GDPR - customers
In compliance with the provisions of current legislation on the protection of personal data, namely EU Regulation 2016/679 (also called "GDPR") and, as applicable, complementary national legislation, we wish to inform you about the processing of your personal data by the organization of the Data Controller. Such processing will be based on principles of correctness, lawfulness and transparency as well as the protection of your privacy and rights. This information is provided for the personal data you have provided, i.e., the person concerned reading this information sheet.
a) Who is the Data Controller? How can the Data Controller be contacted?
The Data Controller is Bondioli & Pavesi Sp.zo.o., with registered office in PL - 76 200 SLUPSK - Poznańska, 71, hereinafter referred to as the "Controller." Your contact details are as follows:biuro@bondioli-pavesi.com
b) For what purposes is the data processed? On what legal basis? And how long is it kept?
Below we indicate the purposes of the processing, the legal basis that legitimizes the processing and the retention period of your personal data:
|
Purpose |
Legal basis |
Data Storage |
|
Execution of the contract: to conclude a contract and fulfill contractual and pre-contractual obligations, such as the economic-financial evaluation, request for documentation certifying the possession of certain requirements, fulfillment of specific requests before the conclusion of the contract, ''ordinary contract management, after-sales support and assistance, credit recovery and the protection of rights in general.” |
Execution of pre-contractual and contractual obligations |
The data will be kept for the ordinary prescription period, for accounting and/or tax reasons, except for the additional retention time required by law or, in the event of a dispute, until its conclusion. |
|
Fulfillment of legal obligations: to fulfill the obligations established by the laws in force, including the bookkeeping of company accounts for both civil and fiscal purposes, the deeds and obligations aimed at preparing the financial statements as well as provisions issued by authorities and legitimized by the law. |
Compliance with legal obligations |
|
Administrative/accounting management: to carry out administrative, financial, statistical and accounting operations connected to internal organizational needs, also in coordination with the other companies of the corporate group. |
Legitimate interest |
|
|
Promotion of similar Products or Services: to allow the Data Controller to engage in the promotion and direct sale of products or services similar to those already purchased. The e-mail coordinates used are those you provided in the context of a previous purchase, on the condition that you do not exercise your right to object in the ways described in the following paragraph “What are your rights as a Data Subject?” You can exercise your right of opposition from now on by ticking the box at the bottom of the Information sheet or subsequently through the appropriate link at the bottom of any email with promotional content that will be sent to you. |
Legitimate interest, as required by Article 13, paragraph 2 of directive 2009/136/EC. |
Personal data may be kept, at most up to when you express your objection, which may take place at any time. |
|
Marketing activities: to allow the Data Controller to carry out freely, without a specific request on your part, marketing and promotional activities. Such activities include advertising and promotional information, direct sales, carrying out market research, surveys aimed at evaluating the degree of customer satisfaction, commercial communications, newsletters and periodic publications carried out at the initiative of the Data Controller. To do so, the Controller uses all the available means of communication, whether automated or not (such as: paper mail, telephone, e-mail address, fax, SMS, mms, chat, social network and the like). |
Consent |
Personal data may be kept up to the time of revocation of consent or objection on your part, which may take place at any time. |
c) What is the legitimate interest that allows the data processing?
As regards the legitimate interest for administrative/accounting management purposes, it relates to the need to carry out administrative and management operations by the Data Controller, to manage these operations correctly and efficiently as well as to exercise rights recognized by law, and without affecting the freedom and fundamental rights of the Data Subject. In the case of the promotion of similar products or services, the legitimate interest is due to the desire of the Controller to continue commercial relations with you, to improve its service and to keep you updated on the developments of the offer.
d) Is it mandatory to provide the data? What happens if it is not provided?
The provision of data for the purposes of contract execution, fulfillment of legal obligations and administrative/accounting management is necessary for the conclusion and management of the contract. In the partial or total absence of this provision, the contractual relationship cannot be initiated or continued.
For other purposes, the provision is optional and failure to provide it will make it impossible to update you on our offers even if this will not affect the conclusion of the contract.
e) Who can know your data? Who is it communicated to?
The personal data relating to the treatments in question, for the aforementioned purposes, may be communicated or disclosed:
Ø to those within the Data Controller’s organization who need it due to their duties or hierarchical position. These subjects are the persons authorized to undertake processing under the direct authority of the Data Controller;
Ø to Public Administrations, security and inspection authorities and, more generally, to subjects to whom the right to access data is recognized by specific provisions of the law or by a provision issued by an authority legitimated by the law.
Ø to the subjects whose activity is necessary for the execution of the contracts of which you are a party or to fulfill requests before the conclusion of the contract (e.g. companies and institutions in the banking, credit and insurance sectors, financial intermediaries, mail delivery companies, transporters, law firms, etc.), and who act as independent controllers;
Ø to third parties who carry out processing on behalf of the Data Controller, related to the processing and purposes described above, such as administrative, accounting, tax, information system management, attendance and payroll services. These subjects are authorized to process the data as Data Processors in accordance with the provisions of Article 28 of the GDPR;
Ø to subsidiaries of the group within the EU.
f) What are your rights as a Data Subject?
The GDPR recognizes, in relation to your personal data, the following rights that you can exercise within the limits and in compliance with the provisions of the law:
- Right to access your personal data (Article 15);
- Right of rectification (Article 16);
- Right of cancellation (right to be forgotten) (Article 17);
- Right to limitation of processing (Article 18);
- Right to data portability (Article 20);
- Right to object (Article 21); the Data Subject has the right to object at any time, for reasons connected to his/her particular situation, to the processing of personal data concerning him/her based on legitimate interest, including profiling based on such data. The Data Controller refrains from processing unless it demonstrates the existence of compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedom of the interested party or for the assessment, exercise or defense of a right in judicial proceedings;
- Right to object to a decision based solely on automated processing (Article 22);
- Right to revoke the consent given at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation.
You can exercise these rights by sending a written request addressed to the Data Controller at the postal address or by e-mail, as indicated in the previous point a). Furthermore, you have the right to lodge a complaint with the Supervisory Authority if you believe that the processing of your data is contrary to the legislation in force (Article 77), or take legal action (Article 79).
