Mod. INL – Updated 02/2022
Information notice on personal data processing
Pursuant to Art. 13 of EU REGULATION 679/2016
Dear Data Subject,
FOR ALL srl as Data Controller in accordance with Article 13 of EU Regulation 679/2016 “General Data Protection Regulation (GDPR)” (henceforth EU Regulation), laying down provisions on the processing of personal data, intends to inform you about the processing of your personal data.
The regulation stipulates that anyone who processes personal data is required to inform the data subject in relation to the data processed and the qualifying elements of the processing, which must in any case be done in a lawful, correct and transparent manner, as well as protect the confidentiality and guarantee the rights of the data subject.
It should be noted that data processing means any operation or set of operations involving the collection, recording, organization, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, and destruction of such data.
1. Data Controller
The Data Controller is FOR ALL srl, based in Via 8 Marzo, 10/12 – 37012 Bussolengo (VR), tax code and VAT no. 04297880231, reachable at the following contacts: phone +39 045 7150425, e-mail: email@example.com. (henceforth “Controller” or “Data Controller”).
2. Nature of Data Processed, Purpose and Legal Basis for Processing
Nature of data processed. In relation to the purposes of processing stated below, we inform you that only “common personal data” will be processed, such as:
- company representative details (first name, last name, denomination, email);
Purpose of processing. Your personal data will be processed for the following purposes:
- respond to your request to subscribe to our newsletter: by filling out, voluntarily, the appropriate form found in this newsletter area;
- fulfill legal obligations;
- marketing: to send you advertising material and conduct direct sales, market surveys, commercial and promotional communications;
- communication of your personal data to Companies connected or related to the Data Controller, as well as to Partner Companies of the Data Controller for their marketing purposes: to send you advertising material and conduct direct sales, market surveys, commercial and promotional communications;
For brevity, the detailed list of these Companies is available at the Data Controller’s office and is at your disposal.
Legal basis for processing. Personal data, for the purposes mentioned in 2A and 2B will be lawfully processed to fulfill pre-contractual and contractual obligations between us and the user (art.6, par.1 lett. b), to fulfill our legal obligations (art.6 par.1 lett. c).
Your personal data, for the purposes referred to in points 2C-2D of this information notice may be lawfully processed only with your consent (art. 6. par. 1 lett. a EU Regulation), specific, separate, express, documented, in advance and entirely optional.
The consent you have given may be revoked at any time, without affecting the lawfulness of the processing based on the consent given before revocation (art.7 par.3 EU Regulation).
In addition, we inform the data subject that pursuant to Article 21 of EU Regulation, the data subject has the right to object at any time to the processing of personal data concerning them carried out for the purposes of direct marketing (including profiling) and that, if the data subject objects to the processing, the personal data may no longer be processed for such purposes.
Clarification: following the principle of maximum transparency towards the Data Subject which is distinctive of our Company, we would like to inform you that should you decide to give consent to point 2C (marketing), you must be informed in advance and aware that the purposes of the processing pursued are of a specific commercial, advertising, promotional and marketing nature in a broad sense, such as:
1. send advertising and informational materials (e.g., newsletters), promotional in nature;
2. send commercial information by paper, automated, or electronic means and, in particular, by regular mail or e-mail, telephone (e.g., calls, WhatsApp messages, SMS, MMS), fax, and any other computer channel (e.g., websites, mobile apps);
3. forward invitations to informational and promotional events, exhibitions, and meetings;
4. forward communications for updates on promotional initiatives or technical news, for services, training or support, and/or quality satisfaction surveys.
3. Recipients of the data and Method of processing
The processing of your personal data will be based on the principles of fairness, lawfulness and transparency and may be carried out by paper and electronic means both by the staff of the writing Company, authorized/appointed to the processing of personal data, and by external parties called upon to carry out specific tasks, on behalf of the Data Controller, as Data Processors, pursuant to Art. 28 EU Regulation, subject to our letter of assignment imposing on them the duty of confidentiality and security of the processing of personal data, and the adoption of appropriate security measures to prevent data loss, illicit and incorrect use, and unauthorized access, in compliance with current provisions on the protection of personal data.
For brevity, the detailed list of these positions is available at the Data Controller’s office and is at your disposal.
Your personal data will not be disseminated nor transferred to third countries or international organizations; it will not be disclosed to third parties except for legal or contractual obligations.
