Cart

Cart

Privacy Policy

POLICY ON PERSONAL DATA PROCESSING
Articles 12 et seq. of Regulation (EU) 2016/679 (GDPR)

Regulation (EU) 2016/679 (‘General Data Protection Regulation’, hereinafter GDPR) provides for
the protection of natural persons with regard to the processing of personal data. Pursuant to this
regulation, the processing of personal data referring to a person, who is specifically defined as the ‘data subject’, is based on the principles of fairness, lawfulness and transparency, as well as the protection of the confidentiality and rights of such data subject.
This policy aims at informing you, in compliance with the abovementioned regulation, that as a result of the relationship(s) that you have with our company, as a Customer, we hold certain data pertaining to you, which has been obtained, including orally, directly or through third parties which carry out processing concerning you or which, in order to comply with your request, obtain and provide us with information.
Pursuant to the GDPR, since this data relates to you, it shall be qualified as ‘personal data’, and
shall therefore benefit from the protection afforded for by these provisions. In particular, pursuant to such regulation, you are the data subject who is entitled to benefit from the rights provided for the protection of your personal data.
Pursuant to Articles 12 et seq. of the GDPR, our company, as Data Controller, shall process the
personal data you provide in compliance with the regulation, with the utmost care, implementing
effective management procedures and processes in order to ensure the protection of the processing of your personal data. For this purpose, the undersigned, using material and management procedures to safeguard the data collected, undertakes to protect the information disclosed, in such a way as to prevent unauthorised access or disclosure, as well as to maintain the accuracy of the data and also to ensure its appropriate use. In accordance with this introduction, the following information is provided:

Personal data collected
The undersigned, as Data Controller, uses your personal data in order to operate its business to the best of its ability.
You may be requested to provide, even partially, the following data:

  • personal data, tax code, VAT number, corporate name, registered office, address of
    residence and domicile and contact details;
  • data relating to the contractual relationship describing the type of the contract, as well as
    information relating to its execution and necessary for the execution of such contract;
  • accounting data relating to the economic relationship, the sums due and payments, and a
    summary of the accounting status of the relationship;
  • data to enhance the relationship with our organisation and improve our collaboration and
    operational efficiency.

Storage periods of your personal data
The data collected shall be stored for the time necessary to perform the service requested and, in any event, for thirty days from the date of its complete performance. In the event that data that is not related to the administrative and accounting obligations connected with the contractual relationship is processed, such data shall be stored for the period of time necessary to achieve the purpose for which it was collected and then it shall be erased. You will be informed of the storage period of such data at the time when such data is collected by specific policies.

Mandatory or optional provision of data and consequences of refusal.
The data that is essential for the performance of the contractual relationship, as well as the data
necessary to fulfil the obligations provided for by laws, regulations, provisions (including E
provisions), or provisions of Authorities authorised to do so by law and by supervisory and control bodies, shall be mandatorily provided to the undersigned.
Data that is not essential for the performance of the contractual relationship shall be qualified as
such and shall be deemed to be additional information and its provision, if requested, is optional.
Your refusal to provide such data, however, will result in our company being less efficient in
conducting relations with third parties.

In the event that sensitive data is essential or its processing poses specific risks for performing the relationship or for the carrying out of specific services as well as legal obligations, the provision of such data shall be mandatory and since its processing is only permitted with the data subject’s prior written consent (pursuant to Articles 9 and 10 of the GDPR), you shall also consent to its processing.

Processing methods
Pursuant to and for the purposes of Article 12 et seq. of the GDPR, we would like to inform you that the personal data you disclose to us shall be recorded, processed and stored in our paper and electronic archives, in compliance with the appropriate technical and organisational measures referred to in Article 32 of the GDPR. The processing of your personal data may consist of any operation or set of operations including those indicated in Article 4(1)(2) of the GDPR.
Personal data shall be processed through the use of appropriate technical and organisational
measures to ensure a level of security and confidentiality and may be carried out, directly and/or
through delegated third parties, either manually by means of paper mediums, or with the aid of
computerised or electronic tools. The data, for the purpose of correctly managing the relationship and complying with legal obligations, may be included in the Data Controller’s own internal documentation and, if necessary, also in the accounting records and records required by law.

