Privacy-related information on the processing of personal data pursuant to Art. 13 and 14 of Regulation (EU) no. 679/2016 on the protection of natural persons with regard to the processing of personal data (GDPR)

Industrie Polieco – M.P.B. S.p.A., for the performance of the relationships with their users, collects data referring to you acquired through the company website, directly or through third parties, qualified as personal data by Regulation (EU) 2016/679. This legislation stipulates that those who process personal data must inform the interested party on which data are processed and the elements that qualify processing, which must always take place correctly, lawfully and transparently, protecting your confidentiality and your rights. In accordance with Regulation (EU) 2016/679 we, therefore, provide the following information:

DATA CONTROLLER

INDUSTRIE POLIECO – M.P.B. S.p.A. (HEREINAFTER REFERRED TO AS CONTROLLER) headquartered in Cazzago San Martino (Bs), via E. Mattei, n.49,

The Controller can be reached at the following addressgdpr@pec.polieco.com

The Data Protection Officer (DPO) can be reached at the following address: ambrostudioservizi@pec.it

Data Processed

In processing your personal data, the DATA CONTROLLER guarantees you the highest degree of confidentiality, the correctness and update of the data, as laid down by the regulatory framework in force on data protection. We take the security of your personal data very seriously; in order to prevent the loss, unlawful or unwarranted uses of your data and unauthorised access to them, we use and comply with specific security measures.

The Controller processes the personal data (for example, name, surname, postal address, Province and Municipality of residence, landline and/or mobile telephone number, fax, tax code, VAT number, company name, personal e-mail, banking and payment coordinates, e.g. IBAN, unique SDI code), hereinafter referred to as “data”, provided by you on the stipulation of contracts for the services offered by the Controller and/or for marketing purposes. In addition, the Controller may save cookies, as described in more detail in the Cookies Policy that you can find on our corporate website.

Purposes of processing and legal bases.

The Controller uses the data to follow up on the request for the creation of the account, the contract for the provision of the chosen Service and/or of the purchased product, to manage and fulfil the contact requests sent by the customer, to provide assistance, to fulfil legal and regulatory obligations with which the Controller must comply depending on the activity carried out. In no case does the Controller use your personal data for undisclosed purposes. Specifically, your data will be processed for the following purposes:

a) For registration to the website and for contact requests.

Your personal data are processed so that we may pursue the activities that precede and follow the registration request, manage information and contact requests, and fulfil any other obligation that derives therefrom.

The legal basis of these processing operations is the provision of the services that relate to the registration, information and contact request and/or the dispatch of information material and compliance with legal obligations.

b) For the management of the contractual relationship.

The data are processed so that we may pursue the activities that precede and follow the purchase of one of our services, manage the order, provide said service, issue the related invoices and manage the payment, and so that we may fulfil all other obligations deriving from the contract, so that we may fulfil obligations laid down by law, regulations, the EU regulatory framework or an order by the Authorities (e.g. on matters related to the prevention of money laundering) or to exercise the rights of the Controller (e.g. the right to defend themselves before the courts).

The legal basis of these processing operations is the fulfilment of obligations that relate to the contractual relationship, and compliance with legal obligations.

c) For direct marketing communication activities.

Even without express consent, the Controller may use the contact data provided by the Data Subject/Customer in order to directly market its Services, unless the Data Subject/Customer expressly objects.

The legal basis is the Controller’s legitimate interest.

Should the Controller intend to further process your data for a purpose other than the one for which they were collected, they will provide you with information on such other purpose and all additional pertinent information before such further processing.

d) For indirect marketing communication activities.

With your freely-given, express and revocable consent, the Controller may use the contact data for indirect marketing purposes (thus using the services of third parties, intermediaries of the Controller), unless you object expressly.

