pursuant to Article 12 et seq. of EU Regulation 679/2016
EU Regulation 2016/679 ("General Data Protection Regulation"), hereinafter the Regulation, concerns the protection of natural persons with reference to personal data concerning them and establishes that the processing of such data must be carried out in accordance with the principles of correctness, lawfulness, and transparency, with a view to greater accountability of the subjects who work on the data.
According to the Regulation, personal data refers to any information concerning an identified or identifiable natural person (qualified as a data subject) and processing refers to any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or sets of personal data, such as collecting, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, communicating by transmission, dissemination or any other form of making available, comparing or interconnecting, limiting, deleting or destroying.
Since the undersigned company, in connection with your relationship with our organization, is in possession of certain data referable to you, which has been acquired, even verbally, directly or through third parties who carry out operations concerning you and who, in order to fulfill a request of yours, have acquired and provided us with information, you are guaranteed the protections provided by the regulations in favor of the Data Subject.
SAPRA Safety srl, therefore, as Data Controller, will proceed with the operations on the data referable to you in compliance with the applicable legislation and ensuring maximum protection, also in terms of confidentiality.
We are therefore pleased to provide you with the following information (in compliance with Articles 12 et seq. of the Regulation), and undertake to protect the information communicated to us, in order to avoid unauthorized access or disclosure, as well as to maintain the accuracy of the data and also to ensure that it is appropriately used.
The Data Controller, i.e. the subject who determines the purposes and means of the processing of personal data, is: Sapra Safety srl based in Arezzo, Via Molinara 33 – VAT 02195700519 – 0575/357480 – firstname.lastname@example.org – email@example.com
Personal data collected
You may be asked, even in part, for the following data:
- personal data, tax code, VAT number, name, registered office, residence, and domicile and contact details;
- data relating to the contractual relationship describing the type of contract, as well as information related to its execution and necessary for the fulfillment of the contract;
- accounting-type data on the financial relationship, amounts due and payments, their periodic performance, and the summary of the accounting status of the relationship;
- data to make the relationship with our organization more defined and our partnership and operational efficiency more effective;
- data relating to your employees and/or collaborators, information on your profession, or on your company.
If it is necessary, for the pursuit of the purposes referred to in the following point, to have knowledge of the data referred to in Article 9 of the Regulations (e.g., those capable of revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in parties, trade unions, associations or organizations of a religious, political, philosophical or trade union nature, genetic data biometric data intended to uniquely identify a natural person, data relating to health or sexual life or sexual orientation), where collected, in accordance with the provisions of the regulations may be processed only with your written consent and for the specific purpose for which they are collected (Article 9, paragraph c), as well as in the cases referred to in points (b) to (j) of the aforementioned Article 9 of the Regulations.
Legal basis and purpose of the data processing
The personal data provided allows us, on the one hand, to carry out all executive activities relating to your contract or the relationship otherwise existing with our company, and on the other hand, to provide and propose new services and products that meet your needs. Specifically, your personal data is processed for the following purposes and legal grounds:
1) Without your prior consent for the contractual purposes and in particular for
The execution of the contract or the fulfillment of pre-contractual commitments such as providing, activating, suspending and managing products and services, providing related invoicing and sending service communications and assistance, or providing all the services that fall within the commercial offer and improving technical support, customer care, services and products including by means of aggregate statistical analysis on an anonymous basis; pursuing the legitimate interest of the Data Controller to manage complaints and disputes, recover outstanding amounts, prevent fraud and illegal activities, exercise the rights and protect the legitimate interests of the Data Controller or Third Party Data Controllers, for example the right of defense in court; sending commercial communications to the email address provided and relating to SAPRA Safety Srl services and products. Each email sent will include a link that you can click on to refuse further emails from being sent. The fulfilment of legal obligations such as complying with and fulfilling the obligations provided for by laws, regulations, community regulations, orders, and requirements of the competent authorities.
2) Only after you have given your consent, for other non-contractual purposes, namely for
Marketing purposes, i.e., to inform you via ordinary letters, telephone calls, emails and newsletters of the initiatives and offers of SAPRA Safety Srl.
The personal data collected will be recorded, processed, and stored in our archives, on paper and electronically, in compliance with the appropriate technical and organizational measures referred to in Article 32 of the Regulation. The processing of personal data will be based on the principles of correctness, lawfulness and transparency and will take place in a manner that is compatible with the purposes for which they were collected.
