STATEMENT ON TREATMENT OF PERSONAL DATA PURSUANT TO ART. 13 GDPR 679/2016
In accordance with GDPR 679/2016, we inform you – as a party concerned – about the purpose of the collection and the treatment modalities of personal data regarding your own person/company. We collect the data directly from you, and use them to ensure the best experience to our clients, in conformity with the current law.
Therefore, we are providing you below the correct information about the treatment of personal data.
1. IDENTITY AND CONTACTS OF THE DATA CONTROLLER (IF ANY: REPRESENTATIVE/INTERNAL PROCESSOR/DPO)
The Data Controller is Passione Antiqua Srl. Viale delle Terme 151 Abano Terme - 35031 - PD Tel. e Fax +39 049 860 22 88 C.F. 02484680240 e P. Iva 04920830280.
The legal representative and internal processor of data treatment and protection is Simone Tasinato.
2. PURPOSES OF THE TREATMENT
In conformity with the obligations envisaged by laws, regulations and/or Community legislations, the collected data are used to carry out the following activities:
a) acquiring pre-contractual and contractual information, and complying with the legal obligations posed by one or more contracts;
b) administrative and accounting management of clients and suppliers, that is:
- management of clients/suppliers;
- management of the contractual relationship;
- management of orders and shipments;§
- receipts and payments;
- debt collection;
c) sending of newsletter and/or advertising and promotional material and/or communications, related to products, services or events relevant to our activity.
3. LEGAL BASIS OF THE TREATMENT
The legal basis of the treatment is the fulfilment of pre-contractual and/or contractual obligations.
Regarding specifically the marketing purpose – see above art. 2 lett. c – the legal basis of the treatment is the specific consent given by the user.
4. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The collected personal data could be communicated exclusively to the following third parties:
- forensic accountant, tax consultant, legal consultant;
- debt collection agencies, only when necessary;
- public, legal, financial and other authorities, when envisaged by laws, regulations and/or Community legislations;
- companies and/or consultants for the development of web platform, in order to manage and implement online services;
- shipping companies for the delivery and collection of goods;
Regarding specifically the marketing purpose – see above art. 2 lett. c – the collected personal data could be communicated exclusively to the following third parties:
a) provider of the platform to send newsletter, that is the provider of the service to send advertising and promotional material, which is used by the holder to carry out information, promotional and advertising activities.
The collected personal data could also be communicated to the staff responsible for the treatment, who has been commissioned by the holder to manage the data themselves, with the above-mentioned purposes.
The user will have access to the identification data of the above-mentioned third parties in any moment by exercising his/her right of access, except for any restriction dictated by the law in this respect.
5. INTENTION OF THE DATA CONTROLLER OF SENDING THE PERSONAL DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION
It is not the intention of the data controller at issue to send the collected data to a third country or to an international organization.
6. DATA RETENTION PERIOD
The collected data are retained as follows:
a) Data necessary for the purpose of pre-contractual relationship: data are retained for the minimum period of time necessary to finalize the contractual relationship; anyway, for a period not exceeding one year from the collection.
b) Data necessary for the purpose of contractual relationship: data are retained for the whole duration of the contractual relationship and of the warranty obligations required by law and/or by the contract.
c) Accounting records, invoices and communications: data are retained for ten years, as established by law.
d) Data necessary for the purpose of credit recovery: data are retained up to the fulfilment of the activity at issue.
e) Data necessary for the management of any dispute: data are retained up to the settlement of the dispute itself.
f) Data necessary for marketing activities: data are retained for the duration of the current contractual relationship, or, in absence of a contractual relationship, for a year from the client’s consent for the processing of data with marketing purposes and, in case, up to the withdrawal of the consent.
If established by legal, accounting, and/or fiscal obligations, the data retention period will be longer.
Once past the retention period – described in detail above – the whole data provided by the user will be deleted.
7. RIGHTS OF THE DATA SUBJECT
The GDPR 679/2016 ensures to the data subject:
a) right of access to the collected and processed data – art. 15;
b) right to obtain the rectification of data – art. 16;
c) right to obtain the deletion of data and right to be forgotten – art. 17;
d) right to restriction of processing – art. 18;
e) right to data portability to another controller – art.20;
f) right to object to the processing – art. 21;
g) right not to be subject to automatic processing – art. 22;
h) right of withdrawal of the consent at any time, without prejudice to the lawfulness of the processing based on consent before its withdrawal – art. 7;
i) right to submit a complaint to the supervisory authority – art. 77;
j) right to appeal against the supervisory authority (art. 78) or the controller or the processor of the treatment (art. 79).
To exercise the above mentioned rights – from a) to h) – it is necessary to contact the data controller.
8. NATURE OF THE COMMUNICATION
Although it is not compulsory, the communication of the personal data by the client is necessary to carry out the above mentioned purposes. Failure to provide data will prevent the legal relationship providing the basis of the treatment.
The data subject is responsible for the timely communication to the data controller of any variations in the provided personal data.
9. AUTOMATIC DECISION-MAKING PROCESSES, INCLUDING PROFILING
The provided data will not be subject to any automatic decision-making processes, including profiling.
10. TREATMENT MODALITIES
The provided data will be treated in accordance with the GDPR 679/2016, according to the following modalities:
a) data and file access is allowed only to people in charge of processing;
b) data and personal areas are protected by taking appropriate measures and are systematically monitored;
c) data are collected by direct contact with the subject;
d) data are registered and processed with both information media and paper supports;
e) files are mainly stored with information media, but also with paper supports;
f) if requested by the client/supplier, data are verified and/or modified.
11. COMPLAINT WITH THE SUPERVISORY AUTHORITY
The subject of the data processing has the right to lodge a complaint with a supervisory authority if s/he considers that the processing violates the GDPR 679/2016.
The reference authority is the Personal Data Protection Guarantor