PRIVACY POLICY on the processing of personal data

This text explains our policy on the processing of personal data collected through our contact systems including services on this site: gervasoni.com

GENERAL INFORMATION
We inform customers / suppliers (interested in the processing) and their contact persons (hereinafter „interested“, ex Art.4, c.1 of the GDPR)) that the professional relationships established with the undersigned Owner may involve the processing of personal data, in compliance with the following general principles:

• all data are processed in a lawful, correct and transparent manner in relation to the data subject, in compliance with the general principles established by Art. 5 of the GDPR;
• specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access;
• the Data Controller is the writer Gervasoni S.p.A. – via Caberardi, 7 / A – Fraz. Location Brembilla, 24012 Val Brembilla (BG) – (Contact details: Tel. 034559911 Email privacy@gervasoni.com)

OBJECT OF THE TREATMENT
The Data Controller processes personal identification data of the customer / supplier (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and of its operational contact persons (name surname and data contact information) acquired and used in the provision of services provided by the Data Controller.
PURPOSE AND LEGAL BASIS OF TREATMENT
Data are processed for:

• conclude contractual / professional relationships;
• fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
• fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority;
• exercise a legitimate interest as well as a right of the Owner (for example: the right of defense in court, the protection of credit positions, the ordinary internal needs of an operational, managerial and accounting nature).

Failure to provide the aforementioned data will make it impossible to establish the relationship with the Owner. The aforementioned purposes represent, pursuant to Article 6, commi b, c, f, suitable legal bases for the lawfulness of the processing. If it is intended to carry out treatments for different purposes, a specific consent will be required from the interested parties.

METHOD OF TREATMENT
The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process personal data for the time necessary to fulfill the purposes for which it was collected and related legal obligations.

SCOPE OF THE TREATMENT
The data are processed by internal subjects regularly authorized and instructed pursuant to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external subjects operating as managers or independent data controllers (consultants, technicians, banks, transporters, etc.). We also inform you that personal data may be the subject of intercompany communication between Group companies. The data are not subject to diffusion or transfer to non-EU countries. If it becomes necessary, in the context of tenders / contracts or in the performance of regulatory obligations (eg joint liability, anti-corruption, anti-mafia, anti-money laundering, etc.) acquire personal data of their employees from customers / suppliers, it is agreed between the parties that the undersigned company will be entitled to the processing as external manager (Art.28 GDPR) or authorized subject (Art.29 GDPR). As part of this report, the undersigned company undertakes to process such data in compliance with the compliance requirements established by the GDPR, guaranteeing any communication to other parties exclusively within the scope of specific legal obligations.

RIGHTS OF THE INTERESTED PARTY (GDPR articles 15-22)
At any time, the interested party can exercise the right to:

• request confirmation of the existence or not of personal data.
• obtain information about the purposes of the processing, the categories of personal data, recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period.
• obtain data correction and deletion.
• obtain treatment limitation.
• obtain data portability, ie receive them from a data controller, in a structured format, commonly used and readable by automatic device, and transmit them to another data controller without hindrance.
• oppose the processing at any time and also in the case of treatment for direct marketing purposes.
• oppose an automated decision-making process concerning individuals, including profiling.
• to file a complaint with the Italian Data Protection Authority.