The processing may be carried out using paper and/or computer media that are in any case suitable to guarantee its security and confidentiality and with the use of suitable procedures that avoid the risk of loss, destruction, accidental damage, misappropriation, unauthorized access or processing, illicit use, undesirable modifications, and dissemination.
Compulsory or optional nature of data provision and consequences of any refusal to respond.
The provision of data by you is optional, although failure to provide it may, in fact, make it impossible to pursue the contractual purposes.
Communication of data to third parties.
Your data will be processed by the Data Controller, by the Data Processors, and by the persons in charge of the processing who shall be strictly authorized to do so. In any case, processing will be done using technical-organizational measures suitable to comply with privacy legislation.
In particular, your data may be disclosed to:
- companies/professional firms that provide assistance or advice to or work with the Data Controller with regard to accounting, administrative, tax, legal, tax and financial matters;
- public authorities for the performance of institutional functions within the limits established by law and regulations;
- third party service providers to whom communication is necessary for the performance of the services covered by the contract.
Your data may be communicated following inspections or audits, to supervisory bodies, judicial authorities as well as to all other subjects to whom communication is mandatory by law.
It should be noted that the role of Data Processors is held by external companies with which a contractual relationship has been established and which need to receive your personal data in order to comply with these agreements. To find out who the Data Processors are if they are appointed, and to find out who will be appointed in the future for the said function, any data subject may send a letter of request to the Data Controller at the above address. It should be noted that the Data Processors mentioned above do not deal with requests by data subjects to exercise the rights referred to in Articles 15 et seq. of the Regulation. This activity is carried out exclusively by the signatory of this contract in their capacity as Data Controller.
Intentions of the Data Controller
Within the limits strictly required for executing the contractual relationship, limits strictly necessary for the execution of the contractual relationship, your personal data may be disclosed to third parties, such as for example: suppliers of products and/or services, located both within and outside the European Union. Any transfer outside the EU (and in any case to countries recognized as enabled by the EU according to the criteria of the Regulation) is governed by special acts to require the recipient to comply with the appropriate guarantees provided by the current regulations.
Data retention period
The data collected will be kept in a form that allows the identification of the data subjects for the duration of the relationship between you and our company, as well as for 10 years from the date of termination of the relationship. If, in the context of a contractual relationship, data that is not related to the administrative and accounting obligations connected to it are processed, this data will be kept for the time necessary to achieve the purpose for which they were collected. Specific information regarding the storage times of such data will be communicated to you when such data are collected.
Rights of the data subject
a) Pursuant to Article 15 of the Regulations, you have the right to obtain confirmation as to whether or not your data is being processed and, if so, to obtain access to that data and, in particular, to the following information:
- the purposes of the processing;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data have been or will be communicated;
- the expected retention period of personal data, where possible, or the criteria used to determine that period;
- the existence of the right to request from the Data Controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- if the data are not collected from the data subject, all information available with respect to its origin;
- the existence of an automated decision-making process, including profiling.
b) You have the right to withdraw your consent at any time without prejudice to the lawfulness of the processing based on consent before the withdrawal.
c) Where applicable under Articles 16, 17, 18 and 20 of the Regulation, you have the right to erasure (Article 16) and rectification of your data (Article 17), as well as the right to limit their processing (Article 18) and to receive the aforementioned personal data in a structured, commonly used, and machine-readable format and to transmit them to another Data Controller (Article 20).
You also have the right to lodge a complaint with a Supervisory Authority.
d) You have the right to object to the processing of personal data concerning you, including profiling, at any time, pursuant to and within the limits of Article 21 of the regulation.
e) If you believe that the processing of personal data concerning you is unlawful, you have the right to lodge a complaint with a Supervisory Authority.
Methods of exercising rights
The aforementioned rights may be exercised at any time by sending:
- A registered letter to Sapra Safety srl, Via Molinara 33, 52100 Arezzo (AR)
- Certified email: firstname.lastname@example.org
- Email: email@example.com
Sale or rental of personal data
The Data Controller does not sell or rent personal data.
Existence of an automated decision-making process
There is no automated decision-making process
Changes to these terms