INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA
Lineapelle S.r.l., a single shareholder company, with registered offices in via Brisa 3, Milan, Tax Code and VAT no. 12629090155 (hereinafter, “Data Controller”), in its capacity as Data Controller, hereby informs you pursuant to Art. 13 Legislative Decree no. 196 of 30.6.2003 (hereinafter, “Data Protection Code”) and of Art. 13 EU regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following manners and for the following purposes:
1. Subject-matter of the processing
The Data Controller processes personal, identifying data (e.g. name, surname, company name, address, tax code, telephone no., e-mail address, bank account, insurance and payment data – hereinafter, “personal data” or “data”) provided by you when entering into a contract or in a pre-contractual phase with the Data Controller, or in relation to the supply of a service or of a product by the Data Controller to you and which was requested by you.
2. Purposes of the processing
Your personal data are processed:
A) without your express consent (previously Art. 24 letter a), b), c) Data Protection Code and currently Art. 6, co. 1, letter b), c) e) GDPR), for the following Service Purposes:
- when you enter into a contract with the Data Controller or to provide you with services or products requested by you;
- to comply with pre-contractual, contractual, insurance, social security and tax obligations deriving from your relationship with the Data Controller;
- to comply with obligations deriving from the law or regulations or EU regulations or an order from an Authority (e.g. anti-money laundering);
- to exercise the Data Controller’s rights, for example the right to defend oneself before the courts;
B) only with your express and specific consent (previously Arts. 23 and 130 Data Protection Code and currently Art. 7 GDPR), for the following Marketing Purposes:
- to send you, via e-mail, post and/or text message and/or telephone contact, newsletters, commercial communications and/or advertising material relating to products or services offered by the Data controller and acquiring the degree of customer satisfaction relating to the quality of the services;
Please be informed that if you already have a juridical relationship with the Data Controller, the Data Controller may send you communications to perform pre-contractual activity with a view to providing you with Data Controller’s services and products analogous to those which you have previously used, unless you dissent (previously Art. 130 c. 4 Data Protection Code and currently Art. 6, co. 1 lett. b GDPR).
3. Manner of Processing
Your personal data is processed in the manners set forth in ex art. 4 Data Protection Code, currently Art. 4, no. 2) GDPR and specifically: collection, recording, organization, storage, consultation, processing, adaptation or alteration, selection, retrieval, comparison, use, transmission, restriction, disclosure, erasure or destruction of the data. Your personal data may be processed using paper, electronic and/or automated means.
The Data Controller will process the personal data for the time necessary to comply with the purposes as set out hereinabove and, however, for no longer than ten years after the termination of the business relationship with regard to the Service Purposes and for no longer than two years from the date on which the data were collected for Marketing Purposes.
4. Access to the Data
Your Data may be made accessible for the purposes set forth in Art. 2.A) and 2.B):
- to employees and collaborators of the Data Controller or of companies in the Group that the Data controller is part of in Italy and abroad, in their capacity as appointees and/or internal data processors and/or system administrators;
- to third parties, either companies or others (by way of example, credit institutions, professional consultancy firms, agents, consultants, shippers/goods carriers, travel agencies, organizers of trade fairs and events, trade fair districts, training agencies, communications agencies, banks and insurance companies for the performance of the relative services, etc.) to which the Data controller outsources activities, in their capacities as external data processors.
5. Communication of Data
Without the need for express consent (ex art. 24 letter a), b), d) Data Protection Code, currently Art. 6 letter b) and c) GDPR), the Data Controller may communicate your data for the purposes pursuant to Art. 2.A) to Supervisory Bodies, judicial Authorities, as well as to those subjects to whom or to which communication is required by law for the aforementioned purposes. Such subjects will process your data in their capacities as autonomous data controllers.
Your data will not be disseminated.
6. Transfer of data
Your personal data are materially stored at the registered offices of the Data Controller and of the internal/external data processors, and digitally on the servers of the aforementioned, located offices in via Brisa 3, Milan, inside the European Union. It is in any event agreed that the Data Controller, if it should prove necessary, shall be entitled to move the server outside the EU. In such case, the Data Controller hereby undertakes to ensure that any transfer of data outside the EU will take place in compliance with applicable law, upon stipulation, wherever required, of standard contractual clauses as required by the European Commission.
7. Nature of the data to be provided and what happens in the event of failure to provide data
You are required to provide your personal data for the purposes pursuant to Art. 2.A). Without such data we will be unable to provide the Services as set out in Art. 2.A).
Providing your personal data for the purposes pursuant to Art. 2.B) is, instead, optional. Therefore, you may decide not to provide any data or subsequently to request us to cease processing the data you provided us with: in such case, you will not be able to receive newsletters, commercial communications and advertising material inherent to the Services offered by the Data controller. You will, however, continue to be entitled to avail of the Services pursuant to Art. 2.A).
8. Data Subject’s rights
As Data Subject you have the rights as set forth in Art. 7 Data Protection Code, currently Art. 15 GDPR and specifically the following rights:
i. to obtain confirmation of the existence or not of personal data which concern you, even if they have not yet been registered, and for such data to be provided to you in an intelligible form;
ii. to obtain indication of: a) the category and origin of the personal data; b) the purposes and manners of processing; c) the logic applied in the event of processing performed with the aid of electronic tools; d) the identity and the contact details of the Data Controller, Data Processors and the Data Controller’s designated representative pursuant to ex Art. 5, paragraph 2 Data Protection Code, currently Art. 3, paragraph 1, GDPR; e) the subjects or the categories of subjects to whom the personal data may be communicated or who may become aware of the personal data in their capacity as designated representative in the territory of the State, as Data Processor or as appointees;
iii. to obtain: a) the up-dating, rectification of the data, or, if wished, the completion of incomplete data; b) the erasure, the transformation into anonymous form or the restriction of processing of data processed in breach of the law, including data which do not need to be stored in connection with the purposes for which they were collected or subsequently processed; c) confirmation that the actions pursuant to letters a) and b) have been brought to the attention, including with regard to their content, of those to whom the data were communicated or diffused, unless this proves impossible or involves disproportionate effort with respect to the right under protection; d) the right to data portability;
iv. to revoke consent or oppose the processing of all or part of the data: a) for legitimate reasons pertaining to the processing of your personal data, or for reasons connected with the purposes for which the data were collected; b) for the purposes of sending you advertising material or for direct selling or for performing market research or commercial communications, using automated telephone calling systems that do not involve an operator, by email and/or through traditional marketing methods using the telephone and/or mail.
Where applicable, you also have rights pursuant to Arts. 16-21 GDPR (right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to make a complaint to the Data Protection Authority.
9. How to exercise your rights
You may exercise your rights at any time by sending:
- a registered letter with return receipt to Lineapelle S.r.l. single shareholder company – Settore Privacy – via Brisa 3 – 20123 Milan;
- an e-mail to the e-mail address email@example.com.
10. Data Controller, Data Processor and Appointees
The Data Controller is Lineapelle S.r.l. single shareholder company, with registered offices in via Brisa 3, Milan, Italy.
An up-to-date list of data processors and appointees entitled to process data is held at the registered offices of the Data Controller.