Activities that may be outsourced
The data you provide shall only be processed in Italy. In the event that in the execution of a
contractual relationship your data is processed in a non-EU country, your rights under EU law shall be ensured and you shall be promptly notified thereof. Intended purpose of the personal data processing The main purpose of the processing of your personal data that the undersigned company intends to carry out is to enable the aforementioned relationship to be duly established and developed as well as to ensure its proper management.
In particular, the purposes of the processing are the following:

  • administrative and accounting and in particular:
  • compliance with tax or accounting obligations;
  • customer management (customer administration; administration of contracts, reservations,
    orders, shipments and invoices; reliability and solvency control);
  • litigation management (contractual breaches; letters of summons; settlements; debt
    recovery; arbitrations; legal disputes);
  • internal control services (security, productivity, quality of services, asset integrity);
  • management of business marketing activities (market analysis and surveys);
  • promotional activities;
  • customer satisfaction surveys.

Personal data shall be processed in order to fulfil legal obligations, as well as to comply with
administrative, insurance and tax obligations provided for by the applicable law, and to fulfil
accounting and marketing purposes, or in order to duly comply with contractual and legal obligations deriving from the legal relationship with the data subject.
Furthermore, the data provided may also be used to contact you as part of market research
concerning products or services or as part of offers or marketing campaigns.
As a data subject, you may in any case freely choose not to give your consent for these purposes and also indicate the ways in which to be contacted or receive marketing information.
Your data may be disclosed by the undersigned:

  • to persons who can access data pursuant to the laws, regulations or EU law, within the
    limits established by these regulations;
  • to persons who need access to your data for purposes ancillary to the relationship between
    you and us, to the extent strictly necessary in order to perform the tasks;
  • to our collaborators and/or professionals, to the extent necessary in order for them to carry
    out their engagement with our or their company, subject to our appointment as data
    processor, which entails the duty of confidentiality and security.

In any case, your data shall not be disclosed except to professionals for the performance of acts
concerning the performance of relationships that may take place with the Data subjects to whom
such data refers to.


Disclosure
The undersigned shall not disclose your data indiscriminately, or in other words, shall not disclose it to unspecified persons, even by means of making it available or consulting it.

Trust and confidentiality
The undersigned considers the trust shown by the data subjects who consent to the processing of their personal data to be valuable and therefore undertakes not to sell, rent or lease personal
information to others.

Rights under Articles 15 et seq. of the GDPR
Pursuant to Article 15 of the GDPR, you are entitled to obtain confirmation as to the existence of
personal data concerning you, even if it is not yet recorded. The exercise of the rights is subject to ascertaining the identity of the data subject by means of the delivery of an identity document, which will not be retained by the undersigned, but only consulted in order to verify the lawfulness of the request.
You have the right to access personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom the personal data have been or will be
    disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored or, if not
    possible, the criteria used to determine that period;
  5. where the data is not collected from the data subject, any available information as to its source;
  6. the existence of automated decision-making process, including profiling, referred to in Article 22(1) and (4), and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

If the data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR. You have the right to request from the data controller the rectification or erasure, even partial, of your personal data or the restriction of the processing of personal data concerning you or to object, in whole or in part, to its processing.
To exercise these rights, you can contact our ‘Data Controller officer’ at
m.trossarello@rocchedeimanzoni.it by sending a letter to PODERE ROCCHE DEI MANZONI DI
VALENTINO S.A.S. DI MIGLIORINI RODOLFO & C., località Manzoni Soprani n. 3 – 12065 Monforte d’Alba (CN). The Data Controller officer will reply to you within 30 days from receiving your formal request.
We remind you that in the event of a breach of your personal data, you may lodge a complaint with the competent ‘Data Protection Supervisory Authority’.
Details of the Data Controller and, if appointed, of the Representative in the State and of the Data Protection Officer.
Data Controller
The Data Controller is the undersigned: PODERE ROCCHE DEI MANZONI DI VALENTINO S.A.S.
DI MIGLIORINI RODOLFO & C., località Manzoni Soprani n. 3 – 12065 Monforte d’Alba (CN); email:
rodolfo@rocchedeimanzoni.it

Data processors
External companies with which a contractual relationship has been established and which, in order to fulfil these agreements, need to receive your personal data, shall act as Data Processors.
In order to obtain the names of the Data Processors, if appointed, and to obtain the names of persons appointed as future data processors, each data subject may send a letter requested the Data Controller at the above address.
It should be noted that the Data Processors indicated above are not responsible for processing
requests to exercise the rights of data subjects under Articles 15 et seq. of the GDPR. This activity is carried out exclusively by the undersigned in its capacity as Data Controller.

