The management of the contractual relationship with customers and suppliers necessarily involves the processing of personal data (identification, telephone numbers, e-mail) relating to natural persons with whom you come into contact. This information is therefore provided, pursuant to art. 13 and 14 GDPR - "European Regulation on the protection of personal data", to natural persons who work with customers and suppliers legal entities of the Data Controller. Since it is difficult to send it directly to interested parties, the information is made available to customers and suppliers, with a request to notify the interested parties.
Identity of the Holder
The Data Controller is F.lli Alberto e c. S.n.c. with registered office in Le Pont n. 2 - 11015 La Salle (AO), in the person of its pro tempore legal representative.
Data source
The personal data processed are those provided by the data subject or by third parties (business owners, legal representative, etc.) on the occasion of:
- visits or telephone calls;
- direct contacts;
- receiving/sending offers and quotes;
- transmissions and transactions after the order.
Purpose of processing
Personal data of natural contact persons are processed for:
- forward communications of various kinds and with different means of communication (telephone, mobile phone, sms, e-mail, fax, paper mail);
- make requests or process requests and proposals received;
- exchange information for the purpose of performing the contractual relationship, including pre- and post-contractual activities.
Legal basis of processing
The data acquired for the achievement of the purposes indicated are processed lawfully as necessary for the execution of a contract to which the interested party is a party (by virtue of its working relationship with the customer and supplier of the Data Controller) or the execution of pre-contractual aspects at the request of the customer/supplier. The legal basis is the need to fulfil pre-contractual, contractual and post-contractual obligations.
Recipients of data
The personal data processed by the Data Controller are not disclosed, or are not given to indeterminate subjects, in any possible form, including that of their provision or simple consultation. They can, instead, be communicated to the workers working for the Data Controller, to the external subjects who collaborate with it designated as Data Processors or authorized to the processing as operating under the authority of the Data Controller.
They may also be communicated, to the extent strictly necessary, to individuals who for the purpose of processing your requests must provide goods or perform on behalf of the Data Controller services or services. Finally, they can be communicated to persons entitled to access them by virtue of laws, regulations and Community regulations.
In particular, on the basis of the roles and duties performed, the workers have been entitled to process your personal data, within the limits of their competences and in accordance with the instructions given to them by the Data Controller.
The external subjects operating under the authority of the Data Controller have also been duly authorised according to the type of service provided, the processing carried out, the nature of the data processed.
The external subjects to whom the Data Controller has entrusted the processing of personal data have been designated Data Processors.
Data transfer
Under no circumstances does the Data Controller transfer personal data to third countries or international organisations. However, it reserves the right to use services in the cloud; in which case, the service providers will be selected from those who provide adequate guarantees, as required by art. 46 GDPR 2016/679.
Data retention
The Data Controller stores and processes personal data for the time necessary to fulfil the purposes indicated. In this case, the contact details are kept for two years after the termination of the employment or employment relationship with their employer.
Rights of the data subject
With reference to art. 15 - right of access, 16 - right of rectification, 17 - right to erasure, 18 - right to restriction of processing, 20 - right to portability, 21 - right of opposition, 22 right of opposition to the automated decision-making process of the GDPR , the data subject exercises his rights by writing to the Data Controller at the above address, or by e-mail at info@albertoserramenti.it, specifying the subject of his request, the right it intends to exercise and attaching photocopies of an identity document attesting the legitimacy of the request.
The Data Controller recalls in particular that each interested party can exercise the right of opposition in the forms and ways provided for by art. 21 GDPR.
Withdrawal of consent
With reference to art. 7 of the GDPR, the data subject may revoke any consent given at any time. However, the processing subject to this policy is lawful and permitted, even without consent.
Refusal to provide the data
The data subject may refuse to provide the Data Controller with his personal data.However, the provision of personal data is necessary for the proper and efficient management of the contractual relationship. Therefore, any refusal to provide data may compromise the contractual relationship in whole or in part.
Automated decision-making processes
In no case does the Data Controller carry out processing that consists in automated decision-making processes on the data of natural persons.