I. GENERAL INFORMATION
The interested parties (pursuant to Article 4, paragraph 1 of the GDPR) are informed of the following general profiles, valid for all areas of processing:
II. DATA CONTROLLER
The Data Controller is the undersigned Company (in the person of the pro-tempore legal representative) who can be contacted for any request regarding privacy or to exercise the rights listed below, at the following addresses:
Name: Raben SITTAM Srl
DATA PROTECTION OFFICER
Name: Galli Data Service Srl
III. RIGHTS OF THE INTERESTED PARTIES
IV. PROCESSING OF DATA RELATED TO RELATIONS WITH CUSTOMERS AND SUPPLIERS
4.1 Subject of the treatment
The company processes personal identification data of customers / suppliers (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and their operational contacts (name, surname and data contact) acquired and used in the supply of the products / services provided
4.2 Purpose and legal basis of the processing
The data is processed for:
Failure to provide the aforementioned data will make it impossible to establish a relationship with the Owner. The aforementioned purposes represent, pursuant to Article 6, paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If it is intended to carry out treatments for different purposes (eg: marketing communications, photo / video content production, etc.), a specific consent will be requested from the interested parties.
4.3 Methods of processing and storage time
The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic processing. The Data Controller will process personal data for the time necessary to fulfill the purposes for which they were collected and related legal obligations (usually coinciding with the relationship with the interested party, without prejudice to the extension in reference to the obligations of conservation of administrative documentation of business correspondence).
5.4 Scope of the treatment
The data is processed by internal subjects duly authorized and trained pursuant to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise information on any external subjects who operate as managers or autonomous data controllers (eg consultants, technicians, banks, transporters, etc.). The data may be communicated to any subsidiary / associated companies for various reasons.
The data isnot subject to dissemination or transfer outside the EU (they may be subject to transfer outside the EU only in compliance with the conditions set out in Chapter V of the GDPR, aimed at ensuring that the level of protection of data subjects is not adversely affected "Art.45 Transfer on the basis of an adequacy decision, Art.46 Transfer subject to adequate safeguards, Art.47 Binding Corporate Rules, Art.49 Specific exemptions"). The data is not subject to automated processes that produce significant consequences for the data subject.
VI. POLICY UPDATE
It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. In the event of significant changes, appropriate evidence will be given on the home page of the site for a suitable time. However, the interested party is invited to periodically consult this policy.
Last document update: July 2021.