Representative established in the territory of the State
Please note that, in accordance with Article 4(1)(17) of the GDPR, as there are no circumstances
provided for by the aforementioned Regulation that require such appointment, no Representative
established in the territory of the State has been appointed for the purpose of applying the provisions on the processing of personal data.

Processing without the need for the data subject’s consent
Please note that the undersigned, even without your consent, shall be entitled to process your
personal data if this is necessary in order to:

  • comply with an obligation established by law, regulation or EU law;
  • perform obligations deriving from a contract to which you are a party or to fulfil, prior to the
    conclusion of the contract, your specific requests.

Furthermore, your express consent is not required when the processing

  1. concerns data from public registers, lists, deeds or documents that can be accessed by
    anyone, without prejudice to the limits and methods established by laws, regulations or EU law for the access and publication of the data or data relating to the performance of economic activities, processed in compliance with applicable law on trade and industrial secrets;
  2. is necessary for the protection of the life or physical safety of a third party (in this case, the
    data controller is required to inform the data subject about the processing of personal data by means of the information even after such processing, but without delay). In this case, therefore, consent is expressed following the submission of the information);
  3. with the exception of disclosure, it is necessary for the purpose of carrying out the defensive investigations referred to in Italian Law no. 397 of 7 December 2000, or, in any event, to assert or defend a right in court proceedings, provided that the data is processed solely for these purposes and for the period strictly necessary to pursue them, in accordance with the applicable law on trade and industrial secrets;
  4. with the exception of disclosure, it is necessary, in the cases identified by the Data Protection Authority on the basis of the principles enshrined by law, to pursue a legitimate interest of the data controller or a third party recipient of the data, also with reference to the activity of banking groups and subsidiaries or related companies, if the fundamental rights and freedoms, dignity or a legitimate interest of the data subject are not overriding.

Right to erasure

  1. Please note that you have the right to obtain from the data controller the erasure of personal
    data concerning you without undue delay and the data controller shall have the obligation to
    erase personal data without undue delay where one of the following grounds applies:
    a. personal data is no longer necessary in relation to the purposes for which it was collected
    or otherwise processed;
    b. you have withdrawn your consent on which the processing is based according to point
    Article 6(1)(a), or Article 9(2)(a), and where there is no other legal ground for the processing;
    c. you have objected to the processing pursuant to Article 21(1), and there are no overriding
    legitimate grounds for the processing, or you object to the processing pursuant to Article
    21(2);
    d. personal data has been unlawfully processed;
    e. in order to comply with a legal obligation under EU or Member State law to which the
    data controller is subject;
    f. personal data has been collected in relation with the offer of information society services
    referred to in Article 8(1);
  2. where the data controller has made the personal data public and is obliged to erase the
    personal data, the data controller, taking account of available technology and the cost of
    implementation, shall take reasonable steps, including technical measures, to inform data
    controllers which are processing the personal data that the data subject has requested the
    erasure by such controllers of any links to, or copy or replication of, such personal data;
  3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
    a. for exercising the right to freedom of expression and information;
    b. for compliance with a legal obligation which requires processing under EU or Member
    State law to which the data controller is subject or for the performance of a task carried
    out in the public interest or in the exercise of official authority vested in the data controller;
    c. for reasons of public interest in the area of public health in accordance with Article 9(2)(h)
    and (i) as well as Article 9(3);
    d. for archiving purposes in the public interest, scientific or historical research purposes or
    statistical purposes in accordance with Article 89(1) in so far as the right referred to in
    paragraph 1 is likely to render impossible or seriously impair the achievement of the
    objectives of that processing; or
    e. for the establishment, exercise or defence of legal claims.

The Data Controller:
PODERE ROCCHE DEI MANZONI DI VALENTINO S.A.S. DI MIGLIORINI RODOLFO & C.
località Manzoni Soprani n. 3 – 12065 Monforte d’Alba (CN);
email: rodolfo@rocchedeimanzoni.it