Data subject: customers and customers company contact
Nobili S.p.A. in its capacity of Data Controller with regard to the processing of your personal data pursuant to (EU) Reg. 2016/679 (hereinafter the 'GDPR'), hereby informs you that the said regulation protects data subjects with regard to the processing of their personal data and that the said processing will take place in a fair, lawful, transparent manner which protects your privacy and your rights.
Your personal data will be processed in accordance with the terms of the above legal provisions and the confidentiality obligations contained therein.
Purposes and legal basis of processing: specifically, your data will be processed for the following purposes, relating to the fulfilment of legal obligations:
- legal compliance with regard to taxation and accounting.
Your data will also be processed for the following purposes relative to the performance of measures connected to contractual or preliminary obligations:
- After sales support;
- customer care;
- Historical filing system of customer invoices;
- Clients management;
- Managing of controversy;
- purposes relating to the management of the sales contract and fulfilment of the relative legal obligations, including precontractual activities.;
- Quality Management.
Your data will also be processed for the following purposes necsseries to pursue data controller's legitimate interest:
- email marketing purposes relating to services or products similar to those already purchased by the customer, including through the dispatch of newsletters or invitations to events concerning our services or products, as specifically recognised by art. 130, comma 4, of Italian Legislative Decree 196/2003 (Data Protection Code). You may object to the processing of data for this purpose at the time of collection of the data or on dispatch of every successive communication.
If you are an employee/contact of the legal person customer, the legitimate interest of the Data Controller, under article 6, first comma, subsection f) of the GDPR, deriving from the need to interact with the legal person customer though you
Processing procedures. Your personal data may be processed by the following ways:
- data entry in CRM;
- Manual personal data processing with paper filing system;
- computer processing;
- thanks to the reports, the Owner can know, for example: the number of readers, openings, unique "clickers" and clicks, devices (iPhone, Blackberry, Nokia ...) and operating systems (Windows, Apple, Linux, Android ...) used to read the communication; details on the activity of individual users; the number of pending users who have not yet confirmed their subscription; details of emails sent by date/time/minute; details of emails delivered and not, of those sent; the list of unsubscribed to the newsletter; who opened an email or clicked on a single link; users with problems displaying the message; link tracking (i.e. the number of clicks made on the links in the message); click tracking (which links were clicked and by whom). All this data is used for the purpose of comparing, and possibly improving, the results of communications.
All data are processed in compliance with the procedures specified in articles 6 and 32 of the GDPR and with the adoption of the appropriate security measures required.
Your data will only be processed by persons specifically authorised by the Data Controller, and specifically by the following categories of authorized persons:
- Admnistration office;
- Commercial office;
- Freight and shipping offices;
- purchase departement.
Disclosure. Your data may be communicated to external parties for the proper management of the relationship and specifically to the following categories of Recipients, who operate independently as separate "Data Controllers" or as "Data processors" specifically appointed by the Data Controller in compliance with Article 28 GDPR.
- banks and lenders;
- consultant and freelance professionals, also working as firms;
- debt collection companies and lawyers;
- hardware and/or software companies for the management of corporate services, including cloud services;
- Public/private subjects whose data transmission is mandatory or necessary in compliance with regulations or functional to the relationship management;
- service provider for electronic invoicing management;
- Freight Forwarders and Logistics Companies.
The complete, updated list of the entities to which your personal data may be disclosed can be requested from the Data Controller using the contacts provided in this Statement.
Distribution: Your personal data will not be distributed in any way.
Your personal data, only for the aforesaid purposes and
- for technical and organisational reasons, are stored within the European Union.
Data Storage Period. In accordance with the principles of lawfulness, limitation of purpose and minimisation of data, pursuant to art. 5 of the GDPR, the data storage period for your personal data is:
- set for a timing not larger than the one which implies its purpose achievement, given the aim to collect data, and collected and processed for the execution and fulfillment of contract purposes;
- established as a period of time not exceeding the purposes for which the data were collected and processed and complying with the compulsory times required by law.;
- per l'attività di marketing, stabilito per un arco di tempo non superiore all'espletamento dei servizi erogati e fino ad opposizione dell'interessato.
Data Controller: the Data Controller, as defined by the Law, is Nobili S.p.A. (Via Circonvallazione Sud, 46 , 40062 Molinella (BO), VAT no. 00502501208, contactable as follows: e-mail firstname.lastname@example.org, telephone 39 051 881444) in the person of its current legal representative.
You are entitled, by application to the Data Controller, to obtain the erasure (right to be forgotten), restriction, updating, rectification and portability of your personal data, to object to their processing, and in general to exercise all your rights under articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR using the contacts provided on the Statement. You may also lodge a complaint with the competent supervisory authority if you consider that the processing of your data is contrary to the legislation in force.
You may also examine whenever you like the updated version of the present report by connecting to the following web site https://www.privacylab.it/informativa.php?09799325046&lang=en.
Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the Data Subject
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure of such data in intelligible form, and the right to lodge a complaint with the supervisory authority.
2. The data subject has the right to be informed of:
- the source of the personal data;
- the purposes and methods of processing;
- the logic applied if the data are processed by electronic devices;
- the identification data concerning the Data Controller, the Data Processors and the representative designated as per article 5, comma 2;
- the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data as designated representative in the State's territory, as data processors or as persons in charge of the processing.
3. The data subject is entitled to obtain:
- the updating, rectification or, where interested therein, integration of the data;
- the erasure, anonymisation or blocking of data that have been unlawfully processed, including data whose retention is not necessary for the purposes for which they were collected or subsequently processed;
- certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
- the portability of the data.
4. The data subject has the right to object, in whole or in part:
- on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
- to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.