PRIVACY NOTICE
Ai Pursuant to art. 13 of Regulation (EU) 2016/679 (GDPR)


Whether you’re a client, a supplier, or just visiting our website, D’Orica S.r.l. SB will process your personal data as the Data Controller, in compliance with Regulation (EU) 2016/679 (GDPR).

DATA CONTROLLER

Pursuant to Article 4 of the GDPR, the Data Controller is D’Orica S.r.l. SB (TAX No.: 02060710247), with registered office in Nove (VI), via Parini 5, in the person of its pro tempore legal representative. You can contact the Data Controller via email at info@dorica.com


PERSONAL DATA CATEGORIES

D’Orica S.r.l. SB is the Controller of the data collected and received, even verbally, directly from you, people authorised by you, third parties, or through websites, such as:

Data subject category and purpose of the processing Legal basis Type of data
Clients and suppliers to enter into and manage a business relationship Article 6, paragraph 1, point b) of the GDPR (“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”) Personal details (name, surname, address, telephone number, fax number, tax code, VAT Number, email, etc.) of the personnel; Personal data and contact details (work email, work telephone number, etc.) of the supplier’s/client’s contact persons (administrators, shareholders, employees, partners, etc.); Bank and/or postal details (IBAN code, etc.);
Website users who fill out the “Work with us” form. Name, surname, contact details, and all the information included in the CV uploaded in the form.
Website users who fill out the “Request information” form. Data from the contact form
Clients and suppliers to send promotional communications regarding the Controller’s products and services similar to those required by contract, without prejudice to their right to object to such communications before they’re sent. Article 6, paragraph 1, point F of the GDPR (Legitimate interest of the Data Controller even pursuant to Article 130, paragraph 4 of the Italian Legislative Decree 196/03) Email address

We won’t ask you to provide, nor will we collect sensitive data or data concerning special categories referred to in Article 9 of the GDPR. If the Controller’s service involves the processing of data belonging to special categories, you will be notified beforehand and asked to provide your consent. D’Orica S.r.l. SB does not profile or monitor its clients’/suppliers’ personal data on a large scale.

MANDATORY OR OPTIONAL PROVISION OF DATA AND CONSEQUENCES OF YOUR REFUSAL TO PROVIDE THEM

The provision of data for the purposes described above is mandatory. Failure to provide such data prevents the Data Controller to execute and/or enter into a contract with the supplier/client and provide the required services.

HOW WE PROCESS YOUR DATA

Your data will be processed in paper or electronic format for the purposes described above. In any case, they will be processed using suitable means to ensure their security and confidentiality and meet the obligations set forth in the GDPR.
We will process your data according to the principles of lawfulness, fairness, relevance, and proportionality, in compliance with the GDPR. Your data may also be processed by other authorised people pursuant to Article 29 of the GDPR.
These people are appointed and trained by the Data Controller to ensure confidentiality in compliance with Article 28 of the GDPR.

WHERE WE PROCESS YOUR PERSONAL DATA

We process your data at the Data Controller’s registered office, notwithstanding the communication and transmission of such data to the people indicated in the previous and following sections.

WHO ELSE MAY RECEIVE YOUR DATA

Pursuant to Article 29 of the GDPR, your personal data may be transferred to the designated personnel to fulfil their tasks. Moreover, pursuant to Article 28 of the GDPR, your data may be transferred to a data processor (or, where appropriate, to joint data controllers). The data processor is appointed under a contract or other legal act, and is obliged to keep your data secure and confidential, whether you’re a client or a supplier. In any case, data processors will process your data only to fulfil their professional task (for example, banks, insurance companies, suppliers of strictly necessary services – i.e., shipping and transport companies or consultants – when this is necessary for tax, administrative, contractual reasons and for needs protected by the regulations in force). Your data can be shared with authorities, bodies and/or persons for law enforcement purposes. However, they won’t be disclosed.
You can request the updated list of appointed data processors by sending an email to the Data Controller.

TRANSFERRING YOUR PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

The Data Controller won’t transfer your data to non-EU countries or international organisations. Should this happen in the future, your data will be processed according to one of the methods allowed by the GDPR, such as your consent, the adoption of standard clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data or operating in countries considered safe by the European Commission.

FOR HOW LONG WE STORE YOUR PERSONAL DATA

We will store your data for the time needed to pursue these purposes (first of all, for executing the commercial and contractual relationship), in compliance with the principles of data minimisation and storage limitation (Article 5 of the GDPR). Your data will be stored to fulfil legal obligations and pursue the above purposes in compliance with the principles of indispensability, proportionality, and relevance.
The data controller may store your data even after the termination of the contract to fulfil legal and/or post-termination contractual obligations, and in case of legal actions. Once these reasons no longer apply, your data will be erased, destroyed, or kept anonymous. The data of the users who fill out the contact form on our website are stored for the time required to fulfil the request.

YOUR RIGHTS AS THE DATA SUBJECT

We process your data according to the principles of fairness and transparency. In any case, you are entitled to a set of rights under Articles 15-22 of the GDPR, in particular:

YOUR RIGHT DESCRIPTION HOW TO EXERCISE IT
Withdrawal of consent (Article 13, paragraph 2, point A and Article 9, paragraph 2, point A) You have the right to withdraw your consent at any time, as indicated in the table of purposes above.
In particular, you can withdraw your consent to receiving advertising or direct marketing material or being included in market research or promotional campaigns, even if they comply with Article 130, paragraph 4 of Italian Legislative Decree 196/03.
Moreover, you can withdraw your consent without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.
Request sent to the data controller
Right to access (Article 15) You may request a) the purpose of the processing; b) the categories of personal data processed; c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) whereby the personal data is not collected from the Data Subject, any available information regarding its source; h) the existence of automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4 and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. You have the right to request a copy of the personal data being processed. Request sent to the data controller
Right to access (Article 16) You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data. Request sent to the data controller
Right to erasure (“right to be forgotten”) (Article 17) You have the right to obtain from the controller the erasure of your personal data if a) they are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) you withdraw your consent; c) there are no overriding legitimate grounds for the processing, d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation; f) the personal data have been collected in relation to online services to children without consent. The above will not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation or the performance of a task carried out in the public interest or in the exercise of official authority or reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims. Request sent to the data controller
Right to restriction of processing (Article 18) You have the right to obtain from the controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead; c) if you need them for the establishment, exercise or defence of legal claims, and the data controller no longer needs them. Request sent to the data controller
Right to data portability (Article 20) You have the right to receive the personal data you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller, where the processing is based on consent or contract and the processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest and does not adversely affect the rights and freedoms of others. Request sent to the data controller
Right to apply to the Data Protection Authority

You can exercise the above rights by sending an email to info@dorica.com or a registered letter with return receipt to D’Orica S.r.l. SB, to the attention of the pro tempore legal representative, via Parini 5, Nove (VI), Italy.

PROCESSING OF ADDITIONAL DATA

If your personal data needs to be processed in ways other than those described herein, we will promptly inform you beforehand and ask for your consent if the processing falls within the cases included in the applicable regulation.

AMENDMENTS TO THIS PRIVACY NOTICE AND FUTURE ONES

This privacy notice may be subject to amendments, which will be duly communicated. Moreover, we will send you additional notices in the event this one does not fulfil the purpose.