| DATA PROCESSING CONTROLLER | The Data Controller is DTI S.R.L. with registered office in Via Palladio, 11 – 33010 Tavagnacco (UD), which you can contact by writing to the following e-mail address: privacy@dtindustry.com, or by calling 0432.855071. |
| PERSONAL DATA PROCESSED | Data means those relating to natural persons processed by the Company for the stipulation and execution of the contractual relationship with its customers/suppliers, such as those of the legal representative of the company that signs the contract in the name and on behalf of the latter, as well as the employees/consultants of the customer/supplier involved in the activities referred to in the contract.
Data relating to particular categories of data may also be processed in accordance with the provisions of the legislation concerning health and safety in the workplace. The Data could also include any judicial data reported in public databases. |
| PROCESSING PURPOSES | – Purposes related to the establishment and execution of the contractual relationship between our Company and its customer/supplier;
– Fulfil administrative-accounting obligations;
– Fulfil obligations established by law, by a regulation, by EU legislation or by an order of the Authority;
– Ascertain, exercise and/or defend the rights of the Company in court. |
| DATA RETENTION PERIOD | Contractual duration, and upon termination of the contractual relationship for a period of 10 years or as otherwise established by the pro tempore legislation in force. Without prejudice to longer or specific retention periods established by laws and regulations applicable in the sector, or useful for the possible defence of the Company in court. In the case of judicial litigation, for the entire duration of the same, until the exhaustion of the terms of practicability of appeals.
Once the above retention terms have elapsed, the data will be destroyed, deleted or made anonymous, consistent with the technical procedures for deletion and backup. |
| LEGAL BASIS OF PROCESSING | The processing activities are necessary for the execution of a contract, or are necessary to fulfil a legal obligation to which the data controller is subject. However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each processing. |
| DATA CONFERMENT | The provision of data is mandatory as strictly indispensable in order to be able to implement the stated purposes; therefore, failure to provide it will make it impossible to carry out and achieve the aforementioned purposes. |
| DATA RECIPIENTS | The Data may be communicated to external subjects operating as independent Data Processing Controllers or as Data Processors appointed by the Data Controller pursuant to article 28 GDPR. Among these, by way of example, Public entities; Public authority; Various consultants and service providers.
The complete list of Recipients and Data Processors appointed by the Data Controller is always available at the Data Controller’s registered office. |
| PARTIES AUTHORISED FOR PROCESSING | The Data may be processed by employees of the company departments responsible for the pursuit of the aforementioned purposes that have been expressly authorised for processing and have received adequate operating instructions. |
| TRANSFER OF PERSONAL DATA | Pursuant to articles 44 et seq. of the GDPR 2016/679, some of your personal data may be communicated to recipients and Data Processors (the latter duly appointed by the Data Controller), based in non-European Third Countries, always according to principles of lawfulness, correctness, transparency and protection of your privacy. |
| RIGHTS OF THE DATA SUBJECT AND CLAIM | With regard to the personal data, the data subject may exercise the rights provided for in articles 15 et seq. GDPR and precisely:
Right of access (article 15) – consists in obtaining confirmation from the Data Controller that related personal data is being processed and, in this case, obtaining access to the same data and certain information (explained in the cited article) regarding the data in question. Right of rectification (article 16) – consists in giving the data subject the possibility to modify related data if it is inaccurate. Right of cancellation (article 17) – possibility for the data subject to cancel related data held by the data controller when, for example, the consent to the processing is revoked or the pursued purpose is achieved or when it is illegal. Obviously, it will not always be possible to fulfill the cancellation request. This occurs for example when the data is used to fulfill a legal obligation or is necessary for the defence of a right in court. Right to object (article 21) – the possibility of objecting to the processing must be guaranteed when the legal basis is the legitimate interest or the execution of a task of public interest. This right also has its limits as there may be cases in which the legitimate interest of the data controller prevails over that of the data subject, it will be essential to ensure the right balance, or the processing is necessary for a task in the public interest or the establishment, defence or exercise of a right before a judge. Right to portability (article 20) – provides that, if processing is based on the contract or on consent, in the event of a request, personal data will be provided to the data subject in a structured format that can be read by an automatic device (json, xml, csv); this right only applies to data provided voluntarily and not to inferred or derived data. Right of revocation (article 7) – in case of signing any form of consent to the processing requested by the Data Controller, it is noted that the data subject may revoke it at any time, without prejudice to the mandatory obligations established by the legislation in force at the time of the revocation request.
Parties concerned shall have the right to file a complaint with the competent Supervisory Authority in the Member State where they normally reside or work or in the State where the alleged violation has occurred.
All the aforementioned rights may be exercised by sending a specific request to the Data Controller by means of the contact channels indicated in this policy.
|
