Informative letter to clients as per Art. 13 of EU Regulation UE 2016/679
- Regulation EU 679 dated 27 April, 2016 regarding the protection of the personal data of natural persons and the free circulation of such data (hereinafter, Regulation EU)
Steiel Elettronica S.r.l., VAT no. IT02113930289, with registered office in Ponte San Nicolò (PD), Viale Europa 24, E-mail firstname.lastname@example.org Tel. 049/8961488 informs you that your personal data will be processed in respect of the applicable EU Regulation.
The processing of data regarding legal entities falls outside the scope of application of EU Regulation 2016/679 regulating the protection of personal data. For purposes of clarity and transparency for all its clientele, Steiel Elettronica S.r.l. provides also to legal entities this Informative letter that describes the purposes and methods of all the processing of personal data of Data Subjects as defined below that Steiel Elettronica S.r.l. performs or has the capability to perform.
Steiel Elettronica S.r.l. is acting in the role of “Data Processing Controller”, or in other words, the party that processes personal data, establishing the purposes and methods for the processing of the same.
Practically speaking, the personal data of Data Subjects can be processed by subjects expressly authorized to perform certain processing operations by Steiel Elettronica S.r.l.
This Informative letter is addressed to the “Data Subject” intended as the natural person to which the personal data in question refers; in other words, all those subjects who operate in name and on behalf of the legal entity client of Steiel and whose personal data are processed by Steiel Elettronica S.r.l.
- Purposes and legal basis of data processing
Personal data is collected and processed by Steiel Elettronica S.r.l. for the purposes of:
- executing pre-contractual activities and acquiring preliminary information for purposes of contract stipulation;
- executing contractual obligations (for purposes of example: administration, accounting, contract management, invoicing/payment services);
- managing relationships between the Data Subject and Steiel Elettronica S.r.l. (for example, the management of disputes also regarding the credits derived from a contract and/or collateral actions, factoring);
- The communication or transfer for marketing and commercial promotion purposes to Steiel Elettronica S.r.l.; in which case, the previous free, specific and express consent of the Data Subject is required;
- The execution by Steiel Elettronica S.r.l. of marketing and commercial promotion activities for Steiel Elettronica S.r.l. services and products, in which case, the previous freely given express and specific consent of the Data Subject is required.
As regards the purposes specified in Letters a), b), and c), data is processed for compliance with the pre-contractual/contractual obligations and legal obligations linked to the relationship established with Steiel Elettronica S.r.l.; for such reason, consent to data processing is not necessary.
As regards the purposes specified in Letters d) and e), data is processed on the basis of freely given express and specific consent.
- Nature of conferral of personal data
The conferral of all personal data for which a contractual or legal obligation exists, including pre-contractual information, is obligatory. The refusal to consent to the processing of “obligatory” personal data could render the execution of the contract impossible. The refusal to provide the personal data that is strictly necessary for the execution of contractual relations but not obligatory does not, in principle, engender consequences apart from rendering the operations associated with such personal data or the establishment of new relationships impossible. The refusal to provide personal data regarding the execution of the activities mentioned in Point 1, Letters d) and e) of this Informative letter will merely prevent the execution of such further activities without obstructing the execution of contractual relations.
- Data processing methods and time for which data will be conserved
Personal data will be processed lawfully and correctly in compliance with the legislation applicable using instruments suited to ensuring their security and confidentiality; personal data will be prevalently processed using information technology tools for the conservation, management, and transmission of the data.
Data will be prevalently processed by the Data Processing Controller’s organization under the direction and control of the company structures provided and the personnel expressly appointed to the task.
Point 4 of this Informative Letter illustrates the other subjects who may be involved in the processing of the Data Subject’s personal data.
Personal data will be stored in a form that permits identification by the Data Subject for a period of time no longer than necessary in regard to the purposes for which such data was collected and processed.
In regard to the management of the contractual relationship, personal data will be conserved for the periods of time defined by the reference legislation and after the expiry of the contractual relationship, for the 10-year period required for data of civil nature only. As regards the data processed for purposes of marketing and commercial promotion, whenever the optional consent requested has been provided, the data collected will be conserved for the time strictly necessary for the management of the purposes indicated by adopting criteria based on respecting the legislation in force, correctness, and the maintaining of a balance between the legitimate interest of the Data Processing Controller and the rights and liberty of the Data Subject.
