Vers. Mod .: IS02 – Year 2019
Information on the processing of personal data.
Articles 13 and 14 EUROPEAN REGULATION N. 679/2016
Legislative Decree 196/2003 amended by Legislative Decree. 101/2018
the undersigned ORTOMEC srl, with headquarters in Via Risorgimento, 11 – 30010 Cona (VE), C.F. and P.I.V.A. 03373260276, as “Data Controller” informs you, pursuant to articles 13 and 14 of the European Regulation no. 679/2016 (hereinafter “EU Regulation”), that your data will be processed as indicated below:
1. Object of the Treatment
The Data Controller informs you that personal data, identification (for example, name, surname, company name, address, telephone, e-mail, bank and / or payment details, etc.), hereinafter referred to as “personal data” or even simply “data” relating to you, also acquired verbally, directly or through third parties, may be processed in full compliance with the EU Regulation.
By data processing we mean any operation or set of operations concerning the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, destruction of the data.
If in the contract in place with your company there is a processing of personal data that we will have to do to comply with what is indicated in the contract itself, it will be your responsibility to provide us with personal data subject to processing for which you have certainly obtained, as data controllers, a free, specific, informed and unequivocal consent from the interested parties.
Legal basis and purpose of the processing
Legal basis EU Regulation no. 679/2016, Legislative Decree n. 196/2003 amended by Legislative Decree. n. 101/2018.
The processing of your personal data, requested and / or provided even verbally, is based on the provisions of art. 6 of EU Regulation 2016/679, on your consent or on the legitimate interest of the undersigned owner in defending his rights in a possible dispute as well as in the execution of a contract of which you are a party or in the execution of pre-contractual measures (eg preparation of an offer, etc.) requested by you and has the following purposes:
A) without your express consent (Article 6 of the EU Regulation):
– to fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you;
– to fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering);
– exercise the rights of the Data Controller, for example the right to defense in court;
– for keeping the general accounts;
– for the pursuit of the legitimate interest of the data controller;
– for management purposes (invoicing, any document management, etc.);
– for credit management;
– for statistical analysis and quality control;
– for insurance management;
– for technical assistance.
In particular, your data will be processed for purposes related to the implementation of the following obligations, relating to legislative or contractual obligations:
– Technical and functional access to the site no data is kept after closing the browser;
– Advanced navigation purposes or personalized content management;
– Statistics and analysis purposes of navigation and users.
B) Only with your specific and distinct consent (Article 7 of the EU Regulation), for the following commercial and / or marketing and / or profiling purposes:
– sending via e-mail, post and / or sms and / or telephone contacts of newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller and / or detection of the degree of satisfaction with the quality of what is carried out on Your request;
– sending commercial and / or promotional communications from third parties (for example, business partners) via e-mail, post and / or sms and / or telephone contacts.
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) of the EU Regulation and precisely: the collection, registration, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction,
the block. The processing of data will be based on principles of correctness, lawfulness and transparency and can be carried out by manual, computerized and telematic means, on paper and / or digital media. The treatment will be carried out in such a way as to guarantee the security and confidentiality of the data.
Data retention times and other information.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no later than the terms of the law from the termination of the relationship for the purposes referred to in the existing relationship.
With reference to the personal data being processed for marketing purposes or processing for profiling purposes, the same will be kept in compliance with the principle of proportionality and in any case until the purposes of the processing have been pursued or until the revocation of the specific consent by the interested party.
Specifically, the Data Controller will process the data for no more than two years from the collection of the data for Marketing Purposes and one year for the data collected for profiling Purposes.
Data of possible candidates: the personal data of prospective candidates will be deleted 6 months after the conclusion of the selection process.
The personal data you provide will be treated “lawfully, according to correctness and transparency”, protecting your privacy and your rights.
It should be noted that in the absence of significant contacts for a period of ten years, or in the event of the exercise of the rights provided for by the (EU) Regulation for the interested party (e.g. right to elimination / oblivion, limitation), the personal data in a special encrypted and / or paper digital archive (protected archive) making them accessible only to the Data Controller or they will be destroyed without leaving any copy unless otherwise
provisions dictated by the law in force.
It is expected that a periodic check will be carried out annually on the data processed and on the possibility of being able to delete them if no longer necessary for the intended purposes.
Access to data (categories of recipients to whom the data can be communicated)
Your data may be made accessible for the purposes referred to in points 2.A) and 2.B) above to the subjects listed below for this purpose duly identified and instructed:
1) to shareholders, employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
Your personal data may also be disclosed to external recipients of the practices that concern you, in carrying out the activities described above, and to external parties who interact with the writer, always and exclusively for activities functional to the purposes described above; these categories are:
- Consultants (such as, for example, accountant and / or tax consultant and / or labor consultant) for aspects that may concern you and in accordance with the law;
- Companies operating in the IT sector (Data Center, Cloud Provider, companies that provide IT services including back-up and / or maintenance of equipment and software, including applications, etc.), also resident abroad, but in any case always established and / or using equipment located in the European Union, for the care of data security and confidentiality;
- Professionals and / or companies operating in the workplace safety sector;
- Consultants and law firms for any disputes;
- Public administrations for the performance of institutional functions, within the limits established by law and regulations;
- Social security and assistance bodies and certifying bodies;
Insurance companies as well as liquidators, consultants and experts appointed by them;
Public authorities and administrations for purposes related to the fulfillment of legal obligations or to subjects entitled to access it by virtue of the provisions of law, regulations, community regulations;
Banks, financial institutions or other subjects to whom the transfer of the aforementioned data is necessary for the performance of our business in relation to the fulfillment, on our part, of the contractual obligations assumed towards you.
