PRIVACY POLICY UNDER ARTICLE 13 OF EUROPEAN REGULATION 679/2016 AND CONSENT
In accordance with Article 13 of Regulation (EU) 2016/679 (hereinafter, GDPR), and in relation to the personal data provided by you that will become available to GCE S.r.l., in the person of the Legal Representative Pro tempore, based in Via Carpenino, 43 – 19121 La Spezia (SP) with VAT No. IT01318800115, when giving effect to the contract you are a party to or performing pre-contractual activities at your request, we communicate you the following:
1. Data Controller and personal data protection officer
The Data Controller is GCE S.r.l. (hereinafter also referred to as “DATA CONTROLLER” in the person of the Legal Representative Pro tempore, based in Via Carpenino, 43 – 19121 La Spezia (SP) with VAT No. IT01318800115). The Data Controller may be contacted for any privacy-related communication at the following email address:info@gcesrl.eu
2. Purposes of data processing and legal ground for the processing
The Data Controller processes the personal data of natural persons, legal entities, individual firms and/or self-employed professionals (“Data Subjects”) for the following purposes:
1. need to perform a contract which the Data Subject is a party to or perform pre-contractual activities at his or her request. This need represents the legal ground that legitimises the resultant processing. The provision of data necessary to meet such purposes represents, depending on the case, a contractual obligation or a necessary prerequisite for the conclusion of the contract, failing which the Data Controller is incapacitated from establishing the relationship or giving effect thereto;
2. need to fulfil legal obligations (e.g. obligations laid down by anti-money laundering legislation, orders issued by Supervisory Authorities, the Judiciary, etc.). This need represents the legal ground that legitimises the resultant processing. The provision of data necessary to meet such purposes represents a legal obligation, failing which the Data Controller is incapacitated from establishing relationships and might be bound to report the matter;
3. need to undertake production, transformation and sale of diamond wire for cutting stone materials, and to carry out management and technical-managerial coordination in commercial and industrial fields and consultancy activity in the aforementioned sectors. This need represents the legal ground that legitimises the resultant processing. The provision of data necessary to meet such purposes represents, depending on the case, a contractual obligation or a necessary prerequisite for the conclusion of the contract, failing which the Data Controller is incapacitated from establishing the relationship or giving effect thereto;
4. need to undertake promotion, marketing and sale of “dedicated” products and services of the Data Controller or third party companies by sending dedicated commercial communications, including in the form of newsletters, text messages, emails and phone calls; The legal ground that legitimises the resultant processing is the consent of the Data Subject, who is free to grant or decline it, and free to revoke it at any time. The provision of data necessary to meet such purposes is not compulsory and refusal to provide the same does not produce any negative consequence, save for the impossibility of receiving dedicated commercial communications.
Personal data may be processed by means of both paper and IT archives (including portable devices) and by resorting to methods strictly necessary to meet the abovementioned purposes.
3. Consequences of the failure to communicate personal data
With regard to personal data relating to the execution of points a, b, c above you are a party to, or relating to the fulfilment of a regulatory obligation (e.g. obligations associated with accounting and tax records), the failure to communicate personal data will prevent the perfecting of the contractual relationship itself and/or in any event the possibility of initiating or implementing commercial and contractual collaboration activities underway or of fulfilling contractual obligations arising from points a, b, c themselves. As regards personal data relating to the commercial and promotional activities referred to under point d), the provision of data necessary to meet such purposes is not compulsory and refusal to provide the same does not produce any negative consequence, save for the impossibility of receiving dedicated commercial communications.
4. Data storage
Your personal data, to be processed for the aforementioned purposes, will be stored for the term of the contract and, subsequently thereto, for the time in which the Data Controller is subject to storage obligations for tax or other purposes as laid down by applicable laws and regulations.
5. Communication of data
Your personal data may be communicated to:
1. consultants and accountants or lawyers performing services instrumental to the aforementioned purposes;
2. bank and insurance institutions performing services instrumental to the aforementioned purposes;
3. subjects that process data to give effect to specific legal obligations;
4. judicial or administrative authorities in fulfilment of legal obligations;
6. Profiling and disclosure of data
Your personal data is not subject to disclosure or to any fully automated decision-making process, including profiling.
7. Data subject’s rights
Rights acknowledged in your favour by the GDPR include:
- requesting from the Data Controller access to your personal data and to the information pertaining thereto; rectifying incorrect data or supplementing incomplete ones; erasure of the personal data relating to your person (upon the occurrence of one of the conditions set out in Article 17, paragraph 1 of the GDPR and in compliance with the exceptions laid down in paragraph 3 thereof); limiting the processing of your personal data (upon the occurrence of one of the circumstances indicated in Article 18, paragraph 1 of the GDPR);
- requesting and obtaining your personal data from the Data Controller – in those instances where the legal ground for the processing is either the contract or consent, and the same is carried out through automated means – in a structured and machine readable format, including in order to communicate such data to another Data Controller (so-called right to portability of the personal data);
- objecting at any time to the processing of your personal data upon the occurrence of particular situations that concern your person;
- revoking consent at any given time, solely in the scenario where the processing is based on your consent for one or more specific purposes and concerns common personal data (e.g. date and place of birth or place of residence), or particular categories of data (e.g. data that reveals your racial origin, political opinions, religious convictions, state of health or sexual life). The processing based on consent that was carried out prior to revocation thereof remains nevertheless lawful;
- lodging a complaint with a supervisory authority (Personal Data Protection Authority – – www.garanteprivacy.it).