The legal basis is the freely-given, optional, express consent to the processing of the data you have provided before the processing itself; such consent is freely revocable at any time.

e) For communication activities by Third Parties

With your freely-given, express and revocable consent, your data may be used by the Controller to send commercial communications, enquiries and market researches by third parties that operate in the IT and telephony products and services sales sector with whom the Controller has stipulated collaboration contracts.

The legal basis is the freely-given, optional, express consent to the processing of the data you have provided before the processing itself; such consent is freely revocable at any time.

f) To send corporate newsletters

With your freely-given, express and revocable consent, the Controller may use your data to send corporate newsletters containing information on the company and on products and services; the frequency with which such newsletters are sent may be adjusted by the data subject also following subscription thereto.

g) For profiling activities

With your freely-given, informed, express, optional and revocable consent, the Controller may use the data you have disclosed in order to analyse your preferences, habits, interests and consumption choices, including the type, frequency, location of purchases, to process statistical data, create specific user profiles and adapt marketing activities to your needs for your future purchases.

Refusal to provide the data required for the performance of the requested service.

The collection and processing of the personal data under a) and b) above is necessary so that we may provide the services requested. If you do not wish to provide the personal data that are expressly identified as required, the Controller will not be able to carry out the processing linked to the management of the services requested and/of the contract, nor will they be able to fulfil the obligations deriving therefrom.

Refusal to provide the data required for marketing promotional activities and profiling.

The provision of personal data for the purposes under c), d), e) and f) above is optional; you may, at any time, exercise the right to erasure of the data, without this adversely affecting the regular provision of the contractually defined services.

Method of Processing.

We would like to inform you that your personal data will be processed in compliance with the principles of lawfulness, fairness and transparency of the processing. We guarantee you that the data processed will be adequate, pertinent and not exceeding what is necessary for the purposes of the processing (data minimisation principle).

The data will be processed in hard copy and electronic form, with tools that can guarantee the security and confidentiality of the data, in compliance with the provisions of Chapter II (Principles) and Chapter IV (Data controller and data processor) of the Regulation.

The processing may also take place with the use of automated tools that can memorise, manage or transmit the data; in any case, it will be performed in compliance with the provisions of the Regulation.

The processing of your data is performed through the operations indicated in art. 4 no. 2) of the Regulation, namely collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The Controller uses adequate safety measures to preserve the confidentiality, integrity and availability of your personal data and imposes similar safety measures to third-party suppliers and Data Processors.

Your personal data will be stored in paper-based, electronic and telematic archives located in Countries to which the GDPR applies (EU countries).

Data retention period.

Unless you explicitly express your wish for their erasure, in relation to the various purposes and objectives for which they were collected, your personal data will be retained for the time envisaged by the applicable regulatory framework, and, in any case, for a period of time that does not exceed the time needed to achieve the aforementioned purposes, and, specifically, related to the performance of the contract for a ten-year period (at the end of this period, the rights arising from the contract itself will lapse).

Data provided for marketing/commercial promotion purposes will be retained until the revocation of the consent granted and/or, in the case of subscription to the promotional communication/newsletter service, until you ask to be unsubscribed. At the end of this period, without prejudice to the anonymisation that does not allow – even indirectly or by connecting to other databases – the identification of the data subjects, the data will automatically be erased in whole or in part (pursuant to the applicable regulatory framework). In any case, should you decide to revoke consent or to object to the processing, your data will be erased within 30 days from the request.

Should you send to the Controller personal data that have not been requested or that are not needed for the provision of the service requested, they may not be considered the controller of such data and will erase them as soon as possible.

Rights of the data subject (articles 15 – 22 GDPR).

You have the right, at any time, to obtain confirmation on the existence or otherwise of personal data concerning you and to know their contents and origin, verify their exactness or request their supplementation or update or correction.

For this purpose, the Controller would like to invite you to submit your request in writing, dating and signing it, and send it by certified e-mail to the aforementioned addresses

We would like to inform you that we will reply to your requests within one month, except in particularly complex cases, when we may take a maximum of 3 months to reply. In any case, we will explain to you the reason for the wait within one month from your request.

