INFORMATION ON DATA PROCESSING, EUROPEAN REGULATION NO. 679/2016, FOR CUSTOMERS AND SUPPLIERS
The company CHIMICA HTS SRL, with registered office in Tintoretto 3, 35135 Padova PD, Fiscal Code and VAT Number 03725900280, as “Data Controller”, informs you, pursuant to Articles 13 and 14 of European Regulation no. 679/2016 (hereafter “EU Regulation”), that your data will be processed as indicated below:
Subject of processing
The Data Controller informs you that your personal and identification data (for example, name, surname, company name, address, telephone number, email address, bank and/or payment details, public or private IP addresses, etc.), hereafter called “personal data” or even simply “data”, also acquired verbally, directly or through third parties in the past, as well as in the future, may undergo processing in full compliance with the EU Regulation. The Data Controller processes data legally, and specifically for the implementation of a contract of which you are part, or for the implementation of pre-contractual measures (e.g. preparation of an offer, etc.)requested by you (Art. 6 of the EU Regulation). The processing of data implies any operation or set of operations concerning the collection, recording, organisation, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data.
Legal basis and purposes of processing
Legal basis: EU Regulation no. 679/2016
2A) Without your express consent (Art. 6 Letters b), c) and e) of the EU Regulation, for the following purposes:
• Fulfil pre-contractual, contractual and tax obligations arising from existing relationships with you;
• Fulfil obligations imposed by law, by a regulation, by EU legislation or by order of the Authorities (for example, anti-money laundering);
• Exercise the rights of the Data Controller, for example the rights to legal defence;
• For the keeping of general accounts;
• For administrative purposes (invoicing, document management, etc.);
• For credit management;
• For statistical and quality control analysis;
• For insurance operations;
• For technical assistance.
Specifically, your details will be processed for purposes connected with the fulfilment of the following requirements, related to legislative or contractual obligations:
• Technical and functional access to the website;
• Advanced navigation or personalised content management purposes;
• Navigation and user statistics and analysis.
2B) Only with prior specific and clear consent (Art. 7 of the EU Regulation), for the following commercial and/or marketing and/or profiling purposes:
• The sending, by email, post and/or text message and/or phone, of newsletters, commercial communications and/or advertising material about products and services offered by the Data Controller and/or monitoring of the level of satisfaction on the quality of what was done at your request;
• The sending, by email, post and/or text message and/or phone, of commercial and/or promotional communications of third parties (for example, business partners).
Methods of data processing
The processing of your data is carried out by means of the operations indicated in Art 4 no. 2) of the EU Regulation, namely: the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, blocking. Your personal data is processed in both in paper and electronic and/or automated form (in any case suitable for ensuring the safety and confidentiality of data).
Duration of data retention and other information
The Data Controller will process personal data for the time necessary to fulfil the above purposes and in any case not beyond the date provided for by the law for the discontinuation of the relationship for the purposes under the existing relationship. Personal data processed for marketing and commercial purposes is stored in compliance with the principle of proportionality and in any case until the processing purposes have been pursued or until the person concerned revokes specific consent. More specifically, the Data Controller will keep the data for no longer than 3 years after collecting the data.
The personal data provided by you will be processed “in a lawful manner according to the principles of correctness and transparency”, protecting your privacy and rights.
Access to data
For the purposes under points 2.A) and 2.B) above, your data may be made accessible:
• To members, employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons in charge and/or internal data processing managers and/or system administrators;
• To third-party companies or other entities that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processing managers (including: associated firms, lawyers, data processing companies, certification boards, accounting/tax consultants and in general any other body responsible for verifying and checking the proper fulfilment of the purposes indicated above, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, financial offices, municipal authorities and/or municipal offices, consultants and service companies and workplace safety companies who in turn may disclose the data, or provide access to the data in the context of their members, users and related assignees for specific market research. The data collected and processed may also be disclosed, in Italy and abroad, to subcontractors, suppliers, for the management of information systems, to transporters, freight forwarders and customs agents).
For the sake of brevity, the detailed list of the above entities is available at our offices and is at your disposal.
Without the need for express consent (Art. 6, letters b) and c) of the EU Regulation), the Data Controller may communicate your data for the purposes referred to in paragraph 2.A) above to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, as well as those parties to whom disclosure is mandatory by law to achieve the above- indicated purposes.
