Policy in accordance with and for the purposes of article 13 of GDPR EU 2016/679 concerning data processing

 

 

In accordance with and for the purposes of articles 13 and 14 of European Regulation 2016/679 (hereafter GDPR) containing provisions for the protection of personal data, the company F.lli Menabò, in its capacity as Data Controller hereby wishes to inform you that the data concerning you, which you provided or which were otherwise acquired, will be processed in accordance with the referenced regulations.

The personal data will be processed in a lawful, fair way which exercises a transparent approach towards the party concerned.

Personal data processing refers to any operation or set of operations conducted with or without electronic instruments for the purposes of gathering, registering, organising, storing, consulting, elaborating, altering, selecting, extracting, comparing, using, interconnecting, blocking, communicating, distributing, cancelling and destroying data, even if not recorded in a data bank.

 

- DATA CONTROLLER

The data Controller is the company F.lli Menabò (VAT no. 00176860351), in the person of the pro tempore legal representative, with head offices in Via 8 Marzo, no. 3, Cavriago (Reggio Emilia) – e-mail addresses: customercare@flli-menabo.it – PEC (certified e-mail): flli-menabo@pec.it – tel. 0522 1750280 , 0522 942840.

 

- CATEGORIES OF DATA PROCESSED:

The types of data involved in this processing are as follows:

- in the case of an individual, the Data will be of the personal identification kind (such as name, surname, telephone number, e-mail address);

- in the case of a legal entity, the Data will be as follows: name of company or owner/contact person of the company, generic e-mail of the same, or the name, surname and nominative company e-mails of any contacts and/or company representatives.

 

- PURPOSES OF PROCESSING

  1. ESTABLISHING AND FULFILLING THE SUPPLY/SERVICE CONTRACT, which, by way of example, can involve: pre-contractual activities, stipulating and executing the contract and managing disputes.

Legal basis of the processing: the processing of the data gathered is justified by the contract to supply goods or services, to which you are party (art. 6 lett. b GDPR).

Data recipients: the data gathered in connection with the indicated purpose may be communicated to professional law firms and tax advisers or employment consultants, as well as data Processors appointed in accordance with article 28 of EU Regulation 2016/679, to insurers, IT consultants and system admins.

The updated list of data processors is kept at the Controller’s premises.

The data will not be distributed to third parties.

Duration of the processing: any data gathered in respect of the aforementioned purposes will be kept until such time as the agreement should be terminated, for any reason, or - if of a longer duration - until the ordinary expiry of contractual responsibility, without prejudice to any special requirements to further store data in respect of the contractual relationship.

Failure to communicate data: The provision of data needed to pursue the purposes indicated is a contractual obligation which the party involved is required to fulfil.  Failure of the party to supply the data shall render it impossible to fulfil the contract.

 

  1. FULFILMENT OF LEGAL OBLIGATIONS, which, by way of example, include administrative and accounting requirements and fiscal obligations.

Legal basis of the processing: the processing of gathered data is justified by the fulfilment of the Controller’s legal obligations (art. 6 lett. c GDPR).

Recipients of data: the data gathered in relation to the indicated purpose may be communicated to: banking establishments, the Inland Revenue, other public bodies and/or private entities to whom the data must be communicated by law, and to professional law firms, tax advisers or employment consultants, Data Processors as per article 28 of Reg. 2016/679, to insurers, IT consultants and system administrators.

The updated list of data processors is kept at the Controller’s premises.

The data will not be distributed to third parties.

Duration of the processing:  any data gathered in respect of the aforementioned purposes will be kept for the amount of time stipulated by the laws requiring the processing, or - if of a longer duration - until the ordinary expiry of the relevant rights, without prejudice to any special requirements to further store data in respect of any legal obligations that arise.

Failure to communicate data: The provision of data is a contractual requirement to fulfil legal obligations.  Refusal to provide data for such purposes shall render it impossible to continue the relationship. 

