTACTS
Dear Customer
Subject: Policy on the processing, communication and dissemination of data, in application of the European Data Protection Regulation – -Reg. 679/2016 (GDPR)
PREMISE
Pursuant to articles 13 and 14 of EU Regulation 2016/679 (GDPR), laying down provisions for the protection of individuals with regard to the processing of personal data, the Data Controller is required to provide interested parties with some information regarding the use of their personal data.
In particular, CARTOTECNICA POSTUMIA SPA in the performance of its activities/functions needs to process information and personal data related to its organization, acting in the role of Data Controller under the GDPR.
The information and personal data, provided by you, or acquired within the contractual relationship with the writer, are treated in compliance with the laws in force and the confidentiality obligations that have always inspired the activity of CARTOTECNICA POSTUMIA SPA as well as in respect of fundamental rights and freedoms, dignity of the person concerned, respect for personal identity and the right to protection of personal data, with particular reference (ref. Art. 5 – Principles applicable to the processing of personal data) to the principles of lawfulness, correctness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality.
The data controller is: CARTOTECNICA POSTUMIA SPA
PURPOSE OF DATA PROCESSING
The processing of data is aimed at the pre-contractual and contractual management of the activities carried out on behalf of the client by CARTOTECNICA POSTUMIA SPA. In particular, we highlight the following purposes
a) Commercial and pre-contractual management, in relation to all the activities that preceded the contractual stipulation (e.g. preventive processing and related information processing activities);
b) Administrative and accounting management (e.g. issue of invoices, preparation of payments and relations with credit institutions, contractual management and protection of credit positions deriving from them, etc.);
c) Management of design, supply, maintenance and support services for the solutions and services provided under the contract.
d) Sales and promotional post-sales management, in relation to solutions, new products, organization of events, in line with the proposed services and solutions.
The processing will be carried out with the main support of electronic tools, and may cover data and information on computer or paper media, by authorized individuals.
CF e PIVA: 00224750281
via Provinciale, 15
35010, Carmignano Di Brenta, PD Tel: 049 9438999
Fax 049 9430732 privacy@postumia.it
In general, for the aforementioned purposes, depending on the case, the data will be stored at our company, at the customer’s IT infrastructure, at our data centers, or at our suppliers’ datacenter, and will be communicated exclusively to the competent subjects, internal or external to the organization, as described below, for the completion of the services necessary for the proper management of the contractual relationship and the underlying services with a guarantee of protection of the rights of the interested party.
LEGALITY AND LEGAL BASES OF PROCESSING
The processing of personal data by the Data Controller is legitimized by the following conditions (art.6 of the GDPR):
● The interested party has given his consent to the processing of his personal data for one or more specific purposes.
● The processing is necessary for the execution of a contract of which the interested party is a party and for the possible execution of pre-contractual or post-contractual measures adopted at the request of the same.
● The processing is necessary to fulfill a legal obligation to which the Data Controller is subject (in particular for administrative and accounting purposes).
● The processing is justified by a legitimate interest of the Data Controller, such as, for example, the sending of commercial and / or promotional communications relating to products and services similar to those covered by the existing contractual relationshipSCOPE OF DISTRIBUTION AND CATEGORIES OF PERSONS TO WHICH MAY BE DISCLOSED DATA, ANY LIABILITY DOMAINS
Personal data collected by CARTOTECNICA POSTUMIA SPA may be disclosed, within the limits and in the forms strictly relevant to the aforementioned purposes, also to the following subjects or categories of subjects:
Subjects to whom communication is required by law, by regulation or by national and community legislation as well as for the performance of contractual or pre-contractual obligations.
- Credit Institutions, Insurance Companies and other entities for the execution of contractual or pre-contractual obligations (disbursement of payments, stipulation of compulsory insurance policies, etc.);
- External studies and professionals specialized in consulting for the management of accounting and tax aspects for the fulfillment of the law (e.g. accountant, auditing company, etc.)
- Companies that carry out any activities of transport and shipment of the goods in relation to the customer’s personal details.
- Subjects that provide services for the management of the CARTOTECNICA POSTUMIA SPA information system and telecommunications networks (including e-mail), limited to the management of security profiles for the purposes of data processing operated by CARTOTECNICA POSTUMIA SPA;
For the types of communications to the subjects mentioned above, iii, v, CARTOTECNICA POSTUMIA SPA has a contract in place that assigns and regulates the role of responsibility of treatment (so-called Sub-suppliers) in accordance with Art. 28 of the GDPR. The updated list is available at CARTOTECNICA POSTUMIA SPA headquarters.
