Information on the processing of personal data of clients of and/or suppliers to Save S.p.a.

Pursuant to the sense and effect of arts. 13 and 14 of Regulation 679/2016 (EU) and the member nation legislation applicable

Latest update: 12/10/2018

1. Overview

In compliance with the provisions contained in EU Regulation 679/2016 and in the applicable national legislation (collectively referred to as “Applicable Legislation”) we provide you with the necessary information regarding the processing of personal data provided. This information is provided pursuant to the Applicable Legislation. As the Data Controller, Save S.p.a. invites you to read it carefully because it contains important information on the protection of personal data and the security measures adopted to ensure its confidentiality in full compliance with the Applicable Legislation. Save S.p.a. informs you that its processing of personal data will be based on the principles of lawfulness, correctness, transparency, limitation of purpose and storage, data minimization, accuracy, integrity and confidentiality. Personal data will therefore be processed in accordance with the legislative provisions of the Applicable Regulations and the confidentiality obligations therein.

2. Identification of the Data Controller

The Data Controller (hereinafter “Data Controller”) of the personal data collected is the Save S.p.a. Company with registered office in Chiuppano (VI), Via Enrico Fermi, 16/A (VAT no. 02111460248).

3. Type of personal data processed

The Data Controller processes personal identification data, which may consist of names, contact details and addresses, numbers and codes (contact details in general), roles and/or duties regarding owners, partners, managers, and employees of customers and suppliers.

4. Sources of personal data

Personal Data is collected directly from the Data Subject in accordance with the requirements of the law and may be supplemented with information from public databases (i.e. Chamber of Commerce, Tax Authorities records, etc.).

5. Purposes and legal basis of data processing

Your personal data will be processed:

1. 1. 1. without your express consent, for the following purposes:
      • A.1 Execution of the contract and/or pre-contractual commitments
        • managing pre-contractual relations (i.e. instructions regarding our offers or your orders, checks on solvency)
        • executing the contract (for the supply or purchase of goods and/or services, including the management of obligations regarding delivery and related logistics and shipment);
      • A.2 Managing clients and suppliers for aspects not mentioned in Point A.1 above
        • internally organizing activities required by active and passive supplies of products and/or services (i.e. credit line management);
        • managing the financial and insurance services necessary for the management of suppliers and electronic payment instruments;
        • managing production;
        • managing telephone books;
      • A.3 The pursuit of a legitimate interest of the Data Controller
        • preventing and suppressing illegal acts
        • exercising the rights of the Data Controller, such as the right to defense in court;
        • preserving and protecting corporate assets (video surveillance).
      • A.4 The fulfilment of legal obligations
        • compliance with obligations under laws, regulations, EU and/or national regulations, orders and prescriptions of the competent authorities;
        • compiling and processing tax returns and fulfilling all other obligations involved;
        • keeping accounts and fulfilling all other obligations involved;
        • statistical analysis of data in an anonymous way.

The supply of Personal Data mentioned in Point A) is obligatory for the execution of the contract or the satisfaction of your request and in any case for the fulfilment of the legal and fiscal obligations specified by the regulations in force and/or for the exercise of a right of the Data Controller specified by the regulations in force. Your failure to confer such data in regard to the purposes indicated in Point A) will render the fulfilment of any requests you make and the execution of the contract and/or the continuation of the relationship impossible.

1. 1. 2. Only with your express consent, for the following purposes:
      • the transmission of commercial communications (marketing) and newsletters via e-mail, fax, telephone and any other remote communication technology, present or future developed, for the promotion of the Company’s own goods and services or those of third parties;

The supply of data referred to in paragraph B) is optional and a refusal to provide it will not preclude response to your requests.

With particular reference to the identification data (name, surname, respective entity or company, vehicle registration number, video surveillance images) of personnel who are part of your organization, data will be processed exclusively for the purpose of ensuring compliance with the Company’s security procedures formally applied, also by virtue of the regulatory provisions in force (e.g. entry in the visitors’ register, application of legal obligations regarding safety/security in the workplace, and video surveillance footage for the protection of legitimate interests and corporate assets, etc.).

