-
PRIVACY
PRIVACY POLICY
PRIVACY POLICY FOR CUSTOMERS AND SUPPLIERS
The following policy is provided to all our customers and suppliers in pursuance of art. 13 of the European General Data Protection Regulation 2016/679 (GDPR).
1 – DATA CONTROLLER
The data controller, according to art. 4 and 24 of the regulation, is Bicelli S.r.l., with registered office in Carpenedolo (BS), via G.B. Meli 112, mail: info@bicelli.it.
2 – SCOPE AND LEGAL FOUNDATIONS OF PROCESSING
The personaI data will be collected for the following purposes:
- a) pre-contract fulfillment, like offers issuing; managing and execution of the contract for the supply of products and services deriving from it.
The legal foundation for the above mentioned scope is art. 6, paragraph 1, letter b) of the GDPR (quote: “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”).
- b) fulfillment of specific law obligations regarding the parties relationship management (for pay, accounting or fiscal reasons).
The legal foundation for the above mentioned scope is art. 6, paragraph 1, letter c), of the GDPR (quote: “processing is necessary for compliance with a legal obligation to which the controller is subject”).
- c) exercising the rights of the Owner, for example for legal defense rights.
The legal foundation for the above mentioned scope is art. 6, paragraph 1, lett. f) of the GDPR, legitimate interest.
Furthermore, Bicelli S.r.l. will process the data for the further following purposes:
- d) SOFT SPAM: to send marketing E-Mail communications regarding products and services like the ones subject of the contract, considering the right of the addressee to withdraw the consent (opt-out).
The legal foundation for the above mentioned scope is art. 6, paragraph 1, lett. f) of the GDPR, legitimate interest.
3 – PROCESSING METHODS AND DATA RETENTION PERIOD
The data processing will be automatic and manual, with methods guaranteeing safety and confidentiality of the data, and performed by authorised subjects.
The data will be stored in such a way to allow their identification for an amount of time no longer than the one needed to fulfill the scope for which they have been collected. Personal administrative data will be stored, but not further processed, as long as the relevant civil and fiscal regulations establish. For soft spam purposes as in point d), the data will be stored for the duration of the contract and in any case no longer than 24 months after the last contract.
4 – TYPE OF DATA PROCESSING
The processing of personal data is necessary for the fulfillment of the actions described in paragraphs a) b) c) of this policy. The refusal to give mandatory details results in the impossibility to fulfill the business contract. For soft spam purposes, d) paragraph, the addressee has the right to object to the data processing at any time. This objection, even though subsequent to the E-Mail communications, in any case will not compromise the contract.
5 – ADDRESSEE OR ADDRESSEE CATEGORY OF THE DATA
The personal data will be disclosed to addressees, who will keep the data as responsible (art. 28 of the UE Regulation 2016/679) and/or as authorised subjects who act under the responsibility of the Owner or Controller of the data (art. 29 of the UE Regulation 2016/679) for the above mentioned purposes. More precisely, the data will be disclosed to: suppliers of services like legal, accounting and administrative consulting and support; IT consultants and communication providers (including E-Mails); service and consulting companies for marketing communications; banks; authorities in charge for legal obligations and/or public regulations, upon request.
These subjects act like responsible of the data processing, or act autonomously as owner of the data processing. The list of the subjects responsible for this is updated and available at the company headquarter.
6 – DATA TRANSFER TO OTHER COUNTRIES OR ORGANISATIONS
The data provided will not be transferred to other countries out of the European Community nor to international organisations.
7 – RIGHTS OF DATA SUBJECTS
In pursuance of art. 15 and following ones of the GDPR, the involved party has the right to ask to the Owner of the data processing the following actions: access to thier personal data; modification or cancellation or limitation of the processing of the data relating to them; objection to the processing; portability of the data as in art. 20 cit.; if the data processing is based on art. 6, paragraph 1, letter a), or art. 9, paragraph 2, letter a), cit. the objection to data processing is possible at any time without compormising the legitimacy of the processing based on the consent previously given.
Except any other adiministrative or giurisdictional complaint, the party whose data processing can be considered as violating the GDPR, has the right to claim this to the control authority of the country where they live, work or where the violation has taken place (art. 77 Reg.). The Italian control authority is the public representative for data protection (www.garanteprivacy.it)
To excercise the above mentioned rights, the party can address to the Owner given on the above mentioned contact details.
Carpenedolo, 15/07/2020