Information pursuant to Art. 13 of Regulation (EU) No. 679/2016 (“GDPR”)
The undersigned (company/entity/sole proprietorship/association/self-employed professional) protects the confidentiality of personal data and guarantees the necessary protection against any event that may expose them to the risk of violation.
Pursuant to and for the purposes of the provisions of Regulation (EU) No. 679/2016 (“GDPR”), and in particular its Art. 13, the following information is provided to the user (“Data Subject”) regarding the processing of their personal data.
This notice (“Notice”), drawn up on the basis of the principle of transparency and all elements required by the GDPR, is divided into individual sections, each of which deals with a specific topic in order to make reading quicker, easier and more understandable.
SECTION I
Who we are and what data we process [Art. 13, para. 1, lett. a); Art. 15, lett. b) GDPR]
The processing of the Data Subject’s personal data is carried out by POGGI S.p.A., represented by its legal representative pro tempore, with registered office in Chiusi della Verna (AR), Via XXV Aprile, 19 Loc. Corsalone, which, as Data Controller (“Controller”), contactable at poggi@pec.poggi-spa.com, collects and/or receives information concerning the Data Subject, such as:
| Data category | Examples of data types |
|---|---|
| Personal data | first name, last name, physical address, nationality, province and municipality of residence, landline and/or mobile phone, fax, tax code/VAT number, email address(es), copy of identity document |
| Bank data | IBAN and bank/postal details (excluding credit card number) |
| Telematic traffic data | Log, originating IP address |
The Data Subject is not required to provide so-called “special categories” of data, namely, according to Art. 9 of the GDPR, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning health or a person’s sex life or sexual orientation. In the event that the service requested from the Controller requires the processing of such data (see Section IV), the Data Subject will first receive specific information and will be required to give explicit consent.
SECTION II
For what purposes we need the Data Subject’s data [Art. 13, para. 1 GDPR]
The legal basis for processing the Data Subject’s personal data is:
– contractual obligations and requirements;
– legal obligations;
– legitimate interest of the Controller to carry out processing for the protection of company assets and system security;
– consent for commercial purposes and for the use of services/supply of goods.
The Data Subject’s data will be processed for service/product management and compliance with legal obligations, such as:
| Description | Customers | Suppliers | WEB Users | |
|---|---|---|---|---|
| 1 | Carrying out preliminary activities and those subsequent to the conclusion of a contract, order management, provision of the service or supply of the requested good | X | X | |
| 2 | Invoicing of amounts due, payment management, fulfillment of any other obligation/service arising from the Contract | X | X | |
| 3 | Fulfillment of regulatory obligations including accounting, administrative and tax obligations | X | X | |
| 4 | Management of any complaints and disputes | X | X | X |
| 5 | Fraud prevention and management of delays or missed payments | X | ||
| 6 | Protection and possible recovery of credit, directly or through third parties to whom the necessary data will be communicated | X | ||
| 7 | Assignment of receivables to authorized companies | X | ||
| 8 | Reporting and quality control | X | X | X |
| 9 | Communication and/or sending (by email, sms, notifications, mail, telephone contact, etc.), also in automated ways, of information and material related to contract management and services provided | X | X | X |
| 10 | Web management for possible access under Login to the personal area or subscription to the Newsletter service or request for information by filling in the contact form | X | X | X |
Except as above, the Data Subject’s personal data, with optional consent, may also be processed for commercial promotion purposes, for surveys and market research regarding services/products offered by the Controller and different from those purchased. Such processing may take place automatically through:
– email;
– sms;
– telephone contact
and may be carried out:
1. if the Data Subject has not withdrawn consent;
2. if processing is carried out via telephone operator, if the Data Subject is not registered in the opposition register referred to in Presidential Decree no. 178/2010.
The legal basis is the consent given by the Data Subject, which can be withdrawn at any time (see Section III).
IT security
The Controller processes traffic data strictly necessary to ensure network and information security.
Protection of minors
Services are reserved for legally capable subjects. Minors’ data will not be processed without parental authorization.
Communication to third parties
Personal data may be communicated to third parties necessary for contractual execution and legal obligations.
SECTION III
What happens if the Data Subject does not provide the required data?
Failure to provide data prevents contract execution.
How we process data
The Controller adopts appropriate security measures.
Where data is processed
Data is stored in EU countries.
Retention period
Data is stored for the time necessary to achieve purposes and legal obligations.
Rights of the Data Subject
The Data Subject has the rights provided by Arts. 15–20 GDPR.
Right to object
The Data Subject may object at any time.
Right to complain
Complaints may be submitted to the Italian Data Protection Authority.
SECTION IV
COOKIES
General information, disabling and management of cookies
Cookies are data stored in the user’s browser. Users can disable them via browser settings, although this may affect site functionality.
This privacy notice is also published on www.poggi-spa.com.