DATA TRANSFER
As a rule, the Data Controller does not transfer personal data to third countries or to international organizations.
The undersigned also reserves the right to use services in cloud; in which case, the service providers will be selected among those who provide adequate guarantees, as required by art. 46 GDPR 679/
PROVISION OF DATA AND CONSEQUENCES OF FAILURE TO COMPULSORY / NON- COMPULSORY PROVISION
The provision of data must be considered mandatory with regard to the processing that the organization must carry out to fulfill its obligations towards the data subject on the basis of the existing relationship (or contract), as well as legal obligations, rules, regulations – see paragraph finality, b) and c) – Failure to provide such data may make it impossible for CARTOTECNICA POSTUMIA SPA to proceed with the current relationship.
The provision is not mandatory for all other purposes and, even if conferred, can be revoked at any time by the interested party. In the event of failure to provide consent, the consequences will be assessed from time to time, having regard to the specific case. For the purposes of type d) communications will always be accompanied by an information for the processing of data and will always be given the right to withdraw from communications of a commercial or promotional nature.
DATA CONSERVATION PERIOD
The data are kept only for the period necessary for the purposes for which they are processed or within the terms provided for by national and Community laws, rules and regulations to which the organization must comply (eg accounting and tax regulations, etc.). It is expected that a periodic check will be carried out annually on the data processed and on the possibility of being able to cancel them if no longer necessary for the intended purposes.
RIGHTS OF DATA SUBJECTS
The Data Controller undertakes to provide the interested party with feedback on any requests in relation to the processing of data, within 30 days and, in the event of impossibility to comply with these deadlines, to justify any extension of the deadlines. The response will be free of charge, except in cases of groundlessness or excessive requests for which a fee may be charged that is not higher than the costs actually incurred for the research carried out.
In particular, please note the rights of the data subject to access, rectification or deletion of data, and those to the limitation or opposition to processing, as shown in the tables below.
Access (art.15) | – Confirmation of the data processing of the data subject by the Data Controller. – Access to personal data by the data subject processed by the Data Controller. – Information on purposes, categories of processed data, recipients of any communications (especially if in third countries), expected retention period and origin of the data collected from third parties. – Information on the existence of the right to rectification or deletion of data and limitation or opposition to their processing and to lodge a complaint with the Guarantor. – Possible existence of an automated decision-making process or profiling, information on the logic used and the consequences of such processing. |
Correction (art.16)
- – Correction by the Owner, without unjustified delay, of the incorrect personal data concerning the interested party and
- – integration of incomplete personal data.
Cancellation (art.17) | In cases of: – data no longer necessary for the purposes for which they were collected; – withdrawal of consent, if there is no other legal basis for the processing; – opposition to treatment, if there is no legitimate overriding reason; – unlawful processing; – legal obligation; – and finally, in cases related to the consent of minors, with regard to the provision of information society services. |
Limitation (art.18) | Temporary regime of abstention from processing in cases of: – contestation of accuracy, – opposition to cancellation in case of unlawful processing, – data no longer necessary for the Data Controller but necessary for the data subject to exercise a right, – opposition to processing Pending the conclusion of the investigations, the Data Controller is required to retain the data and performs any other processing only under certain conditions. |
Portability (art.20) | As regards processings based on consent or on a contract, the data subject is entitled to receive from the Data Controller his personal data in “common” electronic format in order to transmit them to another Data Controller (also directly from the Data Controller to the Data Controller).”portable”personal data are those that the subject has provided directly and explicitly to the Owner, but also those collected during the provision of the service, such as, for example, traffic or navigation data (for network service providers) . |
Opposition (art.21) | Opposition to the processing of personal data based on the criteria of lawfulness of the exercise of public interest or of the legitimate interest of the Owner, including direct marketing or any profiling. The Data Controller is obliged in any case to stop processing for direct marketing purposes if the data subject opposes the use of their data for this purpose. |
Other rights recognized to the interested parties are those of the following table.
Complaint (art.77)
Right to propose a complaint to a Supervisory Authority (Privacy Guarantor), where the interested party considers that the processing that concerns him / her violates the Regulation
Compensation (art.82) | Right to obtain from the Owner and / or the Manager the full and effective compensation for any damage suffered, material or immaterial (financial loss, identity theft, discrimination, etc.), if caused by the processing of personal data of the data subject in violation of the Rules and the Data Controller and / or the Data Manager are not able to prove that the harmful event is not attributable to them. |
As regards the processings legitimated by a consent, the interested party has the right to revoke it at any time without prejudice to the lawfulness based on the consent given prior to the revocation.
Best regards.
THE DATA CONTROLLER