As a result, barring specific regulations that prescribe different data conservation times, the Data Processing Controller is required to utilize personal data for the marketing and commercial promotion purposes above for a congruent period of time for the interest shown by the Data Subject in the activities of such Controller. The latter will take every measure possible to avoid utilizing personal data for an indefinite time, proceeding at regular intervals to appropriately verify whether or not sufficient interest remains in the Data Subject to warrant the continuing processing of personal data for the marketing and commercial promotion purposes mentioned above.
- Personal data recipients
In regard to the Data Subject’s personal data, Steiel Elettronica S.r.l. is empowered to perform the communication required by law, by regulation, or Community legislation. Solely for the purposes mentioned in Point 1, Letters a), b), and c) of this Informative letter (in other words, for purposes linked to the execution of the Contract, pre-contractual measures, and the management of the relationship between the Data Subject and Steiel Elettronica S.r.l.), personal data may be communicated to Steiel Elettronica S.r.l. without necessarily requiring consent
Also the following subjects may come into contact with personal data through mere the consultation or availability of the same:
- public supervisory authorities, institutions or agencies;
- natural persons or legal entities that render specific services such as data processing, client satisfaction polling, administrative, fiscal and/or accounting consultants, and communication event and trade fair organizers;
- commercial intermediaries, banks and credit institutes, legal consultancy firms, financial intermediation companies, natural persons or legal entities assigned to credit recovery, auditing and/or certification of balanced sheets and quality systems, Steiel Elettronica S.r.l. freelance collaborators, agents and business finders insurance agents and brokers;
- natural persons and/or legal entities requesting references/data for the purposes of participating in public calls for offers or in the context of the execution of supply contracts with clients on behalf of Steiel Elettronica S.r.l.
The subjects mentioned in Points a), c), and d) operate as autonomous Data Processing Controllers.
The subjects mentioned in Point b) operate as expressly appointed Data Processing Controllers.
Only the personal data strictly necessary and pertinent to the purposes declared in this Informative letter will be transferred to the parties above.
The list of third parties will be constantly updated and can be accessible upon request submitted to Steiel Elettronica S.r.l.
As regards the purposes mentioned in Point 1, Letter d), or in other words for the purposes of communication or transfer for marketing and commercial promotion purposes, personal data may be disclosed to Steiel Elettronica S.r.l. following freely given express and specific consent.
Whenever necessary for the fulfilment of contractual obligations, personal data may be transferred to nations outside the EU or the European Economic Area as required by the adequacy decisions reached by the European Commission or on the basis of the adoption of the standard contractual clauses duly adopted or specifically binding corporate rules.
Personal data will not be disseminated to an indefinite number of subjects or rendered public domain.
- Rights of the data subject as per Art. 15, 16, 17, 18, 20 and 21 of the EU Regulation
The Data Subject has the rights to access his or her personal data specified in the respective EU Regulation Art. 15 and the rights specified in Art. 16, 17, 18, 21 of such Regulation in regard to the rectification, erasure, restriction, portability, and objection to data processing.
The Data Subject can exercise rights by writing to the address below:
Whenever Steiel Elettronica S.r.l. fails to reply to the requests submitted by the Data Subject within the times specified in the regulation or the reply regarding the exercise of rights is inappropriate, the Data Subject can petition the Privacy Guarantor for the Protection of Personal Data.
Privacy Guarantor for the Protection of Personal Data.
Piazza Venezia n. 11 – 00187 Roma
www.gpdp.it – www.garanteprivacy.it
Fax: (+39) 06.69677.3785
Telephone switchboard: (+39) 06.69677.1
- Data Protection Officer
After evaluating the degree of specialized knowledge of personal data protection legislation, Steiel Elettronica S.r.l. has appointed a Data Protection Officer responsible for monitoring the respect of personal data processing protection regulations and providing the company with the necessary consultancy in regard. Moreover, whenever necessary, the Data Protection Officer will cooperate with the Privacy Guarantor for the Protection of Personal Data.