For security reasons, the Company has video surveillance equipment in operation 24 hours a day. The recording is overwritten periodically and is done with IP cameras from 1.3 mega pixel 2.8 mm fixed lens.

Personal data will be processed with respect for human rights and the fundamental freedoms of Data Subjects and the dignity of individuals, with particular reference to confidentiality, identity and the protection of personal data.

In compliance with the provisions of the law, we inform you of the purposes and methods adopted for recorded images:

• the data collected through video surveillance systems subject to processing are processed and used directly for security reasons and monitoring the integrity of the corporate structure;
• the data is processed by computerized procedures and is viewed only by the Data Controller;
• the data will not be disseminated, sold or exchanged with third parties except when required by crimes committed against the Company, in which case the images will be made available to the competent authority;
• the granting of consent in regard to the aforementioned data is not necessary because they are collected for the purpose of preserving and protecting the company’s assets and ensuring the safety of the workplace.

6. Method of processing

Data will be processed and stored exclusively for the purposes indicated above through the use of both paper and computer media, included in relevant databases and processed with instruments that guarantee the integrity, security and confidentiality of the data, in accordance with the provisions of EU Regulation 679/2016. Access will be allowed only to persons authorized to the processing of personal data. The data may also be communicated to third parties, who will be, appropriately designated as Data Processors of personal data, except when they assume the role of autonomous Data Controllers. These subjects will be involved in the fulfilments required by the existing legal relationship and specific legal obligations.

7. Conservation of data

Personal Data will be conserved for a period of time not exceeding the time required to achieve the purposes for which it has been processed with the exception of the periods of data conservation or other terms specified by law or other applicable regulatory sources. After said terms have expired, Personal Data will be deleted and/or made anonymous so that it is not possible to identify the Data Subjects even indirectly. The Personal Data provided by the Data Subject for the purpose of sending commercial communications (marketing) and newsletters will be conserved until such Subject revokes his or her consent to the pursuit of such purposes.

8. Receivers or categories of receivers

At Save S.p.a., only the subjects assigned to data processing by the Data Controller and authorized to carry out the processing operations required can become aware of the personal data provided by the Data Subject. Your personal data can be processed only by the third party companies to which Save S.p.a. has assigned specific activities and services. In any case, your personal data may be disclosed to:

1. third companies for the fulfilment of contractual and pre-contractual obligations (i.e. the communication of your data to couriers for the delivery of goods or to external companies for various processes);
2. banks and credit institutions for the management of payments;
3. insurance companies;
4. debt collection companies, factoring companies, leasing companies, insurance or credit-granting companies;
5. subjects in charge of fiscal, accounting, legal and contractual management (e.g. accountant’s offices, lawyers, etc.) for the fulfilment of fiscal, legal and similar obligations;
6. public authorities or administrations for fiscal or legal obligations in order to fulfil the obligations provided for by current regulations;
7. subjects that conduct activities of data processing, recording, and storage activities on behalf of third parties (i.e. companies that provide hardware and software) for the fulfilment of contractual obligations;
8. subjects who provide maintenance services and/or IT assistance in relation to the Company’s systems, databases and IT services.

The Data Controller has appointed as external Data Processors all the categories of third party receivers to whom it communicates personal data, except whenever they assume the role of autonomous data controllers in accordance with current legislation.

9. Transfer of data

The data collected by Save S.p.a. will not be transferred to nations outside the European Union or to international organizations.

10. Existence of an automated decision-making process (i.e. profiling) and the consequences of such processing on the liberty and rights of the Data Subject

The data collected by Save S.p.a. are not subject to profiling, i.e., the automated processing of personal data for the purpose of evaluating personal aspects concerning your person.