For the sake of brevity, the detailed list of these figures is available at our office and is at your disposal.
E 7. Communication and data transfer
Without the need for express consent (Article 6 letter b) and c) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in point 2.A) above to supervisory bodies, judicial authorities , as well as to those subjects to whom the communication is mandatory by law for the accomplishment of the purposes indicated above.
These subjects will process the data in their capacity as independent data controllers.
During and after browsing, your data may be disclosed to third parties, in particular to:
– Google: Advertising Service, Advertising Target, Analytics / Measurement, Content Customization, Optimization;
– Google AdWords: Advertising Service, Advertising Target, Analytics / Measurement, Content Customization, Optimization;
– Google Analytics: Advertising target, Analytics / Measurement, Optimization.
Your information will not be disseminated.
Personal data is stored on devices located at the headquarters of the Data Controller or at the provider, within the European Union. The data you provide may be transferred to non-EU countries as we use external data processors who in the performance of their services (such as provision of the e-mail box, other types of cloud or other types of services), they can accomplish that
transfer, also through their sub-managers. To guarantee the security of these transfers, we only use subjects who offer the necessary guarantees to implement adequate technical and organizational measures so that the processing carried out complies with the provisions of EU Reg. 679/2016 (for example, by evaluating the presence of decisions of adequacy or regulating the relationship by making use of standard contractual clauses).
In any case, it is understood that the Data Controller, if necessary, will have the right to move the data even to non-EU countries. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses (the standard contractual clauses are available at the following link:
http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm) and standard checks provided by the European Commission (specifically, the conditions indicated in CHAPTER V of the EU Regulation will be respected).
Both with regard to the data present on their devices, and for any data present at the provider, the Data Controller has implemented adequate technical and organizational measures to guarantee an appropriate level of security, in full compliance with the provisions of the EU Regulation.
Browsing: your browsing data may also be transferred, limited to the aforementioned purposes, in the following states: – EU countries, – United States.
Since each browser, and often different versions of the same browser, also differ significantly from each other, if you prefer to act independently through your browser preferences, you can find detailed information on the necessary procedure in your browser guide.
Nature of the provision of data and consequences of refusing to respond
The provision of data for the purposes referred to in point 2.A) above is mandatory. In their absence, we will not be able to guarantee the Services as indicated in 2.A).
The provision of data for the purposes referred to in point 2.B) above is optional. You can therefore decide not to provide any data or subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material and / or anything else related to the Services offered by the Data Controller.
However, you will continue to be entitled to the Services referred to in point 2.A).
Some information fields on the website may be marked with the character *. The compilation of these fields is mandatory when entering your data. The consequence of not providing the information is the inability to use the service for which the information is requested.
Rights of the interested party
In your capacity as an interested party, you have the rights referred to in articles 15 to 22 of the EU Regulation listed below and precisely you have the right to:
– obtain confirmation of the existence and processing of personal data concerning him as well as their written (electronic) copy in a clear and understandable form (so-called right of access);
– obtain information about the purpose of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
– obtain the rectification of data concerning him (so-called right of rectification)
– obtain the cancellation of data concerning him (so-called right to be forgotten);
– obtain the limitations of the treatment (so-called right of limitation of treatment);
– if the data are not collected from the interested party, obtain all available information on their origin;
– obtain data portability, i.e. receive them from a data controller in a structured format, commonly used and readable by an automatic device and transmit them to another data controller without impediments (so-called right to data portability);
– oppose the processing at any time and also in the case of processing for direct marketing purposes (so-called right of opposition);
– oppose an automated decision-making process relating to natural persons, including profiling;
– withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
– propose a complaint to a supervisory authority (Guarantor for the Protection of Personal Data).
There may be conditions or limitations to the rights of the data subject. It is therefore not certain whether for example you have the right to data portability in all cases – this depends on the specific circumstances of the processing activity.
How to exercise rights
You can exercise your rights at any time by sending:
– a registered letter a.r. to the writer (see the address indicated on the letterhead);
– an e-mail to email@example.com.
What is offered by the Data Controller and the subject of the relationship with you in place does not provide for the intentional acquisition of personal information relating to minors. In the event that information on minors is unintentionally registered, the Data Controller will delete it in a timely manner, at the request of the interested party.
Personal data not obtained from the interested party
It may happen that the writer is not the Data Controller to whom you have given your personal data, but turns out to be co-data controller or external data processor and that therefore your data has reached the writer in second place due to of a contract that governs the parties. In this case it is specified that the writer will do everything possible to ensure that you have been informed and have given consent to the processing. Can ask in any
at the time of writing the origin of the acquisition of your data.
Owner and Representatives
Below we provide you with some information that you need to bring to your knowledge, not only to comply with legal obligations, but also because transparency and fairness towards our customers is a fundamental part of our business.
Holder of the treatment. The Data Controller of your personal data is ORTOMEC srl on behalf of which the Company signs Ms. Emanuela Gallo, responsible to her for the legitimate and correct use of her personal data and whom she can contact for any information or request at the following addresses: telephone +39 0426 308354, e-mail: firstname.lastname@example.org.
Appointees. The updated list of data processors is kept at the headquarters of the Data Controller.