INFORMATION TO DATA SUBJECTS – CUSTOMERS/VENDORS
pursuant to Article 13 of Regulation (EU) No. 2016/679
(The General Data Protection Regulation – GDPR)
Dear Customer/Vendor, pursuant to Article 13 of Regulation (EU) 2016/679 – hereinafter “GDPR” – as regards your personal data, our Company, in its capacity as data controller, subsequent to the contracts in force, hereby provides you with the following information.
Our website address is: www.pasticceriamaristella.it
- Identity and the contact details of the data controller
The data controller is MARISTELLA S.R.L., with Registered Office at Via I Maggio, 8 – 26010 Pozzaglio ed Uniti (CR), Italy and operational headquarters at the same address. The contact details are the following: Phone (+39) 0372 55408, email: email@example.com. It is pointed out that, as the data controller is based in the European Union, it is not required to appoint a controller’s representative.
- Contact details of the Data Protection Officer
After verifying the applicability of Article 37 of the GDPR, the company has concluded that it is not required to designate a Data Protection Officer, as it does not meet any one of the cases requiring such designation.
- Purposes and legal basis of data processing
Data processing has the following purposes: – Compliance with all obligations provides for by the law and/or by the relevant contracts, performance of practices and habits within the Company’s commercial operations; – Accounting and administrative activities; – Management of legal requirements and litigation; Compliance with obligations laid down by the applicable legislation on occupational health and safety; – Requirements associated with the Company’s internal Management System. The data processing legal basis consists of the following elements: contract for the purchase/sale of goods or services, Italian Legislative Decree No. 81/2008 as amended and supplemented, in terms of the applicable legislation on occupational health and safety and the applicable provisions of the Italian Civil Code and Criminal Code. Data processing consists of any operation or set of operations, namely: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; data are processed with or without electronic means; data processing is performed by the Data Controller’s organisation or by appointed data processors, the list of which can be obtained from the Controller, which cooperate directly with the Company and are fully independent external data processors and, as such, required, under a contract with our Company, to comply with the applicable legislation of personal data protection. Personal data shall not be disclosed.
- Legitimate interests of the Data Controller
In case of any data processing pursuant to Article 6, paragraph 1, letter f), such processing shall be performed only to pursue legitimate interests of the Data Controller.
- Recipients of the personal data
The collected personal data may be disclosed to: – all those entitled to access such data pursuant to legal acts; – our staff members within their respective jobs; – all the natural and/or legal persons, public and/or private, when such disclosure is necessary or ancillary to our business activities and with the methods and for the purposes set forth above.
- Transfer of personal data to third countries
The Data Controller does not intend to transfer any personal data to third countries or to international organisations.
- Period for which the personal data are stored
The set parameter is the required period of data storage for tax purposes (10 years).
- Rights of the data subject
The data subject (Chapter III Rights of the data subject) shall have the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing, as well as the right to data portability. In order to exercise the aforementioned rights, please use the contact details given above.
- Withdrawal of consent
At any time the data subject shall have the right to withdraw his or her consent given pursuant to Article 6, paragraph 1, letter a) and to Article 9, paragraph 2, letter a).
- Right to lodge a complaint with a Supervisory Authority
The data subject shall have the right to lodge a complaint with the competent Supervisory, the contract details of which are given below: Garante per la protezione dei dati personali (the Italian Data Protection Authority) – Piazza di Monte Citorio no. 121 00186 ROME, ITALY Fax: (+39) 06.69677.3785 Phone switchboard: (+39) 06.696771 Email: firstname.lastname@example.org Certified Email: email@example.com . The contact details and the procedures to exercise the right to lodge a complaint are given on the website of the Italian Data Protection Authority (Garante per la protezione dei dati personali) http://www.garanteprivacy.it.
- Provision of personal data
The provision and subsequent processing of personal data is an essential condition for the finalisation of the relevant contract with our Company. Any failure to provide personal data shall entail non-enforceability of the contract.
- Automated decision-making process
The collected personal data shall not be subject to any automated decision-making processes, including profiling.
Company’s website (“www.pasticceriamaristella.it”).