These parties will process the data in their capacity as independent data controllers. During and after browsing, your data may be disclosed to third parties, in particular to:
• Google: Advertising Service, Advertising Coverage, Analytics/Measurement, Content Personalisation, Optimisation;
• Google Analytics: Advertising Coverage, Analytics/Measurement, Optimisation. Your data will not be disclosed.
Personal data is stored on devices located at the premises of the Data Controller or at providers within the European Union. In any case, it is understood that the Data Controller, if necessary, will also have the right to move data to non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
As regards the data present on its devices, and any data present at the provider, the Data Controller has implemented appropriate technical and organisational measures to ensure a suitable level of security, in full compliance with the provisions of Art. 32 of the EU Regulation.
Navigation: Your browsing data may also be transferred, limited to the purposes indicated above, to the following territories: – EU countries, – United States.
Nature of data provision and consequences of refusal to answer
The provision of data for the purposes under point 2.A) above is mandatory. Without this data, we cannot guarantee the services as indicated in point 2.A).
Instead, the provision of data for the purposes under point 2.B) is optional. You may therefore decide not to provide any data and subsequently deny the possibility of processing data already provided. In this case, you will not receive newsletters, commercial communications and advertising material and/or anything else related to the services offered by the Data Controller.
You will still have the right to the services under point 2.A).
Rights of the interested party
As an interested party, you have the rights pursuant to Art. 15 of the EU Regulation as set out below and precisely:
1. The right to obtain from the Data Controller confirmation of whether or not your personal data is being processed, and in this case, to obtain access to the personal data and the following information:
a. The purposes of processing;
b. The categories of personal data concerned:
c. The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular if the recipients are from third countries or
d. Where possible, the retention period of the personal data or, if this is not possible, the criteria used to determine this period;
e. The existence of the right of the concerned party to ask the Data Controller to rectify or erase the personal data or restrict processing of the personal data concerning you or oppose their processing;
f. The right to lodge a complaint with a supervisory authority (the Data Protection Authority);
g. If the data is not collected from the interested party, all information available regarding their origin;
h. The existence of an automated decision-making process, including profiling under Art. 22, Paragraphs 1 and 4 of the EU Regulation, and, at least in these cases, significant information about the logic used, as well as the importance and expected consequences of this processing for the interested party.
2. If your personal data is transferred to a third country or an international organisation, you have the right to be informed of the existence of adequate guarantees pursuant to Art. 46 of the EU Regulation concerning the transfer of data.
3. Upon your request, the Data Controller will provide you with a copy of your personal data being processed.
If you request further copies, the Data Controller may charge you a reasonable fee based on administrative costs. If you submit the request by electronic means, and unless you specify otherwise, the information will be provided to you in a commonly-used electronic format.
4. The right to obtain a copy pursuant to paragraph 3 shall not adversely affect the rights and freedoms of others.
Moreover, where applicable, you have the rights pursuant to Articles 16 to 21 of the EU Regulation and precisely have:
• The right to rectify personal data;
• The right to be forgotten (right to erasure);
• The right to restriction of processing;
• The right to data portability;
• The right to object;
• The right to complain to the Privacy Authority.
You also have the right to revoke at any time consent already given without prejudice to the lawfulness of processing based on the consent given prior to revocation.
Personal data not obtained from the interested party
It may happen that CHIMICA HTS S.r.l. is not the Data Controller to whom you have given your personal data, but is the co-owner of data processing or is responsible for external processing, and therefore your data has ultimately come into the possession of CHIMICA HTS S.r.l. due to a contract that regulates the parties. In this case, it should be noted that the undersigned company will do everything possible to ensure that you have been informed and have given consent to processing. You can ask CHIMICA HTS S.r.l. at any time about how your data was acquired.
Data Controller and Persons in Charge
Below we provide you with information that we are required to bring to your knowledge, not only to comply with legal obligations, but also because transparency and fairness towards people who visit our website is a fundamental part of our business.
Data Controller. The Data Controller of your personal data is CHIMICA HTS S.r.l., which can be contacted for any information or request at the email address firstname.lastname@example.org
Data Processing Manager. The External Manager in charge of GDPR coordination and functionality on behalf of CHIMICA HTS S.r.l. is Mr Zago Fabrizio, who can be contacted for any information or request at the email address email@example.com
The updated list of other external processing managers is kept at the premises of the Data Controller.
Persons in Charge. The updated list of persons in charge of processing is kept at the premises of the Data Controller