You will be informed of the outcome in writing or in electronic format. Should you request the correction, erasure or restriction of the processing, we undertake to notify the outcome of your requests to each recipient of your data, unless this is impossible or entails a disproportionate effort.

We would like to remind you that the withdrawal of consent does not affect the lawfulness of the processing based on consent granted prior to the withdrawal.

Concerning the processing of the aforementioned data, you have the right to obtain:

  • confirmation of the existence or otherwise of your personal data, their communication in readable form and knowledge of their origin, in addition to the logic on which the processing is based;
  • deletion of your data within a suitable period, the transformation in anonymous form or blocking of data processed in violation of the law;
  • data updating, their correction, and, if interested, integration of said data;
  • certification that the operations described at points 2) and 3) have been notified to the persons to whom the data have been shared, as long as it is possible and does not entail disproportionate efforts;
  • correction or erasure of data regarding you or the limitation of processing.
  • withdrawal of consent related to voluntary processing not connected to the performance of the contract signed with the Controller;

Lastly, you have the right to object for legitimate reasons to the processing of the personal data concerning you, even if they are pertinent to the purpose of the collection, to request their portability, to exercise the right to be forgotten, and to address the ordinary Judicial Authorities or the competent Supervisory Authority for the protection of personal data for any violation you believe has been committed by the means indicated on the website of the Italian Data Protection Authority at the address www.garanteprivacy.it.

Recipients and/or possible recipients of the personal data.

Your personal data will not be disseminated and may become known, within the necessary limits and for the purposes mentioned, to shareholders, employees and/or associates of the Controller, authorised pursuant to art. 29 of the Regulation and belonging to the Group’s Companies. They may also be disclosed to third parties, in their capacity as autonomous Controllers or joint controllers, or External Data Processors, pursuant to Article 28 of the GDPR, under an appointment contract, which contains the methods of processing and the security measures that they must adopt for the management and storage of the personal data of which the Company is the Controller, such as: to parent Companies, subsidiaries and investee companies, even located abroad in the context of European Union Countries and Countries outside the EU;

  • to the Public Administration, for the performance of institutional functions, within the limits set by the law and the regulations;
  • to Companies who have been tasked with the recovery of credits;
  • to commercial information Companies;
  • to insurance Companies, for the payment of the premium that relates to the credit’s insurance policy;
  • to persons exercising the profession of Attorney-at-Law, for legal assistance in case of disputes pertaining to the performance of the contract;
  • to agents and dealers;
  • to auditing Companies, Companies that certify the financial statements, to the statutory auditors;
  • to consultancy Companies/Entities that operate for the company in the various sectors;
  • to external carriers, for the delivery of goods or correspondence;

and also, in general, to:

  • External Entities – also private – who perform Inspections of various types;
  • External Consultants who have previously received an assignment;
  • Suppliers of the company who process the data on behalf of the Controller and/or consultants who provide services to the Company.

The data may also be sent to Public Security Authorities following a request and to the Judicial Authorities in case this is necessary.

The full list of subjects to whom your personal data may be disclosed is at your disposal following a request to be made by e-mail. Your data will not be transferred to a third country or to an international organisation. Should the Controller transfer the data outside of the European Union, they undertake to ensure that such transfer is made in compliance with the provisions issued by the European Commission, in accordance with the provisions of the applicable laws.

We will only disclose your data in case of a legal or contractual obligation that is a necessary requirement for the stipulation of a contract.

WhistleBlowing.
Procedure for reporting unlawful conduct relevant for the purposes of Legislative Decree 24/2023.

Profiling.

With your consent, we may manage automated processes for profiling.

With your freely-given, informed, express, optional and revocable consent, the Controller may use your data to perform analyses aiming to establish your profile in order to adapt marketing activities to your needs.