The EU Regulation 2016/679 of 27 April 2016 (hereinafter referred to as GDPR) and D. Lgs 196/2003 aim to protect individuals with regard to the processing of their personal data.
According to this regulation, treatment shall be based on the principles of: relevance, correctness, accuracy, lawfulness, transparency and protection of individuals privacy and rights.
According to GDPR article 13, and D. Lgs 196/2003 article 13, we therefore provide you with following information:
1) The Data Controller treats, with the exclusion of data as referred in GDPR article 9, your personal identification data (for example: name, surname, company name, address, telephone, e-mail address, bank and payment details) that you have communicated relating to the conclusion of the contracts for the services of the controller.
2) Your personal data are processed:
A) Without your express consent (Article 6 GDPR), for following Service Purposes:
● to conclude the contracts for the Controller’s services
● to fulfill the pre-contractual, contractual, tax and accounting obligations arising from ongoing business relations with you
● to fulfill the obligations established by the law, by a regulation, by EU legislation or by an order of the Authority (such as for AML anti money laundering)
● to exercise the rights of the Controller, for example the right of defense in court.
B) Only with your specific and distinct consent (Article 7 GDPR), for following Marketing Purposes:
● to send you (by e-mail and/or mail) newsletters, commercial communications, advertising material on products and services offered by the Data Controller and to point out the degree of satisfaction on the quality of our services;
● to send you (by e-mail and/or mail) commercial and/or promotional communications from other company of the Soga Energy Team group: SOGA S.p.A.
3) Your personal data are processed in the following ways:
with logic strictly related to the purposes themselves and, in any case, so as to guarantee the security and integrity of the data and always in compliance with the security measures pursuant to article 32 of the GDPR by subjects specifically appointed, in compliance with the provisions of article 29 of the GDPR.
4) The provision of data for the purposes as at point 2 letter A) is mandatory. In absence, we can not guarantee the services at point 2 letter A). The provision of data for marketing purposes as at point 2 letter B) is optional. You can therefore decide not to supply any data or later to revoke consent to process the data already provided: in this case, you will not receive newsletters, commercial communications and advertising material relating to the Services offered by the Controller. However, you will continue to be entitled to the Services as at point 2 letter A).
5) For the purposes as at point 2 letter
A), the data may be communicated to following recipients: ● business consultants
● agents and distributors
● credit recovery companies
● leasing companies
● customs authorities and agencies
● consultants in general
● insurance companies
● quality certification societies
● other public and private entities collaborating with the Controller, exclusively for the needs connected to the existing business relationship and for what strictly necessary.
6) The Controller will process the data for the time which shall be necessary to fulfill the aforementioned purposes and, generally, for no more than 10 years from the termination of the service (for the purposes as at point 2 letter A) and no later than 2 years from the collection of data (for the marketing purposes as at point 2 letter B), unless otherwise prescribed by national or EU law.
7) At any time you can exercise your rights towards the Controller, such as: the right of access to personal data, the right to rectification, the right to erasure, the right to restriction of processing, the right of data portability, the right to object, the right to lodge a complaint with a supervisory authority, as listed at the end of the present policy. In relation to the processing of your data based on consent for the purposes referred to in point 2 letter B), at any time you can revoke consent given to your data treatment, without this affecting the lawfulness of the treatment based on the consent given before the revocation.
8) The data controller is CMZ SISTEMI ELETTRONICI S.r.l with registered office in Via dell’Artigianato 21, Vascon di Carbonera (TV) and can be contacted for the exercise of your rights as per point 7 by registered letter with advice of receipt at the address indicated, or by e-mail at following address: firstname.lastname@example.org
The updated list of the data processors, system administrators and persons in charge of processing is available at the data controller’s headquarters.
9) Automated decision-making processes, including profiling, are not used.
10) Your data will be processed within the EU member countries and may also be transferred to non-EU countries or to an international organization, only with adequate guarantees such as: opinion of adequacy by the European Commission pursuant to Article 45 of the GDPR or the adoption of contractual clauses of data protection type approved by the European Commission pursuant to 46 of the GDPR. In the absence of such guarantees, the transfer of your data may take place pursuant to art. 49, par. 1 (b) of the GDPR only if the transfer is necessary for the execution of a contract concluded with you or for the execution of pre-contractual measures taken on your request, or if the transfer is necessary for the conclusion or execution of a contract stipulated in his favor pursuant to art. 49, par. 1, lett. c) of the GDPR or even if the transfer is necessary to ascertain, exercise or defend a right in court pursuant to art. 49, par. 1, lett. e) of the GDPR.
11) This policy may be subject to further changes and updates in relation to the regulatory changes in progress.
THE DATA CONTROLLER: CMZ SISTEMI ELETTRONICI s.r.l Latest update: May 2018