ON DATA PROTECTION PURSUANT TO THE PRIVACY REGULATIONS
The company Savino Del Bene S.p.A., with registered office in Scandicci (FI) – 50018 – Italy, Via del Botteghino n. 24/26, in its status of Data Controller, in the person of its pro tempore legal representative, hereby informs the data subjects on the aims and procedures associated with the processing of their personal data collected, the scope of their communication and diffusion, and the nature of the data conferral.
DISCLOSURE ISSUE PROCEDURE
CATEGORIES OF DATA
The Data Controller collects and/or receives the information concerning you, namely:
- name, surname
- date of birth
- telephone number
- e-mail address
- tax no.
- bank and economic details;
- (for customers only) computer-related data, for example: login credentials, IP address, etc., collected
through the “Tracking” function and the My SDB reserved area present on the Controller’s website.
SCOPE OF THE DATA PROCESSING
The above data will be processed for fulfilling pre-contractual, contractual and legal obligations associated with the current relationship, and in particular for managing orders, procuring goods or services, including professional services, and other activities such as archiving, invoicing and processing, in full conformity to the principles of fairness and lawfulness of the data processing and in accordance with the law.
The obligations bearing on the Data Controller in relation to the contract and the specific regulations governing it include, among others, bookkeeping duties.
(for customers only) Your personal data will also be processed for preventing fraud, including contractual fraud. Lastly, your data (namely your fixed-line or mobile telephone number) will be processed for providing assistance on the services governed by the contract and for sending specific communications and information pertaining to the contractual obligations or deadlines, the method used to provide the service or any operating requirements of the company. This without prejudice to the principles of necessity, relevance and non-exceedance.
Your personal data acquired through the “Tracking” function present at the following link https://www.savinodelbene.com/#popuptrakingen and the My SDB reserved area will be processed to allow you to use the services offered by the Data Controller through the website and to access the online portal to track your shipment. Moreover, your personal data will be processed in a strictly necessary and proportional measure for guaranteeing the security of a network or server connected to it and its ability to withstand a given security-related incident, unforeseen events or unlawful or malicious deeds that undermine the authenticity, integrity and confidentiality of the personal data stored or transmitted. For these aims, the Data Controller applies procedures for managing personal data breaches.
DATA PROCESSING METHODS
COMMUNICATION AND DIFFUSION
DATA TRANSFERRAL ABROAD
The data is stored in hard copy, computerised and electronic archives located within the European Economic Area, and is protected by specific security measures. To fulfil the above-mentioned purposes, the personal data may be transferred to companies of the Group located abroad.
These transfers will be made under the following guarantees:
- arrangement of standard contractual clauses aimed at ensuring adequate guarantees, also with regard to the rights of data subjects concerning the transfer of their personal data to non-EU countries.
- adequacy decision of the European Commission pursuant to Art. 45 of Regulation (EU) 2016/679.
You may request the list of non-EEA countries by sending an e-mail to email@example.com
RIGHTS OF THE DATA SUBJECT
Pursuant to Arts. 15 and subsequent of the GDPR, the data subject may exercise the following specific rights:
1) right to obtain confirmation as to whether or not personal data concerning him or her are being processed;
2) right of access to personal data and to the following information (purposes for which personal data is processed, data categories, data recipients, the storage period, etc.);
3) right to request the rectification or limitation of the data processing;
4) right to obtain the erasure of the personal data on justified grounds;
5) the right to submit claims to the supervisory authority.
The reasons pertaining to your specific situation, you can at any time oppose the processing of your personal data if this is grounded on legitimate interest.
You are entitled to obtain the erasure of your personal data if there is no prevalent legitimate reason with respect to that which gave rise to your request.
In order to allow you to exercise the rights pursuant to the Privacy Regulation, the Data Controller makes available the following address: firstname.lastname@example.org.
The Data Controller is Savino Del Bene S.p.A., with registered office in Scandicci (FI) – Italy (50018), Via del Botteghino n. 24/26.
The personal data will be stored by the Data Controller in full conformity to the principles of necessity, minimisation and limitation of storage, by adopting the technical and organisational measures adequate to the level of risk of the data processing, for the time strictly required in relation to the contractual relationship and, subsequently, for fulfilling all the legal obligations connected to or deriving from the contract and up to ten years after its termination (Art. 2946 of the Italian Civil Code) or from when the rights that depend on it can be exercised (pursuant to Art. 2935 of the Italian Civil Code); and for fulfilling obligations (e.g. tax and accounting) that remain even after the termination of the contract (Art. 2220 of the Italian Civil Code), for which the Data Controller must store only the data required for their fulfilment.
(for customers only) The computer data collected through the “Tracking” function and the My SDB reserved area (login, IP address) will be stored up to 30 days.
This term shall not apply if the rights deriving from the contract are asserted in the courts, in which case your data – only that necessary for these aims – shall be processed for the time strictly necessary for fulfilling these aims.
NATURE OF THE DATA CONFERRAL AND LEGAL BASE OF THE PROCESSING
The conferral of the above-mentioned data is necessary and your refusal to provide it shall prevent the Data Controller from fully performing all activities that are necessary or functional to the relationship and fulfilling all the obligations related to latter.
The data processing activities performed by the Data Controller for the above-mentioned aims relate to the execution of the contractual relations and the fulfilment of the legal obligations bearing on the Data Controller.