Attachment O to the treatment activity register
Rancati S.r.l. considers the protection of personal data of its customers and suppliers to be of fundamental importance and is strongly committed to ensuring that the processing of personal data, by any means, either automated or manual, takes place in full compliance with the protections and rights recognized by the EU Regulation 2016/679 (hereinafter also referred toas “GDPR“) regarding the protection of natural persons in relation to the processing of personal data, as well as the free circulation of such data and the additional applicable rules regarding the protection of personal data.
This privacy statement describes why and how we collect and use personal data and provides information about individual’s rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement.
With the term “personal data”, reference is made to the definition contained in art. 4 , point 1) of the GDPRwhere it is defined as “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (hereinafter also the “Personal Data“.)
The data we collect
We use personal data to arrange transactions on your behalf as agreed with you, to service our customers and our suppliers and any other customary business transactions.
Your Personal data consist of:
- Name and surname;
- Mailing address;
- Vat number;
- Telephone/ mobile number;
- Business/Organization of belonging (for example: employer company, etc.)
- business role;
- E -mail address.
The GDPRprovides that, before proceeding with the processing of Personal Data(meaning, with this definition, pursuant to Article 4, point 2), “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (hereinafter also the “Processing“) it is necessary that the person to whom the Personal Databelongs (following the “Data Subject“), is informed about the reasons for which the latter are requested and how they will be used.
This document is therefore intended to provide, in a simple and intuitive way, all the useful and necessary information so that you can confer your Personal Datain a conscious and informed manner and, where necessary, be able to request and obtain clarification and/or corrections concerning the latter.
1. Who would collect your Personal Data?
The company that will process your personal data for the purposes indicated in the following clauses2 and 3, and that therefore, holding the role of the controller of the processing is E. Rancati S.r.l., with headquarters in Cornaredo (MI), Via Ghisolfa, 87, EMAIL firstname.lastname@example.org(hereinafter also the “Controller“).
2. For which main purpose will collect your Personal Data?
The controllerwill collect and process your Personal Datafor the following purposes:
A) provide response to any requests for information/queries and/or offers made directly and spontaneously by the data subject, including through the contact form available on the website erancati.com (the Website);
B) for the fulfillment of any legal obligations, in particular those regarding to accounting and tax requirements;
C) In addition, the Controller will Processyour Personal Data for the performance of customer care and service such as consultancy and telephone assistance to customers resulting from a request for quotation or of contact, also through the Website.
The personal data provided by You for the purposes mentioned above is required to service you as customer and to provide of the services mentioned above.
Your eventual refusal will, therefore, prevent you from benefiting and taking advantage of those activities.
3. Additional purposes
The Controller,upon Your express consent, free and unequivocal given pursuant to article paragraph 1.a) of the GDPR,may use Your Personal Datafor the following purposes:
D) to assess the level of customer satisfaction in relation to the service rendered;
E) to measure the effectiveness and adequacy of the service offered, also through theWebsite;
F) for sending newsletters with the purpose of keeping you informed about news and activities of the Controller.
The Processingof Your Personal Datafor the purposes set out in points D), E) and F)is optional and has to be given by You in accordance with the conditions of articleof the GDPR,determining, in this way, the lawfulness of the Processing of Your Personal Data.
The modalities and methods of contact for the activities indicated in the previous points D), E) and F)may be either automated (e-mail) or traditional (telephone calls with operators, postal items). In any case, and as further detailed below in clause n. , You will be able at any time revoke Your consent, even in a partial way, by for example agreeing solely to the traditional contact methods.
4. To what subjects may your Personal Data be disclosed?
Your Personal Datamay be disclosed to specific subjects considered recipients of such Personal Data.On this regards we point out the fact, that art. 4.9), of the , defines as recipient of a Personal Data” the natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not” ( hereinafter also the “Recipients“).
In this context, in order to properly carry out all the processingactivities necessary to achieve the purposes set out in this privacy disclosure notice, YourPersonal Data may be processed by the following Recipients:
- employees and/or associates/consultants collaborators of the Controller to which have been assign specific and/or additional Processingactivities of Your Personal Data:such individuals have received specific instructions concerning the safety and proper use of Your Personal Data(known as the “Authorized Persons”);
- Your Personal Datamay be disclosed to public agencies or of the judicial authority when required by law or to prevent or repress the commission of a criminal offense.
5. For how long will Your Personal Data be Processed/Collected?
Your Personal Datawill be process by the Controllerfor a period not exceeding the purposes for which have been collected and subsequently processed.
In any case you can, at any time, communicate in one of the modalities provided for in this privacy notice, your wish to revoke the consent of one or all the purposes for which you have been requested permission. After such revocation of Your consent, the Controller is requiredto cease of the Processingof the Personal Datafor such purposes.
6. Is it possible to revoke the given consent and how?
As provided in the GDPR,in such cases where You have consented to the request of ProcessingYour Personal Data for one or more purposes, You will be able, at any time, to entirely or partially withdraw your consent without affecting the legality the consent to the Processing given before the revocation.
The procedures for withdrawing consent are very simple and intuitive, You simply will need to contact the Controller using the contact channels indicated within the clause n.of this privacy notice.
7. What are Your rights?
As provided by the art.ofGDPR,you can access Your Personal Data,request corrections and updating, if incomplete or erroneous, or request cancellation if such processing is in breach of any law or regulation, or oppose to the Processingfor reasons legitimate and specific.
