Privacy Policy pursuant to article 13
of (EU) Regulation No. 2016/679 (hereinafter “GDPR”).

Regulation (EU) 2016/679 protects the confidentiality of personal data and the freedom and rights of the data subjects. It therefore imposes a number of obligations on those who “process” the personal data of other parties. Among the most important obligations laid down by the law is to inform the data subjects concerned and acquire, when prescribed, their consent to having their data processed, especially when processing concerns data which must be communicated to other parties.

In the light of the above, we hereby inform you that, pursuant to article 13 of the aforementioned GDPR, the undersigned company acquires and processes data concerning your company without your having expressed your consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR) for purposes concerning the ordinary management of business relations, more precisely, for the production of data records, keeping customer/supplier accounts, invoicing, creditor management and for fulfilling all the obligations required by the laws in force.

In addition, your data may be processed for exclusively internal purposes relating to statistics and market research;
only after your specific and distinct consent (arts. 23 and 130 of the Privacy Code and art. 7 GDPR) for the following marketing purposes:

• for sending you by e-mail, mail and/or SMS and/or telephone contacts, newsletters, commercial communications and/or advertising material about the products or services offered by the Data Controller and for measuring the degree of satisfaction in the quality of the services;
• sending you by e-mail, mail and/or SMS and/or telephone contacts the commercial and/or promotional communications of third parties.

Your personal data are processed by means of the operations indicated in art. 4 of the Privacy Code and art. 4 No. 2) GDPR, precisely: collection, registration, organization, preservation, consultation, processing, modification, selection, extraction, comparison, utilization, interconnection, blocking, communication, cancellation and destruction. Your personal data are subjected to processing on hard copy and by electronic and/or automated means.

The Data Controller will process the personal data for the time required to fulfill the aforementioned purposes, in any case, for no longer than 10 years from termination of the relationship for administrative/accounting purposes and for no longer than 2 years from data collection for Marketing purposes.

The personal data can be processed both manually and using IT tools, in accordance with all the precautions able to guarantee the security and confidentiality of the information.

Your data may also be communicated to third parties for exclusively technical and operational requirements strictly related to the aforementioned purposes and, in particular, to the following categories of parties:

a) bodies, professional third parties, companies or other organizations appointed by us to process data relating to the fulfillment of administration, accounting and management obligations concerning the ordinary performance of our business activity, also for debt recovery purposes;

b) to public authorities and administrations for purposes related to the fulfillment of legal obligations;

c) banks, financial institutions or other parties to which the aforementioned data must be transferred to enable the activity of our company in relation to our fulfillment of the contractual obligations towards you to be performed.

As an interested party, you have the rights set forth in art. 7 of the Privacy Code and art. 15 GDPR, precisely:

I. the right to obtain confirmation of the existence or otherwise of personal data concerning you, even when the data have not yet been recorded, and their communication in intelligible form;

II. the right to obtain indications: a) about the origin of the personal data; b) about the purposes and methods of processing; c) about the logic used if the data are processed with the aid of electronic means; d) about the identification details of the Data Controller, the data supervisors and the representative designated pursuant to art. 5, subsection 2 of the Privacy Code and art. 3, subsection 1, GDPR; and of the parties or categories of parties to which the personal data may be communicated or which can acquire knowledge of such data in their capacity as designated representatives in the territory of the State, processing supervisors or processors;

III. the right to have: your personal data a) updated, rectified or, when it is in your interests, integrated; the right to obtain b) cancellation, conversion into an anonymous form or blocking of data processed in breach of the law, including data which need not be retained in relation to the purposes for which they were collected or successively processed; c) certification that the operations described under the previous letters a) and b) have been brought to the notice, also as regards their content, of those to whom the data have been communicated or divulged, unless doing so would be impossible or would require the allocation of resources clearly disproportionate with respect to the right being protected;

IV. the right to object, wholly or partly: a) for legitimate reasons, to having your personal data processed, even if pertinent to the purpose for which they were collected; b) to having your personal data processed for the purpose of sending advertising material or for direct sales through the use of automated call systems without an operator, by e-mail and/or through the use of traditional marketing methods by telephone and/or paper mail.

As data subject, you are reminded that your right to object, as described in the previous point b), to direct marketing purposes using automated methods, also extends to the traditional methods and that you are entitled to exercise your right to object even only partly. Thus, as data subject, you may decide to receive solely communications by traditional means or solely automated communications or neither of the two types of communication.
Where applicable, you may also exercise the rights pursuant to arts. 16-21 GDPR (Right to rectify personal data, right to be forgotten, right to limit data processing, right to data portability, right to object) and the right to lodge a complaint with the Data Protection Authority.

How to exercise your rights

You can exercise your rights at any time by sending:

a registered letter with return receipt attached to the DATA PROTECTION AUTHORITY

an e-mail to: info@pennellificiozenit.it

The Data Controller is GALLI MARIANGELA with registered office in Via Pietro Nenni 24 Postal Code 46019 CICOGNARA di VIADANA (MN).

The updated list of processing supervisors and processors is kept at the registered office of the Data Controller.