4. Data retention period
Your personal data will be retained for a period of time not exceeding the fulfillment of the purposes for which they are processed, in accordance with the principle of retention limitation provided for in the EU Regulation and/or for as long as necessary for legal and contractual obligations or until the data subject’s withdrawal of specific consent takes place and, therefore
- with reference to the purposes stated in 2A-2B, data will be retained for a time not exceeding the achievement of the purposes for which they are processed and/or for the time strictly necessary for the fulfillment of legal and contractual obligations;
- with reference to the purposes indicated in point 2C, data processed for Marketing purposes will be retained no longer than 24 months after collection.
As a guarantee of the stated retention times, a periodic audit is to be carried out annually on the data processed and whether it can be deleted if no longer needed for the intended purposes.
5. Effects of not providing data
The personal data in items 2A-2B of this policy are necessary, without such data it would be impossible for us to proceed with registration (creation of your personal account) and to fulfill contractual and legal obligations.
On the other hand, the personal data referred to in points 2C-2D are optional. Refusing to provide them will not entail any effect and will not prejudice your request to proceed with the registration as well as to fulfill contractual and legal obligations. You may therefore decide not to provide any data or subsequently deny at any time the possibility of processing data already provided.
6. Rights of the Data Subject
As data subject, you have the rights set forth in Articles 15 to 22 of EU Regulation listed below. Namely, you have the right to:
- obtain confirmation of the existence and processing of personal data concerning you, and if so, obtain access to your data (so-called right of access);
- obtain indications about the purposes of the processing, the categories of the data concerned, the recipients or categories of recipients to whom the data have been or will be disclosed, particularly if recipients in third countries or international organizations, the expected data retention period or the criteria used to determine this period; and if data are not collected from the data subject, obtain all available information about their origin;
- obtain the rectification of data concerning you (so-called right of rectification);
- obtain the erasure of data concerning you (so-called right to be forgotten);
- obtain limitations on processing (so-called right to restrict processing);
- obtain portability of data, that is to receive them from a data controller in a structured, commonly used, machine-readable format and transmit them to another data controller without hindrance (so-called right to data portability);
- object to the processing at any time (so-called right to object). We specifically inform you, as required by Art. 21 of EU Regulation, that if personal data are processed for direct marketing purposes (including profiling), the data subject has the right to object at any time to the processing of personal data concerning them carried out for such purposes, and that if the data subject objects to the processing for direct marketing purposes, the personal data may no longer be processed for such purposes;
- be informed (with an opportunity to object) of the existence of automated decision-making regarding natural persons, including profiling;
- revoke consent at any time without affecting the lawfulness of processing based on consent given before revocation;
- file a complaint with a supervisory authority (Data Protection Authority).
It should be noted that there may be conditions or limitations to the data subject’s rights. It is therefore not certain that, for example, you have the right to data portability in all cases, this depends on the specific circumstances of the processing activity.
Other example: in case you decide to object to the processing of your data, the Data Controller has the right to evaluate your application, which may not be accepted if there are compelling legitimate reasons to proceed with the processing that override your interests, rights and freedoms.
7. How to exercise rights
Without any formality you may at any time exercise your rights clearly and explicitly by sending:
– a registered letter with return receipt to the undersigned
– an e-mail to the e-mail address: firstname.lastname@example.org
Or by contacting the Data Controller directly at the telephone number: +39 045 7150425.
What is offered by the Data Controller and subject of the existing relationship with you does not involve the intentional acquisition of personal information referring to minors. In the event that information about minors is unintentionally recorded, the Data Controller will delete it in a timely manner upon request or notification by the data subject.
9. D.P.O. (R.P.D.) – Appointees/Authorized personnel – Data Processors
Below we provide you with some information that is necessary to bring to your attention, not only in order to comply with legal obligations, but also because transparency and fairness towards the Interested Parties is a founding part of our activity.
D.P.O. (Data Protection Officer) – R.P.D. (Responsabile delle Protezione dei Dati). You may also contact the Data Protection Officer to obtain information and make requests about your data or to report disruptions or any problems you may encounter.
The Data Controller has appointed Mr. Nicola Ghinello as Data Protection Officer who can be contacted at the following: phone +39 348 3165267, e-mail: email@example.com.
Appointed/Authorized personnel. The updated list of those appointed/authorized to process the data is kept at the office of the Data Controller.
For brevity, the detailed list of these positions is available at our office.