MODP.INF01

revision 01 of 11.05.18

Dear Client,

DAMIANO S.p.A. (hereinafter “the Data Holder”) ensures the confidentiality of personal data and guarantees its due protection from any incident exposing them to risk.

EU Regulation 679/2016 relating to the protection of physical persons regarding handling personal data, as well as to the publication of such data (hereinafter “the Regulation” or “GDPR”) lays down specifically that the data subject (i.e. the data subject to which the data refers, hereinafter also “the data subject”) must be informed, in advance or at least at the time when it releases for use the data that concern the data subject and that the release of personal data is permitted only with the express consent of the data subject except in cases provided for in law

As provided for by the Regulation, and, in particular Articles 13 and 14, hereafter follows the information required by the law regarding the handling of personal data.

 

Who we are

Identity and contact details of the Data Holder, of its representative and the person responsible for the protection of data (Art. 13, sub-article. 1, a) and b) – Art. 14, sub-article. 1a) and b) GDPR)

DAMIANO S.p.A., in the person of its present legal representative, with Head Office at c.da Zappulla, snc – 98070 Torrenova (Me), acts in the capacity of Data Holder of data handling (hereinafter “Data Holder”) and can be contacted at the following addresses:

 

DATA HOLDER
Name DAMIANO S.p.A.
Address c.da Zappulla snc, 98070 – Torrenova (Me)
E-mail info@damianorganic.eu
Certified E-Mail damianospa@legalmail.it
Telephone 0941/958007

 

The updated list of Persons responsible for handling data (if named), is available at the aforementioned office.

 

Types of data processed

Category of data handled (Art. 14, sub-article. 1, d) GDPR)

Source of personal data (Art. 14, sub-article. 2 f) GDPR)

 

The type of data relating to the data subject which we process are the followings:

 

Category of data Examples of types of data Source of data
Personal details Name, last name, sex, date of birth, citizenship, private address, work address, identity card number, health insurance card. Acquired directly from the data subject
Contact information Private telephone number, work telephone number, fax number, e-mail address Acquired directly from the data subject
Tax details Tax code, VAT number Acquired directly from the data subject
Bank details IBAN, current account number Acquired directly from the data subject
Creditworthiness Assurance regarding creditworthiness Acquired from third parties

 

For what purpose do we require the data subject’s data

Legal reasons for handling the data (Art. 13,sub-article. 1, . c) and d) – Art. 14, sub-article. 1, . c) – Art. 14, sub-article. 2, b) GDPR)

Consequences for refusing to provide the data (Art. 13, sub-article 2, e) GDPR)

 

The data subject’s data is used by the Data Holder for the following purposes:

 

Purposes Description Legal base Consequences for refusal to provide the data
Management of contractual relationship The handling of the data subject’s personal data is necessary for the proper execution of a contract of supply of goods by the Data Holder and to give effect to advance preparation for a sale and follow-up activities , management of the relative order, consignment of the purchased product, relative invoicing and management of payment, dealing with claims and/or of notifications as well as the fulfilment of every other obligation resulting from the contract (e.g. accounting provisions, possible obligations in terms of the law, regulations, community, civil and tax requirements, etc.) Contract (Art. 6, sub article. 1b)) Impossibility of fulfilling the contract.
Personal details and contact requirements and/or information material Handling of personal data of the data subject is necessary prior and after the registration of personal details, for the management of requests for information and contact details and or the sending of Information material, for the issuing of quotations or tenders and for any other obligation arising therefrom. Preparatory Actions for contracts (Art. 6, sub-article 1b) Impossibility of commence filing personal details in preparation for a contract and for its execution.
Book-keeping and tax requirements Processing data subject’s personal data is necessary also to give effect to the obligations arising from tax and accounting regulations and are still necessary after the termination of the contract Legal requirement (Art. 6, sub-article 1c)) ===
Customer satisfaction The handling of a data subject’s personal data can also serve the purpose of monitoring the progress in relations with clients and the level of satisfaction of the client regarding the Data Holder’s product and the services provided. The data subject’s consent (Art. 6, sub-article 1a) In the event that the data subject does not give consent for the use of the data subject’s personal details for this purpose it will result in a failure to gauge the client’s satisfaction without it impacting negatively upon the execution of the contract.

