Notice on the processing of personal data.
(Articles 13 and 14 EUROPEAN REGULATION NO. 679/2016)
The company Meccanica Nicoletti srl, with registered office in Via Venezia 6/b in Curtarolo (Padua), as “Data Controller” informs you , pursuant to Articles 13 and 14 of European Regulation no. 679/2016 (hereinafter “EU Regulation”) that your data will be processed as described hereunder:
1. Data object of processing
The Data controller informs you that personal, identification (e.g. name, surname, company name, address, telephone number, email, bank and/or payment details) data, hereinafter “personal data” or even simply “data” relating to you, also acquired verbally directly or through third parties in the past, as well as data collected in the future, may be processed in full compliance with the EU Regulation. The Data Controller carries out processing lawfully specifically for the execution of a contract of which you are a party or for the implementation of pre-contractual measures (e.g. preparation of an offer, etc.) requested by you (Article no. 6 of the EU Regulation).
By data processing we intend any operation or set of operations concerning collection, recording, organization, retention, consultation, elaboration, alteration, selection, retrieval, comparison, use, combination, blocking, disclosure, dissemination, destruction of the data.
2. Legal basis and Purposes of processing
Legal basis: EU Regulation no. 679/2016
A) without your express consent (article 6. Letter b), c), e) of the EU Regulation), for the following Purposes:
- to fulfil pre-contractual, contractual and tax obligations deriving from relations entered into with you;
- to fulfil the obligations established by law, by a regulation, by EU legislation of by an order of the Authority (for example on the subject of anti money-laundering);
- to exercise the rights of the Data controller, for example the right of legal defence;
- for keeping general accounts;
- for management purposes (invoicing, document management, etc.);
- for credit management;
- for statistical and quality control analyses;
- for insurance management;
- for technical assistance.
In particular, your data shall be processed for purposes connected to the implementation of the following commitments, pertaining to legal or contractual obligations:
- Functional and Technical Access to the website no data is kept after closing the Browser;
- Advanced browsing or personalized content management purposes;
- Statistical Purposes and Analysis of browsing and of users.
B) Only with your prior and specific consent (Article 7 of the EU Regulation) for the following commercial and/or marketing and/or profiling purposes:
- sending via email, post and/or text message and/or telephone contacts newsletters, commercial communications and or/advertising material on products or services offered by the Data controller and/or detecting the degree of satisfaction on the quality of what has been done as per your request;
- sending via email, post and/or text messages and/or telephone contacts commercial and/or promotional communications of third parties (e.g. business partners).
3. Methods of processing
The processing of your data is implemented by means of the operations mentioned in Article 4 no.2) of the EU Regulation and precisely: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, blocking. Your personal data are processed both by on paper and on electronic and/or automated media (in any case, suitable to guarantee the security and confidentiality of the data).
4. Data storage time and other information.
The Data controller will process the data for the time necessary to fulfil the purposes described above and in any case within the legal deadlines from the termination of the relationship for the Purposes of the relationship.
With reference to the personal data processed for Marketing Purposes or processed for profiling purposes, said data will be stored pursuant to the principle of proportionality and in any case while the purposes of the treatment are pursued or until the person concerned revokes specific consent.
Specifically, the Data controller shall process the data for no longer than two years from data collection for Marketing purposes and one year for data collected for Profiling purposes.
The personal data provided by you shall be processed “lawfully, fairly and in a transparent manner”, protecting your privacy and you rights.
5. Access to the data
Your data may be made accessible for the purposes indicated in points 2.A and 2.B):
- to the Data Controller's partners, employees and collaborators in Italy and abroad, in their capacity of persons in charge of data processing and/or internal data processors and/or system administrators;
- to third party companies and other subjects that carry our outsourcing activities on behalf of the Data controller, in their capacity of external data processors ( including but not limited to: associated studios, lawyers, data processing companies, certifying authorities, accountancy or tax consultants and in general to all Bodies responsible for verifying and checking correct fulfilment of the activities mentioned above, banking institutions, professional firms, consultants, insurance companies for the supply of insurance services, financial offices, Municipal Authorities and/or Offices, consultants and companies offering services and for safety in the workplace, who in turn may disclose the data, or grant access thereto within the context of their subscribing members, users and assignees for specific market research. The data collected and processed may also be disclosed, in Italy and abroad, to subcontractors, suppliers, for the management of information systems, to carriers, shippers and customs officers).
For the sake of brevity, the detailed list of these figures is available at our headquarters and is at your disposal.
