INFORMATION TO CUSTOMERS, SUPPLIERS, EMPLOYEES AND OUTSIDE STAFF CONCERNING THE COLLECTION OF PERSONAL DATA PURSUANT TO ART. 13 OF EU REGULATION 2016/679
In accordance with the provisions of EU Regulation no. 679/2016 (hereinafter the “Regulation”), article 13 – Information to be provided if personal data are collected from the data subject TCN SRL, having its registered office in Strada Tagliata, 18, 12051 Alba CN (hereinafter the “Company”), provides the following information on the processing of personal data of its customers, suppliers, employees and outside staff (hereinafter the “Data”) performed by the Company, as Data Controller.
1. Identity of the Data Controller and contact details
In accordance with article 4 of the Regulation, the Company is the Data Controller of its customers, suppliers, employees and outside staff personal data. For communications or requests, the Company can be reached by e-mail at the address: firstname.lastname@example.org
2. Categories and types of Data collected and processed:
The Data processed by the Company may include personal data, not belonging to particular categories (Article 9 of the Regulation) collected for the purpose of the conclusion of the contract and in the context of its execution and/or stipulation. Furthermore, it is possible to process personal data belonging to third parties communicated to the Company by customers, suppliers, employees and outside staff. With respect to this hypothesis, the Customer stands as an independent Data Controller and assumes the consequent legal obligations and responsibilities, relieving the Company from any objection, claim and/or request for compensation for the damage caused by treatment that should reach the Company from third parties concerned.
3. Purpose and legal basis of the processing and nature of the provision of Data
In compliance with current regulations regarding the protection of personal data and without the need for a specific consent by the data subject, the Data will be stored, collected and processed by the Company for the following purposes: a) fulfilment of contractual obligations, execution and/or conclusion of the contract and/or management of any pre-contractual measures; b) compliance with legal requirements, with tax and fiscal provisions deriving from the performance of the business activity and from obligations related to the administrative and accounting activities; c) sending, directly or through third-party providers of marketing and communication services, newsletters and communications for the purpose of direct marketing through email, sms, mms, push notifications, fax, paper mail, telephone with operator, in relation to the products supplied; d) communication of Data to third-party companies for the sending of newsletters and communications for marketing purposes through e-mail, sms, mms, push notifications, fax, paper mail, telephone with operator. The legal bases of processing for the purposes a) and b) above mentioned are the articles. 6.1.b) and 6.1.c) of the Regulation. The provision of Data for the aforementioned purposes is optional, but any failure in providing them and the refusal to supply them would make it impossible for the Company to execute and/or stipulate the contract and grant the services requested by the same. The legal basis for processing personal data for purposes c) and d) is art. 6.1.a) of the Regulation, since the treatments are based on consent; it is specified that the Data Controller can collect a single consent for the marketing purposes described herein, in accordance with the General Measures issued by the Italian Data Protection Authority for the protection of personal data “Guidelines on promotional activities and the fight against spam” dated July 4th 2013. The provision of consent to use ones’ Data for marketing purposes is optional and if the Data subject wishes to object to the processing of his Data for marketing purposes performed with the means indicated herein, as well as revoke the consent given, he may at any time do so without any consequences (except for the fact that he will no longer receive marketing communications) by following the instructions in the “Data Subject’s Rights” section of this Notice.
4. Methods of data processing
In relation to the aforementioned purposes, the Data are processed using manual, information technology and telematic tools with logics strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of the Data, in addition to the compliance with the specific obligations established by the legislation. The Data will be processed in compliance with the principle of lawfulness, correctness, relevance and non-excess, in accordance with the provisions on the protection of personal data. The treatment will be carried out by staff who are formally appointed and adequately trained.
5. Transmission and diffusion of Data, recipients, Data transfer and Data Processors
For the aforesaid purposes, the Data may be disclosed to other Group companies and to third parties appointed as data processors in accordance with Article 28 of the Rules and in particular to banking institutions, insurance companies, to providers of services strictly necessary to the carrying out of the business activity, or to consultants of the company, where this proves to be necessary for fiscal, administrative, contractual reasons or for needs protected by current regulations. Furthermore, the other Group companies will be able to access the Data for administrative and / or accounting purposes, in accordance to recitals 47 and 48 and to Article 6 of the Regulation. Finally, the Data may be shared with authorities, entities and / or subjects to whom the Data must be communicated pursuant to legal provisions or orders of authority. These authorities, bodies and / or subjects will act as independent data controllers. Data will not be disclosed. A periodically updated and complete list of data processors appointed for data processing may be requested by sending an e-mail to the Data Controller at the addresses indicated above.
6. Transfer of Data to international organizations and / or countries outside the EEA (European Economic Area):
Any transfer of Data to international organizations and / or non-EEA countries will take place according to one of the methods permitted by current legislation, such as the consent of the interested party, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for free circulation of data (i.e. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission. On request, it is possible to have more information from the Company to the above-mentioned contacts.
7. Data Retention:
The Data will be stored on paper and / or computer only for the time necessary for the purposes for which it was collected, respecting the principles of limitation of conservation and minimization according to Article 5, paragraph 1, letters c) and e) of the Regulation. The Data will be kept to comply with the Regulation and to pursue the above-mentioned purposes, in compliance with the principles of indispensability, non-excess and relevance. The Company may retain the Data after the end of the contractual relationship to fulfil regulatory and / or post-contractual obligations; subsequently, when the aforementioned reasons for the processing no longer exist, the Data will be deleted, destroyed or simply stored anonymously. On request, it is possible to have more information from the Company to the above-mentioned contacts.
8. Data subject’s rights
In relation to the aforementioned processing, each data subject can exercise the rights referred to in articles 15 to 22 of the Regulation. In particular, the data subject has the right to ask the Company for access to its Data, correction or cancellation of the same, he has the right to oppose the processing or to require the limitation of processing in the cases contemplated by Article 18 of the Regulation and to obtain, in a structured format, in common use and readable by an automatic device, its own Data, in the cases contemplated by Article 20 of the Regulation. The data subject may also revoke at any time the consent granted in accordance to Article 7 of the Regulation, as well as propose a claim by the Privacy Authority for the protection of personal data according to Article 77 of the Regulation, in case he considers the processing of his own Data to be contrary to the current regulation. In case of opposition to the processing of Data according to Article 21 of the Regulation, the Company reserves the right to assess the request, which will not be accepted if there are legitimate reasons to proceed to the processing that prevail over the interests, rights and freedom of the Data Subject. Requests should be sent in writing to the Company at the above addresses.
TCN S.r.l., with the purpose to ensure:
the compliance with Regulation (UE) 2016/679 of the European Parliament and of the Council – GDPR – on the protection of individuals with regard to the processing of their personal data, as well as on the flow of such data
a continuous improvement of its personal data protection performance
is committed to guarantee:
the compliance with applicable legislation
the carrying out of the risk assessment and the application of technical-organizational security measures
the information on the processing addressed to interested parties and recipients
the awareness of its staff about the importance of personal data protection
the competence of managers and persons in charge of the processing
the involvement of customers and suppliers as expected
the performance of monitoring, maintenance and internal audits
the review of what has been implemented to maintain and, where possible, improve the level of management of personal data protection