 

To whom we release data

Communication to third parties and categories of recipients (Art. 13, sub-article1 e) and f) – Art. 14, sub-article1 e) and f) GDPR)

 

The data subject’s details are primarily communicated to third parties for carrying out activities regarding the relations entered into with the data subject and/or to fulfil obligations under the law. Specifically, the data are communicated to the following bodies:

 

Categories of recipients
Third party suppliers Credit Institutes and bodies receiving digital payment, banking / post office Institutions
Insurance institutions Professional bodies/consultants and Consultancy companies
Legal offices Financial and Tax authorities, Public Bodies, Legal authorities. Supervisory and Control Authorities

 

In the event that the data subject’s details are communicated to third parties or to those responsible for handling the data, the Data Holder ensures the application of technical and management measures and the data handling is limited to data required for the performance of the service requested.

The Data Holder shall not transfer the data subject’s data to foreign states or to international organizations. In the event that this is necessary for technical or management reasons, the Data Holder reserves the right to transfer such data to countries of the European Union or to countries outside the European Union or international organisations in compliance with the European Commission’s requirements or against adequate guarantees provided by the country to which the data is to be transferred or under specific exemptions provided for in the Regulation.

 

How we handle data and for how long

Conservation time (Art. 13, sub-article 2a) – Art. 14, sub-article 2a) GDPR)

 

Data handling, guided by fundamental principles, can also be effected through digital memory bases, for managing them and transferring them using appropriate technology for this purpose and the right technical capacity to guarantee the safety and confidentiality through the application of correct procedures to avoid risks of leaks, unauthorised access, unlawful use and public distribution. The data are gathered, processed, communicated and conserved both in documentary form and electronically, appropriate for the safety standards imposed by the law and protected through technical and management measures and constantly monitored and updated so as to guarantee the safety and protection of the data.

The handling of personal data is effected in compliance with Art. 4 sub-article 2) of the “Regulation” and in particular: gathering, recording, organising, filing, conserving, amending or changing, withdrawing, consulting, use, communicating through transmission, diffusion or any other form of placing at disposal, comparison or interconnection, reduction, cancellation or destruction.

The data of the data subject concerned are retained in hard copy files, electronically and in telematic systems in those countries in which the Regulations apply.

 

Unless the data subject specifically indicates his request to remove same, the personal data concerning that person shall be retained for as long as necessary for lawful reasons for which the data was collected, more specifically:

 

Purpose Period retained
Management of the contractual relationship The data may be retained until completion of the requirements set out in the contract
Registration and recording of contact requests and/or of brochures The data may be retained until the completion precontractual requirements
Fulfilment of tax and accounting requirements FTax purposes- The data may be retained where not specifically linked to a single tax period or relevant to a specific decade

Accounting purposes- The data may be retained for 10 (ten) years from the date of the last accounting records

Customer satisfaction 12 months unless such consent is revoked

 

Furthermore, in the event that a user sends personal data to the Data Holder not requested or not required for the purpose of the contract, DAMIANO S.p.A. cannot be considered owner of these data, and must delete them as soon as possible.

Regardless of the request of data subject for their removal, personal data may in any case be retained for the fulfilment of the obligations (e.g. tax and accounting purposes) and may be retained after the termination of the contract (art. 2220 Civil Code); for such purposes the Data Holder may retain only such data as is necessary for the fulfilment of such purpose.

This may be done only in such instances where same is required for the conduct of legal proceedings arising from the contract and/or from the registration and recording, in the case of personal information relating to a data subject, only as is necessary for this purpose, same will require handling for the period required for the prosecution of the matter.

 

Individual rights

Period of retention (art. 13, par. 2, sub para. b), c), d) e f) – art. 14, par. 2, sub para. c), d), e) e g) GDPR – General Data Protection Regulation)

 

The person concerned may at any time exercise their rights in terms of the Regulation in respect of the Data Holder and as set out below, may send a specific request as follows:

 

Method Address
E-mail info@damianorganic.eu
Certified mail damianospa@legalmail.it
Registered Office – Head Office c.da Zappulla, snc – 98070 Torrenova (Me)

 

A data subject may exercise his/her rights of revocation of consent in the same manner.

