Dear Customer,
in compliance with the obligations established by the European Privacy Regulation EU / 2016/679 (GDPR) and by Legislative Decree 196 of 30 June 2003 (Code regarding the protection of personal data) we hereby inform you that the G.P.R. Italia srl, with registered office in Via Vecchia Chimica, 1820070 Riozzo di Cerro al Lambro (MI) – ITALY, VAT number 11011800155, as Data Controller, will process the personal data concerning you and that have been or may come to us, by you or by other subjects conferred / communicated in the course of the relationship with our structure.
The processing of data, freely provided by you or otherwise collected, will be carried out in compliance with the privacy regulations in force; based on principles of correctness, lawfulness and transparency and carried out in compliance with the principles of relevance, completeness and non-excess.
The data will be collected and recorded only for the purposes referred to in point 1) and will be kept for these purposes for a period not exceeding 1 year from their collection.
Therefore, according to the provisions of article 13) of the European Privacy Regulation EU / 2016/679 (GDPR) and of Legislative Decree 196/03, we inform you that:
1. The data you provide will be processed for the following purposes:
In this case, you have the right not to be subjected to a decision based solely on automated processing and therefore you may at any time request and obtain human intervention by the Data Controller, express your opinion and contest the final decision. Jack. We also inform you that the automated process will be based on a specific calculation algorithm, which will allow you to make the following decisions that may have legal effects on your person:
2. The treatment will be carried out in the following way:
The processing will be carried out both with the use of paper supports and with the aid of electronic, IT and telematic tools suitable for guaranteeing the security and confidentiality of the data in accordance with the provisions of art. 32) of the European Privacy Regulation EU / 2016/679 (GDPR) and by art. 31) of Legislative Decree 196/03 on the subject of “suitable security measures” and article 33) of Legislative Decree 196/03 regarding “minimum security measures”.
In carrying out the processing operations, all the technical, IT, organizational, logistical and procedural security measures will always be adopted, as provided for in Annex B of Legislative Decree 196/03, so that the minimum level of protection is guaranteed. of the data required by law. The aforementioned methodologies, applied for processing, will guarantee access to data only to the subjects specified in points 4) and 5).
3. The provision of data
Any refusal, even if legitimate, to provide all or part of the above data, could compromise the regular development of the relationship with our structure and in particular, for the personal data defined as mandatory and indispensable, it could make it impossible to our part to carry out the normal conduct of business operations and the regular supply of the requested products / services.
4. The subjects or categories of subjects who may come to know
of the data or to which the data may be disclosed are the following:
Personal data may also be disclosed, but only in aggregate, anonymous form and for statistical purposes.
5. If the processing could also concern personal data falling within the category of “sensitive” data (ie data suitable for revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties , trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data suitable for revealing the state of health and sexual life) or “judicial” (ie data suitable for revealing judicial records , of the registry of administrative sanctions depending on the crime and of the related pending charges or the quality of accused or suspected) the treatment will be carried out within the limits indicated by the General Authorizations of the Privacy Guarantor, in the manner provided by Legislative Decree 196/03 for the purposes strictly necessary for the regular performance of company activities, operations relating to the supply of products / services and imentation of contractual and / or legal obligations /
regulation.
In this case, the subjects or categories of subjects who may become aware of the sensitive data or to whom the data may be communicated are the following:
6. Personal data may also be disclosed to Public Bodies, Police Forces or other Public and Private Entities, but exclusively for the purpose of fulfilling legal obligations, regulations or community legislation.
The data in question will not be disclosed to other subjects other than those provided for in this information and the data suitable for revealing the state of health of the interested party will in no case be disclosed.
7. The processed data may be processed and transferred, for the purposes referred to in point 1) and according to the methods referred to in point 2), also to subjects referred to in points 4) and 5) located in the countries present in the territory of the European Union.
Based on one of the following assumptions:
8. Legal basis of the processing
The Data Controller processes Personal Data relating to the User if one of the following conditions exists:
9. In any case, you can always request at any time at
Copy of your personal data, information regarding the location in which your personal data are processed and an updated list with the identification details of all the Data Processors and System Administrators authorized to process your data.
10. At any time, you can freely revoke the consent given, without any burden and prejudice to the lawfulness of the treatments carried out up to that moment, and exercise the following rights of the interested party towards the Data Controller as provided for by the European Privacy Regulation EU / 2016 / 679 and by Legislative Decree 196/03:
Access;
Complaint to the Privacy Guarantor