PURSUANT TO REGULATION (EU) 2016/679
ON THE PROTECTION OF PERSONAL DATA (“GDPR”)
AND REQUEST FOR CONSENT TO THE PROCESSING OF PERSONAL DATA
In compliance with the requirements set forth in Regulation (EU) 679/2016 (General Data Protection Regulation – “GDPR”), the Network of Companies Together for Tomorrow referred to in the contract no. repertoire 12672, registration number 5905 Chamber of Commerce of Pordenone – Udine (henceforth, the “Network”), has prepared this Notice to inform customers on how their personal data are processed, making them aware of their rights are and how they can be exercised.
DATA CONTROLLER AND CONTACT DATA
The Data Controllers are in the person of their pro tempore legal representatives of the following network of companies:
- “M.M. S.r.l. a socio unico” with registered office in Udine (UD), via A. Zanussi, n. 300/302, P.IVA 02984500302,
- “IMPLA S.r.l.” with registered office in Faedis (UD), via San Teodato, 53, P.IVA 02268730302
- “LAMAR UDINE S.r.l.” with registered office in Remanzacco (UD), Strada di San Martino, 28, P.IVA 02762860308
- “VETRES S.r.l.” with registered office in Povoletto (UD), via Roma, 82, P.IVA 02289300309
- “CARBON COMPOSITI S.r.l.” with registered office in Basiliano (UD), via Zanon, 14, P.IVA 00829150325
SOURCES OF PERSONAL DATA COLLECTION
The companies of the Network share only the personal data collected in the framework of the commercial and promotional activities of the Network.
The companies of the Network collect personal data directly from customers, both in its own sales offices and other venues (for example, at events or fairs) and through remote communication means (for example, through its website www.t4tcomposites.com). Personal data may be provided at the time of quote and information request, during negotiations, when contracts are signed and during their implementation, and when services are subscribed to or provided.
Personal data are processed either manually, in paper format, or through electronic, computerized, and/or automated tools, according to a logic that is strictly related to the purposes indicated. Personal data are entered in our management system and in a Customer Relationship Management (“CRM”) system.
In any case, personal data are protected by appropriate technical and organizational measures, in order to guarantee their safety and confidentiality, in compliance with current statutory regulations. The companies of the Network have implemented specific security measures to prevent data loss or destruction, unauthorized access, and processing that is either unlawful or not consistent with the purposes for which they were collected.
PURPOSES OF PROCESSING AND LEGAL BASES
The companies of the Netwok process personal data for operational management purpose. It refers to the implementation of all those activities deemed strictly functional to the fulfilment of requests, both in the pre-contractual phase and during implementation, as well as any activities connected and instrumental thereto, that are functionally linked to the Network’s operations or protect its rights, including, but not limited to: management of negotiation activities – pre-contractual phase; negotiation and stipulation of contract or order requests; provision of services; fulfilment of administrative and accounting requirements; management of payments; technical assistance and support request, including after sales; and management of complaints, if any. Furthermore, the following activities are connected and instrumental to the foregoing: verification of internal quality through audits and inspections, including those performed by third parties; fulfilment of legal, accounting, tax and administrative obligations deriving from the law, statutory provision and EU legislation; credit recovery; credit risk protection; protection of corporate assets; and, protection of the rights of companies’ of the Network in courts of law, or where most appropriate.
The aforementioned processing purposes are lawful since they are necessary for the implementation of a contract or pre-contractual measures adopted upon request, to allow the companies of the Network to meet its legal obligations and pursue its legitimate interests.
Pursuant to Whereas 47 of Regulation (EU) 679/2016 and Article 130 of the Data Protection Act, the companies of the Network propose products or services similar or complementary to those already requested to existing customers for direct marketing purposes In all other cases, the delivery of advertising, direct sales, commercial and promotional communication can occur with prior consent of the concerned party. In order to compare and possibly improve the results of communications, the Data Controller relies on systems for sending newsletters and promotional communications with reports.
