ON THE PROTECTION OF PERSONAL DATA PURSUANT TO PRIVACY LAW
The company Savino Del Bene S.p.A., with registered office in Scandicci (FI) (50018), Via del Botteghino no. 24/26, in its capacity as Data Controller, in the person of its pro-tempore legal representative, hereby informs data subjects as to the purposes and methods of the processing of the personal data collected, their scope of communication and dissemination, as well as the nature of their provision.
METHODS OF ISSUING INFORMATION
CATEGORIES OF DATA
The Data Controller collects and/or receives the following information about you:
- first name, last name
- date of birth
- phone number
- email address
- tax code
- banking and economic data
PURPOSES OF DATA PROCESSING
The above data is processed for the performance of pre-contractual, contractual and legal obligations related to the existing relationship, and in particular for the management of orders, procurement of goods or provision of services, including professional services, and for other activities such as archiving, billing, and processing,
in full compliance with the principles of fairness and lawfulness of processing as well as the provisions of the law.
The obligations to be fulfilled by the Data Controller in connection with the contract and specific regulations governing it are, among others, those of keeping accounts.
(for customers only) Your personal data is also processed to prevent fraud, including contractual fraud. Finally, your data (such as landline and/or mobile phone number and email address) will be processed to provide assistance with contracted services and to forward specific communications and information pertaining to contractual obligations or deadlines, service delivery methods, or any corporate operational needs. Subject to the principles of necessity, relevance and non-excessiveness.
Your personal data acquired through the “Track & Trace” platform will be processed to enable you to enjoy the services offered by the Data Controller through the website and access the online portal to track your shipment. In addition, your personal data will be processed to the extent strictly necessary and proportionate to ensure the security and ability of a network or servers connected to it to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity, and confidentiality of personal data stored or transmitted. For these purposes, the Data Controller provides procedures for handling personal data breaches.
DATA PROCESSING METHODS
The data processing is carried out through IT or, in any case, telecommunication procedures and never paper means, by subjects specifically authorized to do so. The data is stored in paper, IT and telematic archives, ensuring the minimum security measures provided for by current legislation.
COMMUNICATION AND DISCLOSURE
Personal data will not be disclosed, sold or exchanged with third parties without the express consent of the data subject. Communication may take place with: companies belonging to the SDB Group, insurance brokers and banks, agents, Q&A auditors, the supervisory board, security, IT service providers and hardware and software support and maintenance. In this case, the use by third parties will take place in full compliance with the principle of correctness and the provisions of the law. Personal data will be accessible to employees, contractors, and consultants of the Data Controller specifically authorized to process them.
The data is stored in paper, computer and electronic archives located within the European Economic Area, with the exception of the cases listed below, and specific security measures are ensured.
Personal data (identification and contact details), by virtue of the service requested (customer) or the tasks entrusted by the Data Controller (supplier), may be transferred outside the European Economic Area (EEA). Such transfers will take place in compliance with data transfer regulations outside the European Economic Area (EEA). You can find the list of non-EEA countries and their guarantees at the privacy office.
RIGHTS OF THE DATA SUBJECT
Pursuant to articles 15 and following of the GDPR, the data subject may assert specific rights, including:
- the right to obtain confirmation as to whether or not personal data is being processed;
- the right of access to personal data and to the following information (the purposes of the processing for which the personal data is intended, the categories of data, the recipients of the data, the retention period, etc.);
- the right to request rectification or restriction of data processing;
- the right to have personal data erased if the reasons exist;
- the right to lodge a complaint with a supervisory authority.
For reasons relating to your particular situation, you can object at any time to the processing of your personal data if it is based on legitimate interest.
You have the right to have your personal information deleted unless there is a legitimate reason overriding your request.
The Data Controller provides the email address email@example.com to allow the exercise of rights under Privacy Law.
The Data Controller is Savino Del Bene S.p.A., with registered office in Scandicci (FI) (50018), Via del Botteghino n. 24/26.
Personal data will be stored by the Data Controller in full compliance with the principles of necessity, minimization, and restriction of storage, through the adoption of technical and organizational measures appropriate to the level of risk of the processing, for the time strictly necessary with regard to the contractual relationship, as well as, thereafter, for the fulfilment of all legal obligations related to or arising from the contract and up to ten years after its conclusion (art. 2946 Italian Civil Code) or from when the rights that depend on it can be enforced (pursuant to art. 2935 Italian Civil Code); as well as for the fulfilment of obligations (e.g., tax and accounting obligations) that remain even after the conclusion of the contract (art. 2220 Italian Civil Code), for which purposes The Data Controller must retain only the data necessary for their pursuit. Except in cases where the rights deriving from the contract are to be asserted in court, in which case your data (only those necessary for such purposes) will be processed for the time necessary for their fulfilment.
NATURE OF DATA PROVISION AND LEGAL BASIS OF THE PROCESSING
The provision of the aforementioned data is necessary, and any refusal to provide such data will result in the impossibility for the Controller to fully implement all the activities necessary or functional to the relationship and to fulfil the obligations related thereto.
The processing carried out by the Data Controller for the above purposes is based on the performance of existing contractual relationships as well as the fulfilment of legal obligations to which the Data Controller is subject.