PRIVACY NOTICE
Ai Pursuant to art. 13 of Regulation (EU) 2016/679
(GDPR)
Whether you’re a client, a supplier, or just visiting our website, D’Orica S.r.l. SB will process your personal data as the Data Controller, in compliance with Regulation (EU) 2016/679 (GDPR).
DATA CONTROLLER
Pursuant to Article 4 of the GDPR, the Data Controller is D’Orica S.r.l. SB (TAX No.: 02060710247), with registered office in Nove (VI), via Parini 5, in the person of its pro tempore legal representative. You can contact the Data Controller via email at [email protected]
PERSONAL DATA CATEGORIES
D’Orica S.r.l. SB is the Controller of the data collected and received, even verbally, directly from you, people authorised by you, third parties, or through websites, such as:
| Data subject category and purpose of the processing | Legal basis | Type of data |
|---|---|---|
| Clients and suppliers to enter into and manage a business relationship | Article 6, paragraph 1, point b) of the GDPR (“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”) | Personal details (name, surname, address, telephone number, fax number, tax code, VAT Number, email, etc.) of the personnel; Personal data and contact details (work email, work telephone number, etc.) of the supplier’s/client’s contact persons (administrators, shareholders, employees, partners, etc.); Bank and/or postal details (IBAN code, etc.); |
| Website users who fill out the “Work with us” form. | Name, surname, contact details, and all the information included in the CV uploaded in the form. | |
| Website users who fill out the “Request information” form. | Data from the contact form | |
| Clients and suppliers to send promotional communications regarding the Controller’s products and services similar to those required by contract, without prejudice to their right to object to such communications before they’re sent. | Article 6, paragraph 1, point F of the GDPR (Legitimate interest of the Data Controller even pursuant to Article 130, paragraph 4 of the Italian Legislative Decree 196/03) | Email address |
We won’t ask you to provide, nor will we collect sensitive data or data concerning special categories referred to in Article 9 of the GDPR. If the Controller’s service involves the processing of data belonging to special categories, you will be notified beforehand and asked to provide your consent. D’Orica S.r.l. SB does not profile or monitor its clients’/suppliers’ personal data on a large scale.
MANDATORY OR OPTIONAL PROVISION OF DATA AND CONSEQUENCES OF YOUR REFUSAL TO PROVIDE THEM
The provision of data for the purposes described above is mandatory. Failure to provide such data prevents the Data Controller to execute and/or enter into a contract with the supplier/client and provide the required services.
HOW WE PROCESS YOUR DATA
Your data will be processed in paper or electronic format for the
purposes described above. In any case, they will be processed using
suitable means to ensure their security and confidentiality and meet
the obligations set forth in the GDPR.
We will process your
data according to the principles of lawfulness, fairness, relevance,
and proportionality, in compliance with the GDPR. Your data may also
be processed by other authorised people pursuant to Article 29 of
the GDPR.
These people are appointed and trained by the Data
Controller to ensure confidentiality in compliance with Article 28
of the GDPR.
WHERE WE PROCESS YOUR PERSONAL DATA
We process your data at the Data Controller’s registered office, notwithstanding the communication and transmission of such data to the people indicated in the previous and following sections.
WHO ELSE MAY RECEIVE YOUR DATA
Pursuant to Article 29 of the GDPR, your personal data may be
transferred to the designated personnel to fulfil their tasks.
Moreover, pursuant to Article 28 of the GDPR, your data may be
transferred to a data processor (or, where appropriate, to joint
data controllers). The data processor is appointed under a contract
or other legal act, and is obliged to keep your data secure and
confidential, whether you’re a client or a supplier. In any case,
data processors will process your data only to fulfil their
professional task (for example, banks, insurance companies,
suppliers of strictly necessary services – i.e., shipping and
transport companies or consultants – when this is necessary for tax,
administrative, contractual reasons and for needs protected by the
regulations in force). Your data can be shared with authorities,
bodies and/or persons for law enforcement purposes. However, they
won’t be disclosed.
You can request the updated list of
appointed data processors by sending an email to the Data
Controller.
TRANSFERRING YOUR PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
The Data Controller won’t transfer your data to non-EU countries or international organisations. Should this happen in the future, your data will be processed according to one of the methods allowed by the GDPR, such as your consent, the adoption of standard clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data or operating in countries considered safe by the European Commission.
FOR HOW LONG WE STORE YOUR PERSONAL DATA
We will store your data for the time needed to pursue these purposes
(first of all, for executing the commercial and contractual
relationship), in compliance with the principles of data
minimisation and storage limitation (Article 5 of the GDPR). Your
data will be stored to fulfil legal obligations and pursue the above
purposes in compliance with the principles of indispensability,
proportionality, and relevance.
The data controller may store
your data even after the termination of the contract to fulfil legal
and/or post-termination contractual obligations, and in case of
legal actions. Once these reasons no longer apply, your data will be
erased, destroyed, or kept anonymous. The data of the users who fill
out the contact form on our website are stored for the time required
to fulfil the request.
YOUR RIGHTS AS THE DATA SUBJECT
We process your data according to the principles of fairness and transparency. In any case, you are entitled to a set of rights under Articles 15-22 of the GDPR, in particular:
| YOUR RIGHT | DESCRIPTION | HOW TO EXERCISE IT |
|---|---|---|
| Withdrawal of consent (Article 13, paragraph 2, point A and Article 9, paragraph 2, point A) |
You have the right to withdraw your consent at any time, as
indicated in the table of purposes above. In particular, you can withdraw your consent to receiving advertising or direct marketing material or being included in market research or promotional campaigns, even if they comply with Article 130, paragraph 4 of Italian Legislative Decree 196/03. Moreover, you can withdraw your consent without prejudice to the lawfulness of the processing based on the consent given before the withdrawal. | Request sent to the data controller |
| Right to access (Article 15) | You may request a) the purpose of the processing; b) the categories of personal data processed; c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) whereby the personal data is not collected from the Data Subject, any available information regarding its source; h) the existence of automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4 and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. You have the right to request a copy of the personal data being processed. | Request sent to the data controller |
| Right to access (Article 16) | You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data. | Request sent to the data controller |
| Right to erasure (“right to be forgotten”) (Article 17) | You have the right to obtain from the controller the erasure of your personal data if a) they are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) you withdraw your consent; c) there are no overriding legitimate grounds for the processing, d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation; f) the personal data have been collected in relation to online services to children without consent. The above will not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation or the performance of a task carried out in the public interest or in the exercise of official authority or reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims. | Request sent to the data controller |
| Right to restriction of processing (Article 18) | You have the right to obtain from the controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead; c) if you need them for the establishment, exercise or defence of legal claims, and the data controller no longer needs them. | Request sent to the data controller |
| Right to data portability (Article 20) | You have the right to receive the personal data you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller, where the processing is based on consent or contract and the processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest and does not adversely affect the rights and freedoms of others. | Request sent to the data controller |
| Right to apply to the Data Protection Authority |
You can exercise the above rights by sending an email to [email protected] or a registered letter with return receipt to D’Orica S.r.l. SB, to the attention of the pro tempore legal representative, via Parini 5, Nove (VI), Italy.
PROCESSING OF ADDITIONAL DATA
If your personal data needs to be processed in ways other than those described herein, we will promptly inform you beforehand and ask for your consent if the processing falls within the cases included in the applicable regulation.
AMENDMENTS TO THIS PRIVACY NOTICE AND FUTURE ONES
This privacy notice may be subject to amendments, which will be duly communicated. Moreover, we will send you additional notices in the event this one does not fulfil the purpose.