PRIVACY POLICY

INFORMATION FOR THE TREATMENT OF PERSONAL DATA

The Grimel srl (now  “Holder”), as the holder of the treatment, informs it in accordance with art. 13 D. Lgs. 30.6.2003 No. 196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation No 2016/679 (now “GDPR”) that its data will be processed in the following ways and for the purposes:

  1. Subject of the treatment

The owner treats his/her personal data (for example, name, surname, company, address, telephone, e-mail, bank references and payment – hereinafter, “personal data” or “data”), which she communicated during the conclusion of contracts for The provision of services by the owner, even in the pre-contractual office.

  1. Purpose of the treatment

Your personal data are also processed without your express consent (art. 6, letter B), E), F) GDPR, for the following purposes:

  • Conclude the contracts for the benefits made by the proprietor in the exercise of business activity;
  • Fulfil the pre-contractual, contractual and tax obligations arising from relations with you in being;
  • Fulfil the obligations laid down by law, regulation, Community legislation or an order of authority (such as anti-money laundering);
  • Exercising the rights of the proprietor, for example the right of defence in court;
  1. Methods of Treatment

The treatment of your personal data is carried out by means of the operations indicated in art. 4 No. 2 GDPR, namely: collection, registration, organization, preservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.

Your personal data are subjected to both paper and electronic and/or automated treatment.

The holder will treat the personal data for the time necessary to fulfil the above purposes for no more than 10 years after the termination of the relationship established in relation to the purposes of service (2) or for the different period foreseen by the relevant regulations Tax, taxation, civil, etc.

  1. Access to Data

Your data may be made accessible for the purposes set out in point 2 of this statement:

  • Employees and employees of the proprietor, in their capacity as appointees and/or internal managers of the treatment and/or system administrators;
  • Third-party companies or other entities (e.g., credit institutions, factoring companies, professional firms, consultants, insurance companies for the provision of insurance services, etc.) carrying out outsourcing activities or the provision of Services of various kinds on behalf of the proprietor, in their capacity as external managers of the treatment.
  1. Communication of data

Without the need for your express consent (art. 6 (b)), c) and (f) GDPR), the holder may communicate his data for the purposes set out in art. 2) to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, and to those persons to whom the communication is compulsory by law for the purpose of the said purposes. Always for the purposes set out in art. 2) Your data may be communicated to third parties, such as the suppliers of the logistical services assigned by the holder. These subjects will treat the data in their capacity as autonomous owners of the treatment. Your data will not be diffused.

  1. Data transfer

Personal data is kept on servers located in Italy, within the European Union. It remains in any case that the holder, if necessary, will have the right to move the servers also extra-EU. In this case, the holder shall ensure that the transfer of extra-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.

  1. Nature of the conferral of data and consequences of refusal to respond

The conferral of data for the purposes referred to in point 2) is obligatory. In their absence, the holder will not be able to guarantee the contractual performance of point 2).

  1. Rights of the person concerned

In its quality of interest, it has the rights referred to in art. 15 and the following of the GDPR and precisely the rights of:

  1. To obtain confirmation of the existence or not of personal data concerning it, even if not yet registered, and their communication in intelligible form;
  2. Get the indication:
    1. Of the origin of personal data;
    2. Of the purposes and modalities of treatment;
    3. Of the logic applied in the case of treatment carried out with the aid of electronic instruments;
    4. The identification details of the owner and the managers listed in art. 3, paragraph 1, GDPR;
    5. The subjects or categories of persons to whom personal data may be communicated or which may become acquainted with them as a representative designated in the territory of the State, of managers or appointees;
  3. Get:
    1. The updating, the rectification or, when it has interest, the integration of the data;
    2. The deletion, the anonymous transformation or the blocking of the data treated in violation of the law, including those which are not necessary to the preservation in relation to the purposes for which the data were collected or subsequently processed;
    3. The attestation that the transactions referred to in (a) and (b)) have been brought to the knowledge, even with regard to their content, of those to whom the data have been communicated or circulated, except the case in which such fulfilment is impossible or involves a Use of means manifestly disproportionate to the protected law;
  4. Oppose, in whole or in part:
    1. For reasons lawful to the processing of personal data concerning it, although relevant to the purpose of the collection;
    2. To the processing of personal data relating to it for the purposes of sending of advertising material or direct sales or for the fulfilment of market research or commercial communication, through the use of automated systems of call without the intervention of a operator, by e-mail and/or by means of traditional marketing, by telephone and/or paper mail. It is stated that the right of opposition of the person concerned, set out in point B above), for direct marketing purposes by means of automated methods extends to the traditional ones and that however it remains safe the possibility for the person concerned to exercise The right of opposition even in part. Therefore, the person concerned may decide to receive only communications by means of traditional means or only automated communications or none of the two types of communication.
  5. Where applicable, it shall also have the rights referred to in articles. 16-21 GDPR (right of rectification, right to oblivion, right of limitation of treatment, right to portability of data, right of opposition), and the right of complaint to the guarantor.

It is specified that the person concerned has the right to object at any time, for reasons related to his particular situation, to the processing of personal data relating to him within the meaning of article 6 (1) (e) or (f)) of the GDPR, including the profiling On the basis of these provisions.

Where personal data are processed for direct marketing purposes, the person concerned shall be entitled to object at any time to the processing of personal data relating to him for such purposes, including profiling to the extent that it is Related to such direct marketing.

  1. Ways of exercising the rights

May at any time exercise the rights referred to in paragraph 8 by sending:

  • A registered letter to Grimel srl Via S. Egidio, 52 – 33074 Fontanafredda (PN);
  • An e-mail to the address privacy@grimel.it or posta@pec.grimel.it
  • You can revoke your consent and exercise your rights even by sending directly the appropriate form downloadable from the site garanteprivacy.it
  1. Owner, manager and appointee

The data controller is Grimel srl (C.F./P.IVA 00559280938), with registered office in Via S. Egidio, 52 – 33074 Fontanafredda (PN); The controller is Perin Giovanni tel. + 39 0434998971, e-mail privacy@grimel.it

The updated list of managers and persons in charge of processing shall be kept at the registered office of the data controller.