Information provided pursuant to Reg.EU 2016/679 (GDPR), Art.13

1) GENERAL INFORMATION

We inform the data subjects (ex Art.4, c.1 of the GDPR) of the following general profiles, valid for all the areas of treatment:

  • all data are processed in a lawful, correct and transparent manner in relation to the data subject, in compliance with the general principles set out in Article 5 of the GDPR;
  • specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

References and rights of the data subjects

  • the Data Controller is the undersigned Company (FRANCESCO BRIZZOLARI SRL), in person of the legal representative pro-tempore;

Data controller has designed a Data Protection Officer (DPO) to whom it is possible to apply to exercise all the rights provided for by art.15-21 of the GDPR (right of access, correction, deletion, limitation, portability, opposition), as well as revoke a previously granted consent; in case of failure to reply to their requests, the data subjects can propose a complaint to the Supervisory Authority for the protection of personal data (GDPR – Art.13, paragraph 2, letter d).

Contact details

DPO: Galli Data Service Srl, Mr. Gregorio Galli – +39-0523/010250 – gregorio@gallidataservice.com
Data controller: Adress- Via Sandro Pertini, 62 – 26845 Codogno (LO) tel. (+39) 0377 31.31.11 fax (+39) 0377 31.31.65
E-mail: nastri.info@nastribrizzolari.com

2) DATA PROCESSING CONNECTED TO THE RELATIONSHIPS ESTABLISHED WITH CUSTOMERS AND SUPPLIERS

2.1 Object of the treatment

The Company processes personal identifying data of customers / suppliers (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and its operative contacts (name surname and data contact information) acquired and used in the provision of the services provided.

2.2 Purpose and legal basis of processing

Data are processed for:

  • finalize contractual / professional relationships;
  • fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships, as well as manage the necessary communications connected to them;
  • fulfill the obligations established by law, by a regulation, by the community legislation or by an order of the Authority
  • exercise a legitimate interest and a right of the Data Controller (for example: the right of defense in court, the protection of credit positions, the ordinary internal needs of an operational, managerial and accounting nature).

Failure to provide the aforementioned data will make it impossible to establish the relationship with the Owner. The aforementioned purposes represent, pursuant to Article 6, legislative paragraphs b, c, f, suitable legal bases for the lawfulness of the processing. If it is intended to carry out treatments for different purposes, a specific consent will be required from the data subjects.

2.3 Methods of processing

The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process personal data for the time necessary to fulfill the purposes for which it was collected and related legal obligations.

2.4 Scope of treatment

The data are processed by internal subjects regularly authorized and instructed pursuant to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external subjects operating as managers or independent data controllers (consultants, technicians, banks, transporters, etc.).