6. Data disclosure
Without the need for express consent (Article 6 letters b) and c) of the EU Regulation), the Data Controller may disclose your data for the purposes of the preceding point 2.A) to supervisory bodies, judicial authorities, insurance companies for the supply of insurance services, as well as to those subjects to whom communication is mandatory under the law for carrying out the purposes mentioned above.
Said subjects shall process the data as independent data controllers.
During and after browsing, your data may be disclosed to third parties, in particular to:
- Google: Advertising service, Advertising target, Analytics/measurement, Content customizing, Optimization;
- Google AdWords: Advertising service, Advertising target, Analytics/measurement, Content customizing, Optimization;
- Google Analytics: Advertising target, Analytics/Measurement, Optimization.
Your data shall not be disseminated.
7. Data transfer
Personal data are stored on devices located at the headquarters of the Data controller or at providers, inside the EU. In any case, it is understood that the Data controller, if necessary, will be entitled to move data also to countries outside the EU. In this case, the Data Controller ensures as from now that the transfer of data outside the EU shall take place pursuant to applicable legal provisions, after drafting of the contractual clauses and standard verifications provided for by the European Commission.
Both as regards data present on its devices and any data present at providers, the Data controller has implemented adequate technical and organizational measures to guarantee a suitable level of security, in full compliance with the provisions of Article 32 of the EU Regulation.
Browsing: your browsing data may also be transferred, limited to the above mentioned purposes, to the following countries: -EU Countries, - United States of America.
Given that every browser, and often different versions of the same browser, can differ even considerably from one another, if you prefer to act independently through your browser preferences, you can find detailed information on the necessary procedure in your browser guide.
8. Nature of the provision of the data and consequences of the refusal to reply
The provision of data for the purposes of point 2.A) is mandatory. In their absence, we shall be unable to guarantee you the services as mentioned in 2.A.).
The provision of data for the purposes of point 2.A) is mandatory. In their absence, we shall be unable to guarantee you the services as mentioned in 2.A.)
The provision of data for the purposes indicated in point 2.B) is instead optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will be unable to receive newsletters, commercial communications and advertising material and/or other material related to the Services offered by the Data Controller.
However, you will still have the right to the Services mentioned in point 2.A).
9. Rights of the data subject
In your capacity of data subject, you have the rights under Article 15 of the EU Regulation set forth below and precisely:
1. You shall have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority (Garante per la protezione dei dati personali);
g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Where your personal data are transferred to a third country or to an international organisation, you shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3. The controller shall provide a copy of the personal data undergoing processing, if you request it. For any further copies requested by you, the controller may charge a reasonable fee based on administrative costs. Where you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Furthermore, if applicable, you can enjoy the rights stated by articles 16 to 22 of the EU Regulation, and in particular:
- right to rectification of personal data;
- right to be forgotten (right to erasure);
- right to restriction of processing;
- right to data portability;
- right to object;
- right to lodge a complaint with a Supervisory Authority.
You have, furthermore, the right to withdraw in any moment any consent already given, without affecting the lawfulness of processing based on consent before its withdrawal.
10. Methods by which to exercise rights
You may, at any time exercise the rights by sending:
- a registered letter with advice of receipt to our company (see address indicated in the letterhead);
- an email to the address firstname.lastname@example.org
What is offered by the Data Controller and the subject matter of the relationship existing with you does not involve the intentional acquisition of personal information referred to minors. If information regarding minors is involuntarily recorded, the Data Controller will delete it promptly, at the request of the interested party.
12. Personal data not obtained from the data subject
Our company may not be the Data controller to whom you have given your personal data, but is joint data controller or external processor and that your data reached our company secondarily through a contract between the parties. In this case, it is specified that we will do whatever is necessary to ensure that you have been informed and have given your consent to processing. You may at any time ask us to disclose the origin of acquisition of your data.
13. Data controller, Processor, D.P.O. and Persons in charge
Hereunder we provide you with information that you must be made aware of, not only to comply with legal obligations, but also because transparency and fairness towards our customers is a central part of our activity.
Data controller. The Data controller of your personal data is Meccanica Nicoletti srl represented by Mr. Guido Nicoletti, responsible towards you for the lawful and correct use of your personal data and who you may contact for any information or requests at the following number or address:
telephone +39 049 9620454 email: email@example.com
Person in charge of processing. The updated list of the persons in charge of processing is kept at the office of the Data Controller.