In particular, following below are all Your rights you can exercise at any time, against the Controller:
- Right of access: you will have the right, according to art. 15.1 of the to obtain from the Controllerconfirmation whether or not there is an actual processing of Your Personal Data, and if so to have the right to request a copy of such information we hold about You and in particular: a)the purposes of the processing;the categories of Personal Datain question; c)the Recipientsor categories of Recipientsto whom Your Personal Dataare or will be sent, especially if Recipientsof third countries or international organizations; d)whenever possible, the holding period of the Personal Dataprovided or, if not possible, the criteria used to determine this period; e)the existence of the right of the Data Subjectto ask the Controllerfor correction or deletion of the Personal Dataor the limitation to the Processingof Personal Datarelating to him or to oppose to their Processing;f)the right to submit a complaint to a supervisory authority; g)if the Personal Dataare not collected from the Data Subject, all the information available on their origin; h)the existence of an automated decision-making process, including the profiling referred to in art. paragraphs 1 and 4 of the GDPRand, at least, sufficient information on the logic used, as well as the importance and the expected consequences of such Processingfor the Data Subject. You will be able to acquire all this information from this privacy notice that will always be at your disposal within the Privacy section of theWebsite.
- Right of rectification: you have the right, according to the art. of the GDPR,to correct the Personal Datathat is inaccurate. Taking into account the purposes of the Processing,you also have the right to integrate when Personal Data result incomplete, even by providing a supplementary statement.
- Right to cancel: you have the right, according to the art. of the to erase and cancel Your Personal Datawithout undue delay and moreover, the Controllerwill be required to delete Your Personal Data,if the event of only one of the following reasons: a)Personal Dataare no longer needed for the purposes for the d which were collected or otherwise processed; b)you have withdrawn Your consent to the Processingof your Personal Dataand there is no other legal basis for their Processing;c)you are opposed to the Processingpursuant to Article 21, paragraphs 1 or 2 of the GDPRand there is no longer any overriding legitimate reason to proceed to the Processingof Your Personal Data; d)Your Personal Data were processed unlawfully; e)it is required to delete Your PersonalData to fulfill a legal obligation provided for by a provision of a European Community or national law. In some cases, as required by art.17.3 of the GDPR, the Controlleris entitled to not proceed with the cancellation Your Personal Datashould their Processingbe necessary, for example, to exercise the right of freedom of speech and information, to fulfill an obligation under the law, for reasons of public interest, for archiving purposes in the public interest, scientific research or historical or for statistical purposes, to ascertain, exercise or defense a legal claim.
- Right to restrict the Processing:You have the right to limit and restrict the Processing pursuant to art. 18 of the GDPR,in any of the following cases: a)have disputed the accuracy of Your Personal Data(the restriction will continue for the period necessary for the Controllerto verify the accuracy of such Personal Data;b)the Processingis unlawful but you opposed to the deletion of Your Personal Datarequesting instead to limit its use; c)even if the Controller no longer needs them for the purpose of processing,Your Personal Datais needed for the identification, exercise or defense of a legal claim; d)you opposed the Processingpursuant to art.21.1 of the GDPRand it is pending verification of the possible prevalence of legitimate reasons the Controlleragainst YoursIn case of restriction or limitation of the Processingof Your Personal Datawill be process, but for conservation purposes, only with Your consent, unless it is required to ascertain, exercise or defense a legal claim, or to protect the rights of another natural or legal person or for reasons of significant public interest. We will inform you, in any case, before this restriction is revoked.
- Right to data portability: you can, at any time, request and receive, pursuant to art. 20.1 of the GDPR,all YourPersonal Dataprocessed by the Controller in a structured format, in common and legible use, or request the transmission to another data controller without any hindrance. In this case, it will be Your care to provide all the exact information regarding the new data controller of the processing to which You wish to transfer Your Personal Databy providing us with written authorization.
- Right to object: pursuant to art. 21.2 of the GDPRand as also confirmed by Recital 70, you have the right to object, at any time, to the Processingof Personal Data if are processed for direct marketing purposes, including profiling to the extent that is connected to direct marketing.
- The right to file a complaint to the supervisory authority:in addition to Your right to appeal in any other administrative or judicial venues, You can file a complaint with the competent Data Protection Authority whenever You may believe that the Processing of your Personal Data by the Controller is taking place in violation of the GDPRand/or any applicable law.
To exercise all the above identified rights, simply contact the Controller as follows:
- by certified mail return receipt requested sent to E. Rancati S.r.l., with registered office in Cornaredo (MI), Via Ghisolfa, 87 ;
- by sending an e-mail to the e-mail address: email@example.com
8. Where will Your Personal Data be Process?
Your Personal Datawill be processed by the Controllerwithin the territory of the European Union.
If for reasons of technical and/or operational nature it becomes necessary to make use of processors/individuals located outside the European Union, we hereby inform from now that these individuals will be appointed responsible of the Processingpursuant to art. 28 of the GDPRand the transfer of Your Personal Datato such processors, limited to the performance of the specific Processingactivities, will be regulated in accordance with the provisions of Chapter V of GDPRand, in particular, there will be taken all the necessary precautions necessary to ensure the total protection of Your Personal Datagrounding this transfer:
- on decisions of the adequacy of the third country recipients expressed by the European Commission;
- on adequate guarantees provided by the third party pursuant to art. GDPR.