pursuant to article 13 of EU Regulation 2016/679 (hereinafter referred to as GDPR)
Combitech Italia S.r.L. protects your privacy for the processing of personal data relating to natural persons such as Customers, Consultants, Brokers and Suppliers.
1. GENERAL INFORMATION
Customers, Brokers, Suppliers, Consultants and Collaborators (including, for these purposes, Directors of the Combitech Italia Company) are informed of the following general profiles, which are valid for all areas of the processing that may involve the natural persons of reference (hereinafter also referred to as “data subjects” pursuant to article 4, paragraph 1 of the GDPR).
1.1 The Data Controller is Combitech Italia S.r.L. in the person of its legal representative, with registered office in Via Achille Grandi, 9 Zona Industriale - 20020 Arconate (MI) - Italia, VAT no / TAX Code IT12913100157, which you can also contact at the email address firstname.lastname@example.org
1.2 All personal data related directly or indirectly to natural persons shall be processed lawfully, fairly and in a transparent manner in relation to the data subject, in compliance with the general provisions set forth in article 5 of the GDPR.
1.3 We have taken specific security measures to prevent loss, illegal or improper use and unauthorised access of data.
1.4 Data is collected through the site using computer or paper systems (see “Printing of computer documents), only “common” data or information that does not include “special categories of data” (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation) or “judicial data” (personal data relating to criminal convictions and offences or related security measures).
The processing of data is related to the provision of the requested services, supply of any related products or services, maintenance and assistance relating to services, management of any complaints and/or disputes, storage of customers’ personal data, use of personal data to make disclosures relating to the performance of the contractual relationship established, etc.
1.5 The updated list of people authorised to process data on behalf of the Data Controller, as well as the external data processors appointed by Combitech Italia S.r.L. is available at the Data Controller’s registered office.
1.6 Personal data of the data subjects who visit and use the www.combitechitalia.com website are processed in accordance with a specific policy that can be viewed here.
2 - PURPOSES AND DISCLOSURES
2.1 Primary Purposes
a) The personal data of data subjects are processed to stipulate and perform the contract for the provision of Combitech Italia S.r.L. services, other contracts with the suppliers of Combitech Italia S.r.L. or Brokers, Consultants and Collaborators of Combitech Italia, including professional services (hereinafter the “Contracts”).
Before the conclusion of a Contract, the personal data of the data subject may also be processed for pre-contractual purposes, such as replying to specific requests from the data subject for the purpose of a subsequent contractual relationship. In any case, personal data are also processed to enable the Data Controller to fulfil the obligations provided by law, a regulation or community legislation and for civil, accounting and tax purposes.
Personal data may also be processed to assert or defend in the competent fora (court, arbitration, administrative, etc) the rights of the Data Controller, whether or not they relate to the Contract (e.g. breach).
b) The Data Controller may disclose the data subject’s data to private third-party suppliers who provide the Data Controller with services ancillary to the Contract, and also to accounting, tax, legal and administrative consultants, to banks for payment services, to the Data Controller’s internal staff (authorised and appointed), to public bodies (e.g. payment of withholding tax). The data will not be disseminated.
As required by the Transparency Guidelines (WP 260/2017) if the Data Controller chooses to indicate the categories of recipients of the personal data, he must justify why he considers this approach to be correct and, in any case, reference to the category must not be generic but specific, referring to the activities carried out, the sector, industry, and territorial location of the recipients identified by this category. In this perspective, the Data Controller considers the approach by recipient category of the disclosure to be correct, given that indication of the name of the suppliers and subcontractors would be exorbitant. Third-party suppliers are represented by the following categories: companies in the banking and credit sector that provide services for the management of financial transactions related to payments of the data subjects; providers of ICT services for installation, assistance and maintenance of IT and electronic systems and all services functionally connected and necessary to provide the Contractual services; people, companies or professional firms that provide assistance, advice or collaboration to the Data Controller in accounting, administrative, legal, tax and financial matters relating to the Contract.
c) In all the above cases, the Data Controller is not required to obtain consent from the Customer. All the aforementioned processing operations pursue primary purposes for which article 6 of EU Regulation 679/2016 on data protection excludes the need to obtain the data subject’s specific consent, since the legal basis for the legitimacy of the processing is represented â€“ as the case may be â€“ by the Service and/or Supply Agreement, by the obligation to comply with the legal provisions, and by the need to implement measures requested by the data subject. In the case of actions to assert or defend a legal claim, the legal basis of the processing is represented by the legitimate interest of the Data Controller.