11. Data processing for other purposes

Whenever Save S.p.a. must process your data for purposes other than those listed in this statement, you will receive adequate information before such processing begins and, if necessary, you will be asked to give formal consent.

12. Security of data

The Company protects personal data by applying internationally recognized security levels and security procedures that protect personal data from:

• unauthorized access;
• improper use or disclosure;
• unauthorized modification;
• accidental or unlawful loss or destruction.

13. Rights of the Data Subject

The Data Controller informs you that except for the restrictions prescribed by law, as Data Subject and as per the sense and effect of art. 15 et seq. of Regulation 679/2016 (EU) you have the right to:

• obtain confirmation of the existence or otherwise of your personal data, even if not yet recorded, and that such data be made available to you in an intelligible form;
• obtain indication and, if necessary, a copy of : a) the origin and category of your personal data; b) the logic applied in case of processing performed with the aid of electronic instruments; c) the purposes and methods of processing; d) the identification details of the Data Controller and the Data Processors; e) the receivers or categories of receivers to whom such personal data may be communicated or who may become aware of them, in particular if they are receivers in third countries or international organizations; e) whenever possible, the period of data conservation or the criteria used to determine this period; f) the existence of an automated decision-making process and, if so, the logic used, the importance of this process, and the consequences foreseen for the Data Subject; g) the existence of adequate safeguards in case of transfer of data to a non-EU country or an international organization;
• obtain, without undue delay, the updating and rectification of inaccurate data or, when desired, the integration of incomplete data;
• obtain the cancellation, the transformation into anonymous form or the blocking of data: a) processed unlawfully; b) no longer necessary to the purposes for which it was collected or subsequently processed; c) in case of revocation of the consent on which the processing was based whenever no other legal basis exists, d) whenever you have objected to processing and there is no compelling legitimate reason for processing to be continued; e) whenever necessary for the fulfilment of a legal obligation; f) whenever the data regards minors. The Data Controller may refuse to delete data only in the event of: a) the exercise of the right to freedom of expression and information; b) the fulfilment of a legal obligation, the performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health; d) archiving in public interest, scientific or historical research or for statistical purposes; e) the exercise of a right in a court of law;
• obtain the limitation of processing in the event of: a) contestation of the accuracy of such personal data; b) unlawful processing by the Data Controller to prevent its deletion; c) exercise of one of your rights in court of law; d) verification of whether the legitimate reasons of the Data Controller prevail over those of the Data Subject;
• whenever processing has been performed by automatic means, receive your personal data without hindrance and in a structured, commonly utilized and readable format in order to transmit it to another Data Controller or – if technically feasible – to obtain the direct transmission from one Data Controller to another one;
• oppose the processing of your personal data in whole or in part: a) for legitimate reasons related to your particular situation; b) for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication through the use of automated calling systems without the intervention of an operator by email and/or through traditional marketing methods by phone and/or mail;
• in case of express consent by the Data Subject, the possibility for the Data Subject to revoke said consent at any time without prejudice to the lawfulness of the processing carried out up to that moment;
• to lodge a complaint with the Guarantor Authority for the Protection of Personal Data.

In the cases above, whenever necessary, the Data Controller will inform the third parties to whom your personal data have been communicated of the your possible exercise of rights, except in specific cases (such as when this proves impossible or involves a manifestly disproportionate to the protected right).

14. Method for the exercise of your right

You can exercise the rights above in any moment with the use of any of the methods below:

• sending an e-mail to the Data Controller;
• sending a certified e-mail (PEC) to the Data Controller;
• sending a registered letter with notice of receipt to the Data Controller;

The identification details of the Data Controller are provided below.

15. Data Controller

THE DATA CONTROLLER IS:
SAVE S.p.A.
Via Enrico Fermi, 16/A – 36010 Chiuppano (VI)
P. Iva 02111460248
e-mail privacy@savefumisteria.it
pec save.spa@legalmail.it
indirizzo sito www.savefumisteria.it