Pursuant to Whereas 47 of Regulation (EU) 679/2016, the assessment of customer satisfaction on products and/or services via telephone interviews or on-line questionnaires, is also considered to be a legitimate interest of the companies of the Network, since it allows improving quality.
The provision of personal data is always voluntary. However, conferment for Primary Purposes is necessary and essential to allow the companies of the Network to fulfil requests. Therefore, failure to provide personal data may make it impossible for the companies of the Network to begin negotiations/pre-contractual activities, stipulate contracts, manage post-contract phases and/or, in any case, provide services or products.
The provision of personal data is, however, voluntary, and optional for marketing purposes. Any failure to provide personal data for the aforementioned purposes will have no consequence, if not the impossibility for the companies of the Network to carry out the above described procedure.
KNOWLEDGE OF DATA AND THEIR NOTIFICATION
Where processed in electronic format, data can be accessed from any branch of the companies of the Network.
Personal data are processed by subjects specifically authorized or designated by the Data Controller within its facility (employees and collaborators) in relation to the tasks they are asked to carry out.
Personal data may also be processed by other third parties operating on behalf of the companies of the Network by virtue of specific contractual obligations or, in any case, duly authorized or appointed as data processors. By way of example, where necessary, personal data may be processed by: IT, automated and technological service providers, including hosting and maintenance services; companies that offer maintenance, updating and development services for websites and related functionalities; quality control and/or certification bodies or related activities; auditors; communication agencies.
For the pursuit of operational management purpose, personal data may be shared with the following categories of recipients: banks and credit institutions; debt collection companies; credit insurance companies; professionals, experts, consultants, firms or consultancy firms in the administrative, insurance, accounting, tax, technical and legal fields; and, companies operating in the shipping and transport sector.
In general, however, personal data may always be disclosed to third parties, public and private, for compliance with legal requirements, as it pertains to requests from public authorities, or to exercise a right in a court of law, or in any other place.
Personal data are not disclosed and are not subject to dissemination.
TRANSFER OF DATA ABROAD
The companies of the Network mainly manage personal data in its possession within its facilities, or, in any case, within the EU.
DURATION OF PROCESSING
In accordance with statutory provisions requiring the retention of documents for accounting purposes, and the general rules relating to the standard limitation period for contractual actions, we will delete personal data relating to Primary Purposes after ten years from the moment of contract termination.
Personal data processed for Marketing Purposes will be deleted after the ten-year term, which is considered to be reasonable since such data are related to the sale of goods with low purchase frequency.
RIGHTS OF CONCERNED PARTIES
In applying the GDPR, we inform you that concerned persons may exercise the following rights at any time:
obtain confirmation of whether or not their personal data are being processed, and, if so, obtain access to such data and all information, as set forth in Art. 15 of the G.D.P.R., possibly obtaining a copy thereof, where such request does not damage the rights and freedoms of others;
obtain the correction of their inaccurate personal data without undue delay. Taking account of the processing purposes, concerned parties have the right to obtain the integration of incomplete personal data, also by providing a supplemental statement;
obtain the deletion of their inaccurate personal data without undue delay;
obtain the limitation of processing when any of the cases foreseen in Art. 18 of the GDPR apply;
data portability, namely, to receive personal data of concern provided to the companies of the Network, in structured and common-use format that is legible by automatic devices;
To exercise the aforementioned rights, the concerned parties may contact the companies of the Network at any time at the following addresses:
The request for deactivation and cancellation of the subscription to the Newsletter Service may be carried out by the concerned parties at any time by clicking, on the link at the end of the text (“Unsubscribe me”).
RIGHT TO OPPOSE
In accordance with the requirements of Art. 21, paragraph 4 of the GDPR, the companies of the Network guarantee the right to oppose. To exercise the aforementioned rights, the concerned parties may contact the companies of the Network at any time at the following addresses:
RIGHT TO LODGE COMPLAINTS
Furthermore, if Data Subjects believe that data processing carried out by the Network is illegal, they can lodge a complaint with the competent Supervisory Authority.