 

  1. DIRECT MARKETING PURPOSES FOR THE SALE/ADVERTISING OF PRODUCTS OR SERVICES SIMILAR TO THOSE ALREADY PURCHASED BY THE PARTY CONCERNED (known as Soft Spam), which involves sending communications to promote the sale and/or marketing of products or services similar to those already purchased by the party concerned, known as “direct marketing”, to inform the recipient of promotions, discounts and particularly advantageous offers linked to the preferences/purchases made by the client.

Legal basis of the processing: processing of any data gathered is justified by the legitimate interest of the Data Controller. (art. 6 lett. f GDPR).

Data Recipients: Any data gathered in relation to the purpose indicated may be communicated to public bodies and service companies or other private entities involved in managing such activities, to the persons appointed or authorised by the Controller, to data processors appointed in accordance with article 28 of EU Regulation 2016/679, to IT consultants/systems administrators, to any autonomous controllers and potential co-controllers. 

The up-to-date list of Data Processors is kept at the Controller’s premises.

The data will not be distributed to third parties.

Duration of the processing: any data gathered in respect of the aforementioned purposes will be kept until such time as the agreement should be terminated, for any reason, or - if of a longer duration - until the ordinary expiry of contractual responsibility, without prejudice to any special requirements to further store data in respect of the contractual relationship.

Failure to communicate data: data provision is justified by the legitimate interest of the controller. In the event of circumstances arising as per point c) of this policy, the client may request to no longer receive the communications without any consequences by using the link  https://promo.menabocaraccessories.com/email-preference?epc_hash=OLwK4y2tlCj8CsvDiV5Pkz8LhEr8QyudCaZqcFFY2_g, or by sending a communication to the Controller using the addresses indicated below.

 

With reference to points A, B and C of this policy, it should be noted that:

Processing methods: data processing for the purposes outlined above is carried out using electronic, computerised or printed means, in accordance with the confidentiality and security rules set out in the above regulations, and by the other rules arising from them.

Transferring data abroad: Data gathered for the above purposes are not transferred to non-EU countries.  The Controller shall, however, reserve the right to use cloud-based services; in such cases, service suppliers will be picked from those offering suitable guarantees, as stipulated under article 46 of EU Regulation 2016/679.

Automated decision-making processes: any data gathered in respect of the aforementioned purposes are not subjected to automated decision-making processes (including profiling).

Rights of the party concerned: in accordance with EU Regulation 2016/679, the party concerned is entitled to:

  • access the personal data to learn more about the purposes of the processing (“reactive transparency”), the categories of personal data gathered, the recipients of data which are communicated, particularly if the recipients are in third-party countries or international organisations, and the period of data for which data is stored (art. 15);
  • obtain rectification (art. 16);
  • the right to erase personal data if they are no longer needed for the purposes for which they were gathered, and if there is no further legal requirement to preserve them (art. 17 GDPR);
  • request restriction of processing (art. 18);
  • request data portability (art. 20);
  • the right to oppose processing for reasons related to particular circumstances concerning you (art. 21 GDPR). In such cases, we will refrain from processing your data further unless it is proven that there are compelling and legitimate reasons for proceeding with the processing (e.g. to defend its rights in legal proceedings).
  • not be subjected to an automated decision-making process, including profiling (art. 22);

Lastly, the individual concerned shall be entitled to submit a complaint to the Data Protection Authority in accordance with article 13 par. 2 lett. d) of the above regulations, and in accordance with article 77 of the regulation.

 

Means of exercising rights: the individual concerned may exercise his or her rights at any time, in accordance with the provisions of article 12 of EU Regulation 2016/679, by sending:

  • a recorded delivery letter with return receipt to the head offices of the Controller: F.lli Menabò, Via 8 Marzo, no. 3, Cavriago (Reggio Emilia, Italy);
  • an e-mail to the following addresses: PEC (certified e-mail) flli-menabo@pec.it ; e-mail customercare@flli-menabo.it

 

Referral clause: for any points not covered by this Privacy Policy, reference should be made to the relevant regulations in force, in particular to Regulation 2016/679 and Legislative Decree 196/03 as amended by Legislative Decree 101/18 and subsequent amendments, along with any other relevant provisions issued.