PRIVACY POLICY

Privacy notice for clients, suppliers, partners and other parties – pursuant to art. 13 of European Regulation n. 16/679 and art. 13 of Italian legislative decree D.lgs 196/2003

TCMI Officine SRL, as the Data controller, Via  C.Ragazzi 33/A 44012 Bondeno (FE) P.iva e C:F: IT0198771038, hereby intends to provide the appropriate information to natural persons who operate in the name and on behalf of clients, of suppliers, of partners and of other parties involved in contractual or pre-contractual activities (e.g. control authorities, public administration bodies) of TCMI Officine SRL, pursuant to art. 13 of Italian legislative decree n° 196 dated 30 June 2003 – “Personal Data Protection Code” and pursuant to art. 13 of GDPR 679/16 – European “General Data Protection Regulation”.

  1. The data being processed

Personal data being processed consists of personal and contact details provided or received from the interested person (Name, Surname, Business Name, Address, E-mail, Bank details, etc).

  1. Purposes of processing

The personal data are processed:

  1. If without your express consent (art. 24 Privacy Code and art. 6 GDPR) for the following service purposes:
  • Conclude contracts for the Owner’s services
  • Fulfill pre-contractual, contractual and tax obligations deriving from existing relationships with you
  • Fulfill the obligations established by law, by a regulation, by community legislation or by an order from the Authority
  • Exercise the rights of the Owner, for example the right of defense in court;
  1. In case of your specific and distinct consent (art. 23 and 130 Privacy Code and art. 7 GDPR), for the following marketing purposes:
  • Sending you via email, post and/or text message and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Owner and survey the degree of satisfaction with the quality of the services;
  • Sending you via email, post and/or text message and/or telephone contacts commercial and/or promotional communications from third parties (for example business partners, other group companies, etc.)
  1. Nature of providing data and consequences of refusing to respond

The provision of data for the purposes referred to in point 2.a is mandatory. In their absence we will not be able to guarantee the relevant services.

The data provision for the purposes referred to in point 2.b is optional. You can therefore decide to not provide any data or to subsequently deny the possibility of processing data already provided for these purposes; in this case you will not be able to receive newsletters, commercial communications and advertising material relating to the services and products offered by the Owner. You will however continue to be entitled to the services referred to in point 2.a

  1. Treatment methods

The processing of the personal data is obtained by the operations mentioned in the art. 4 Privacy Code and art. 4 no. 2) GDPR, namely: collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation and destruction some data.

Your personal data is subjected to both paper and electronic and/or automated processing.

The processing is carried out by persons in charge and collaborators within the scope of their respective functions and in accordance with the instructions received, always and only to achieve the specific purposes while scrupulously respecting the principles of confidentiality and security required by the applicable regulations.

  1. Data Access 

Your personal data may be accessible for the purposes referred to in point 2:

  • To the employees and collaborators of the Data Controller in their capacity as representatives and/or system administrators;
  • To third-party companies or other subjects (for example, credit institutions, professional firms, consultants, insurance companies, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data controllers.
  1. Data communication

Even Without a specific  consent (art. 24 Privacy Code and art. 6 GDPR) the Data Controller may communicate your data for the purposes referred to in point 2.a to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom the communication is mandatory by law for the fulfillment of the aforementioned purposes. Your information will not be shared.

  1. Data Transfer

Your personal data is not transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to transfer the data to the European Union and/or to non-EU countries. In this case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses imposed by the European Commission. 

  1. Data storage

All personal data provided will be processed in compliance with the principles of lawfulness, correctness, relevance and proportionality, only with the methods, including IT and telematics, strictly necessary to pursue the purposes described above.

In any case, personal data will be stored for a period of time not exceeding that strictly necessary to achieve the indicated purposes. Personal data which does not need to be stored for the purposes indicated will be deleted or transformed into anonymous form. It should be noted that the IT systems used to manage the information collected are configured in order to minimize the use of personal data.

  1. Rights of the interested party

In your capacity as an interested party, you have the rights referred to in the art. 7 Privacy Code and articles. 15 et seq. GDPR, and precisely the rights of:

  1. To obtain confirmation from the data controller if a personal data treatment  concerning him or her are being processed and, if so, to obtain access to the personal data and the following information: the purposes of the processing; the categories of personal data in question; the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations; when possible, the expected retention period of personal data or, if this is not possible, the criteria used to determine this period; if the data are not collected from the interested party, all available information on their origin; the existence of an automated decision-making process, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.
  2. To obtain from the data controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration
  3. To obtain from the data controller the deletion of personal data concerning him without unjustified delay, if one of the following reasons exists: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the interested party withdraws the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal basis for the processing ; c) the interested party objects to the processing pursuant to Article 21, paragraph 1, and there is no overriding legitimate reason to proceed with the processing, or objects to the processing pursuant to Article 21, paragraph 2; d) the personal data have been processed unlawfully; e) the personal data must be erased to comply with a legal obligation established by Union or Member State law to which the data controller is subject; f) the personal data were collected in relation to the offer of information society services referred to in Article 8, paragraph 1
  4. To obtain from the data controller the limitation of processing when one of the following hypotheses occurs: a) the interested party contests the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data; b) the processing is unlawful and the interested party opposes the deletion of the personal data and instead requests that their use be limited; c) although the data controller no longer needs them for the purposes of the processing, the personal data are necessary for the interested party to ascertain, exercise or defend a right in court; d) the interested party has objected to the processing pursuant to Article 21, paragraph 1, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.
  5. To receive the personal data concerning him/her provided to a data controller in a structured, commonly used and machine-readable format and transmit such data to another data controller without impediments on the part of the data controller to whom he/she provided them if: a) the processing is based on or on a contract b) the processing is carried out by automated means. In exercising their rights relating to data portability, the interested party has the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible.
  6. To object at any time, for reasons related to your particular situation, to the processing of personal data concerning you pursuant to Article 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him/her carried out for such purposes, including profiling to the extent that it is connected to such direct marketing.
  7. right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
  8. The right to lodge a complaint with a supervisory authority.
  1. Method of exercising rights

You may exercise your rights at any time by sending an email to privacy@tcmi.it

  1. Responsable of data processing

TCMI Officine SRL, Via C.Ragazzi 33/A 44012 Bondeno (FE) VAT number and C:F: IT0198771038.

The updated list of data controllers and processors in charge of data management is kept at the registered office of the Data Controller.

Ultimo Aggiornamento:31/01/2018

This post is also available in: Italian