Skip to main content

INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA

CLIENTS AND SUPPLIERS

Legor Group S.p.A., with registered office at via del Lavoro 1, 36050 Bressanvido (VI), VAT and Fiscal Code IT00844230284 (hereinafter, the “Data Controller“), in its capacity as data controller, informs you pursuant to art. 13 of Legislative Decree 30.6.2003 n. 196 (hereinafter, the “Privacy Code“) and art. 13 of EU Regulation n. 2016/679 (hereinafter, the “GDPR“) that your data will be processed in the following ways and for the following purposes:

1. Object of the Treatment

The Data Controller processes personal identification data (e.g., name, surname, telephone, email) – hereinafter referred to as “personal data” or simply “data“), which you have communicated when entering into contracts for services with the Data Controller.

2. Purpose of the treatment

Your personal data are processed without your express consent (art. 24 letters a), b), c) of the Privacy Code and art. 6 letters b), e) of the GDPR), for the following Service Purposes:

  • to conclude contracts for the Data Controller’s services;
  • to conclude contracts with the Data Controller;
  • to fulfill pre-contractual, contractual, and tax obligations arising from relationships with you;
  • to fulfill obligations required by law, regulations, community legislation, or orders of the Authority (such as anti-money laundering obligations);
  • to exercise the rights of the Data Controller, such as the right to defend in court.

We inform you that if you are already our customer, we may send you commercial communications related to services and products similar to those you have already used unless you object (art. 130 para. 4 of the Privacy Code).

3. Method of treatment

The processing of your personal data is carried out through the operations indicated in art. 4 of the Privacy Code and art. 4 no. 2) of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing.

The Data Controller will process the personal data for the time necessary to fulfill the above purposes and in any case for no more than 10 years from the termination of the relationship.

4. Access to Data

Your data may be made accessible for the purposes referred to in art. 2 to:

  • employees and collaborators of the Data Controller or of Group companies, in their capacity as persons in charge and/or system administrators;
  • third-party companies or other subjects that perform activities on behalf of the Data Controller, in their capacity as external data processors.

The updated list of data processors and persons authorized to process data is kept at the registered office of the Data Controller.

5. Data Communication

Without the need for your express consent (pursuant to art. 24 letters a), b), d) of the Privacy Code and art. 6 letters b) and c) of the GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2 to supervisory bodies, judicial authorities, as well as to those subjects to whom communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data as autonomous data controllers.

  • to public and private entities with social security, welfare, or insurance purposes, including supplementary ones, for which membership is required by law or by national, territorial, or individual collective bargaining agreements. The duration of the processing will comply with the legal requirements;
  • to subjects who can access your data by virtue of statutory provisions or secondary or community legislation; the duration of the processing will comply with the legal requirements;

6. Data Transfer

Personal data is stored on the servers of the Data Controller and the Data Processor, within the European Union. However, it is understood that the Data Controller, if necessary, has the right to move the servers outside the EU. In this case, the Data Controller already ensures that the transfer of data outside the EU will take place in accordance with applicable legal provisions, after entering into the standard contractual clauses provided by the European Commission.

7. Nature of Data Provision and Consequences of Refusal to Respond

The provision of data for the purposes referred to in art. 2 is mandatory, and without them, we cannot guarantee the requested services.

8. Rights of the Data Subject

As the data subject, you have the rights under art. 7 of the Privacy Code and art. 15 of the GDPR, specifically the rights to:

  1. obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
  2. obtain the following information:
  3. the origin of personal data;
  4. the purposes and methods of processing;
  5. the logic applied in case of processing carried out with the aid of electronic instruments;
  6. the identification details of the controller, processors, and the designated representative under art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1 of the GDPR;
  7. the subjects or categories of subjects to whom personal data may be communicated or who may become aware of them as designated representatives in the territory of the State, processors, or authorized persons;

iii. obtain:

  1. the updating, rectification, or, when you have an interest, integration of data;
  2. the erasure, transformation into anonymous form, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
  3. certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
  4. object, in whole or in part:
  5. for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection;
  6. to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, by using automated calling systems without the intervention of an operator, by email, and/or traditional marketing methods by phone and/or postal mail. It is understood that the data subject’s right to object, for direct marketing purposes by automated means, extends to traditional methods, and that in any case, the data subject’s possibility of exercising this right, even partially, remains unaffected. Therefore, the data subject can decide to receive only communications by traditional means or only automated communications or none of the two types of communication.

Where applicable, you also have the rights under Articles 16-21 of the GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the supervisory authority.

9. Exercise of Rights

You can exercise your rights at any time by sending:

  • a registered letter with acknowledgment of receipt to the address of the Data Controller;
  • an email to the address privacy@legor.com.

Any dissatisfaction or complaint can also be reported to the Data Protection Authority, Piazza di Monte Citorio n. 121, 00186 Rome, phone 06.696771. Email: garante@gpdp.it | PEC: protocollo@pec.gpdp.it | http://www.garanteprivacy.it

Bressanvido, May 25, 2018

Management