PRIVACY POLICY
The user’s personal data are processed by OLEIFICIO TOSCANO MORETTINI S.R.L, which is the data controller, in compliance with the personal data protection principles established by the GDPR 2016/679 Regulation.
DATA PROCESSING PURPOSES AND METHODS
1. Please note that the data will be processed with the support of the following means:
- Mixed – electronic and printed (including portable devices)
for the following purposes:
- fulfilment of legal obligations related to commercial relationships
- fulfilment of tax or accounting obligations
- accounting or treasury management
- cash data management
- supplier management (contracts, orders, arrivals, invoices)
- customer management (contracts, orders, shipments, and invoices)
- employment relationship management
- internal network management
- server management
- internet website management
- electronic payment instruments (credit and debit cards electronic money)
- sending newsletters (via MailChimp)
- sending commercial or promotional material
LEGAL BASIS OF THE PROCESSING
2. The provision of data is mandatory for all that is required by legal and contractual obligations; therefore, the refusal to provide them in whole or in part may give rise to the inability to provide the services requested and contractually signed.
The processing of personal data, which are collected by the Data Controller, will be carried out in compliance with the lawfulness, correctness, and transparency of the processing cycle in favour of the data subject.
The legal basis of the processing cycle will therefore be the legal obligation deriving from the reference legislation that governs existing relationships.
The legitimate interest constitutes the legal basis for data processing, pursuant to Article 6, paragraph 1, letter f), of the Data Controller, in pursuit of all the purposes indicated therein, which the law allows for the activity that is carried out by the same, without asking for further legitimate guarantees for the processing cycle.
Lastly, explicit or behavioural consent, pursuant to Article 6, paragraph 1, letter a), constitutes the legal basis of the processing cycle, where it is required by law and explicitly communicated by the Data Controller, as in the context of communication and marketing activities for which it is necessary to send promotional messages and/or insert the data subject in automatic correspondence circuits (e.g. Newsletter) and/or if necessary, as indicated among the purposes of the Data Controller, the promotion of products through photos, images and videos.
Data on health or ethnic origin, pursuant to Article 9 GDPR, will not be processed solely for the purposes related to the service and for this, the legal basis is constituted by legal obligations and contractual interests. If the Data Controller needs to process such data for other purposes, they will see to receiving the explicit consent from the data subjects.”
CONSEQUENCES OF FAILURE TO COMMUNICATE PERSONAL DATA
3. The provision of data is mandatory for all that is required by legal and contractual obligations; therefore, the refusal to provide them in whole or in part may give rise to the inability to provide the services requested.
CATEGORIES OF RECIPIENTS
4. Without prejudice to communication made to fulfil legal and contractual obligations, all data collected and processed may be solely communicated to the following categories of data subjects for the purposes specified above:
Economic public bodies, public administrations, Consultants, and freelancers also in associated form, Appointed external managers, Supervisory and control authorities, Banks and credit institutions, Law firms, Insurance companies, and HPPS.
RETENTION PERIOD
5. The data will be processed for as long as is necessary to carry out the existing business relationship and for the ten years following the date of their acquisition. The data of those who do not purchase or use products/services, despite having had previous contact with representatives of the company, will be immediately deleted or processed anonymously, if their storage is not otherwise justified, unless the informed consent of the data subjects relating to a subsequent commercial promotion or market research activity has been validly acquired.
OTHER DATA RECIPIENTS
6. The personal data communicated through the website and the signing of the form for sending promotional material are accessible to a service provider appointed as an external data processor, STUDIO ASTRA DI CROCIANI PAOLO.
The data communicated by signing the online form for sending newsletters are also stored on the MailChimp server.
Other data recipients are those required by law.
SECURITY MEASURES
7. The Data Controller declares to have adopted appropriate technical and organisational measures to fulfil the obligations in compliance with the GDPR.
In particular, the Data Controller declares to have launched internal procedures to safeguard data security through encryption, backup, and disaster recovery means and measures to protect their network through firewalls and antivirus software.
RIGHTS OF THE DATA SUBJECT
8. Pursuant to European Regulation 679/2016 (GDPR) and national legislation, the data subject may exercise the following rights, according to and within the limits established by current legislation:
- request confirmation of the existence of personal data concerning them (right of access), having the right to a copy of them;
- request the update, correction, integration, and deletion of personal data, including those no longer necessary for the purposes for which they were collected;
- limit and/or oppose the processing of data concerning them;
- unconditional right to withdraw consent, when the processing cycle is based on consent, with the warning that in the event of withdrawal, the processing cycle remains lawful until the date of withdrawal;
- data portability;
- to lodge a complaint with the Supervisory Authority.
The Data Controller of your personal data is:
OLEIFICIO TOSCANO MORETTINI S.R.L.
Via XXV Aprile n.121 52048 Monte San Savino (AR) Tel. +39 0575/810040 Pec.morettini@pec.it