Any communication or actions taken by the Data Holder, with regards to the exercise of the rights listed, may be freely effected. Nevertheless, if the requests of the data subject are clearly unfounded or excessive, particularly if of a repetitive nature, the Data Holder raise a charge, taking into account the administrative costs incurred, or may refuse to entertain the request.

 

The exercisable rights of the data subject are as follows:

 

Right of access

The person concerned may at the very least obtain from the Data Holder confirmation that his/her personal data is being processed and if this is the case, obtain access to personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data in question;
  3. the recipients or the categories of recipients to whom the personal data have been or will be communicated, particularly recipients in third countries or international organisations;
  4. where possible, the anticipated period of retention of personal data or, if not possible, the criteria used for determining such period;
  5. the existence of the right of the data subject to request that the Data Holder correct or cancel his/her personal data or the limitation on the processing of such personal data as concerns him/her or to oppose the handling of such data;
  6. the right to lodge a complaint with a controlling authority;
  7. where such data are not collected from the data subject, all available information on the origins of such data;
  8. the existence of an automated decision-making process, including profiling, and, where applicable, relevant information on rationale applied, as well as the importance to and the anticipated consequences of such processing for the data subject.
  9. suitable guarantees provided by third countries (extra EU) or international organisations for protection of such data as may be transferred

 

Right of correction

The data subject has the right to obtain from the Data Holder correction of such inaccurate personal data as may concern him/her without unjustified delay.

 

Right of cancellation

The data subject has the right to obtain from the Data Holder cancellation of the processing of such personal data as may concern him/her without unjustified delay, for reasons set out In Art. 17 of the GDPR, including, for example, where same is no longer required for the purposes of processing or if same is considered unlawful, and if no other lawful reason exists for such processing.

The Data Holder may not proceed with the cancellation of the personal data if processing is still necessary, for example, for the fulfilment of a legal obligation, for reasons of public interest, for verification purposes, the implementation or defence of a right in a judicial process.

 

Right of limitation of processing

The data subject has the right to obtain from the Data Holder a limitation on processing, in circumstances as set out in art. 18 of the GDPR, for example where the accuracy of same has not been challenged, within period within which the data Holder is required to verify its accuracy. 

The data subject must also be timeously informed of when the period of suspension ended or the reasons the limitation on such processing have not been Implemented, and to revoke such limitation itself.

 

Right of transferability of data

The data subject has the right to receive in a structured, commonly used and legible format of the automated filing of personal data that concerns him/her and the right to transmit such data to another data processor without hindrance by the data processor which provided them, pursuant to the provisions of art. 20 of the GDPR, as well as the right to receive direct transmission of personal data from one data processor to another, if technically feasible.

 

Right to object

The data subject may at any time, for reasons particular to his situation, object to the processing of his/her own personal data based on lawful concerns (including profiling activities) or for commercial promotion activities.

The data subject has the right to cancellation of his/her own personal data where the Data Holder has no lawful reason to hold the data for the purposes for which it was originally requested, also in instances where the data subject object to such processing for purposes of commercial promotion.

 

Right to lodge a complaint with the Protection of Personal Data Authority

Without prejudice to any other administrative or legal recourse, the data subject may submit a complaint to the competent authority within the territory of Italy (Protection of Personal Data Authority) or to such competent authority charged with similar powers within the member state where the breach of the GDPR occurred.

 

Automated decision-making processes concerning natural persons, including profiling.

The data Holder may not use any automated decision-making methods for processing the personal data of the data subject.

 

Torrenova, 25 May 2018

This site uses technical cookies and third party profiling. To learn more or opt out, read the complete cookie policy statement. By continuing to use this site, we assume you are happy with it. More info

Questo sito utilizza i cookie per fornire la migliore esperienza di navigazione possibile. Continuando a utilizzare questo sito senza modificare le impostazioni dei cookie o cliccando su "Accetta" permetti il loro utilizzo.

Chiudi