2.2 Secondary purposes
a) The personal data collected will be processed â€“ if the Data Subject consents â€“ also for the following secondary and homogeneous processing purposes: for promoting and advertising products and services, for conducting market research and surveys (by telephone, online or using forms), for formulating statistics (in identifying form), and for other sample marketing research activities relating to the Data Controller’s products and/or services (hereinafter referred to as “Processing for Marketing Purposes”).
b) Based on the data subject’s specific and separate consent, the data subjected to Processing for Marketing Purposes may be disclosed to the following third parties: suppliers of electronic communication goods and services, internet service providers, advertising agencies. The data will not be disseminated.
c) In order to proceed with the Processing for Marketing Purposes, the Data Controller must obtain an informed, free, unambiguous, specific, separate, express, documented, preventive and completely optional consent from the Data Subject. A further and separate consent is also required in order to be able to disclose personal data to third parties so that they in turn can process them for marketing purposes. The user is free to give the Data Controller only consent to the Processing for Marketing Purposes but not also additional consent to disclose the data to third parties for marketing purposes. If the user does not intend to give any consent to the processing of data for marketing purposes (to the Data Controller and to disclose data to third parties), there will be no consequence or impact on the Contract currently existing with the Data Controller.
d) All consents, if given by the user for any purpose, and with particular reference to the marketing consent and relative disclosure to third parties, can be withdrawn at any time without formalities by sending an email to privacy@Combitech.it . This shall be without prejudice to authorised processing carried out at the time of withdrawal.
3 - DATA TRANSFER AND RETENTION PERIODS
3.1 Data will be kept on the servers of the Data Controller or by third-party companies, appointed as external data processors on behalf of the Data Controller, whose servers are located within the European Economic Area; any transfer of data to sub-processors abroad will be covered by standard contractual clauses and/or by the sub-processors adherence to an adequacy decision in accordance with articles 45 and 46 of the GDPR.
3.2 Data processed for primary purposes will be kept for ten years as required by the applicable laws (tax, civil, and anti-money laundering). Personal data subject to Processing for Marketing Purposes will be kept in accordance with the principle of proportionality and minimisation for the duration of the Contract and up to 24 months after its termination (to allow the Data Controller to propose new services and/or products within a reasonable period of time) or until withdrawal of the Data Subject, if earlier.
4 - YOUR RIGHTS
4.1 You may freely exercise the following rights in relation to the processing of data by Combitech Italia S.r.L.:
- Obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to obtain access to data and information relating to said processing.
- Request rectification of inaccurate data;
- Request cancellation of data in the event that, among other reasons, they are no longer necessary for the purposes for which they were requested; in this case, Combitech Italia S.r.L. will cease to process the data, except where said data are necessary to establish, exercise or defend a legal claim.
- Request application for the restriction of data processing, in which case said data may only be processed with the prior consent of the data subject; except for the retention of the data and use for establishing, exercising or defending a legal claim or for protecting the rights of other natural or legal persons or for reasons of significant public interest of the European Union or a Member State.
- Oppose, in whole or in part, for legitimate reasons, the processing of data, in this case Combitech Italia S.r.L. shall cease to process the data, unless they are necessary to defend a legal claim.
- Receive the data provided to Combitech Italia S.r.L. in a structured, commonly used and machine-readable format, or to request Combitech Italia S.r.L. to transfer those data to another controller when technically possible.
- Withdraw the consent given, if relevant, for the purposes outlined in point 2 above, without this affecting the lawfulness of the processing based on consent given before its withdrawal.
4.2 The above rights of access, rectification, cancellation, restriction, opposition and portability of data may be exercised directly by the data subject or by his/her legal or voluntary representative, by means of a request sent by registered letter with return receipt to Combitech Italia S.r.L. Via Achille Grandi, 9 Zona Industriale - 20020 Arconate (MI) - Italia, VAT no / TAX Code IT12913100157, Phone number (+39) 0331 46.26.87, which you can also contact at the email address email@example.com , or to firstname.lastname@example.org.
The data subject has the right to lodge a complaint with a Supervisory Authority.
5 - UPDATING OF THE POLICY
It should be noted that this policy may be reviewed periodically, also as required by applicable laws or regulations. Any significant changes will be notified by posting a prominent notice on the homepage of the www.combitechctalia.com website. In any case, the data subject should periodically check this policy for any updates.