INFORMATION NOTE ON PERSONAL DATA PROCESSING IN ACCORDANCE WITH ARTICLES 13 - 14 OF EU REGULATION 2016/679
In accordance with EU Regulation 2016/679 (hereinafter referred to as the "Regulation" or "GDPR") and the national legislation in force regarding the protection of personal data, this information note is provided: to natural persons acting in the name and on behalf of Customers, to Customers themselves if they are natural persons (e.g. sole proprietorship or independent professional), hereinafter also Data subjects.
1. Data controller: Calearo Antenne Spa based in via Bacchiglione, 49, Isola Vicentina 36033 VICENZA (ITALIA), TAX CODE AND VAT N. 05059470962, +39.0444.901311, fax. +39.0444.901375 e-mail: firstname.lastname@example.org.
2. Type of data processed - The personal data processed are collected directly from the Data Subjects or from the company for which they work, during pre-contractual activities, stipulation and execution of the contract. These common data are personal data (surname and first name, ...), contact data (telephone number, e-mail address, ...). The Data Controller shall not process any "sensitive" or "special" data (see art. 9 of the GDPR). Personal data are processed, in compliance with the provisions of the GDPR and the Privacy Regulations in force, by means of manual, paper, computerised and telematic tools, including automated ones, and according to the principles of fairness, lawfulness and transparency so as to guarantee data security and confidentiality. In particular, processing may take place through automated systems (such as e-mail or other electronic communication) and traditional systems.
3. Purpose, legal basis of data processing and data provision obligation - The Data Controller processes personal data:
1. for purposes strictly related and aimed at the management and execution of contracts with Customers (e.g. acquisition of information prior to the conclusion of a contract, provision of services, management of evolutionary requests, assistance, ...). The provision of personal data for these purposes and the related processing are essential to the extent that the Data Subjects deem it necessary to communicate them in order to ensure the effectiveness of the pre-contractual, supply and assistance activities carried out by the Data Controller. These processing operations do not require the Data Subjects’ consent. The legal basis for processing is identified in the need to enter into or fulfil a contract;
2. in the case of sole proprietorship or independent professional, for purposes of protecting the Data Controller assets and rights, including the acquisition of information related to the Data Controller solvency or debt recovery. The data are necessary for the conclusion of the contract. The legal basis for processing is identified in the legitimate interest of the Data Controller and no consent is required;
4. Categories of personal data recipients: personal data, within the limits and for the purposes specified, can be transferred to or come to the knowledge of and be therefore processed by:
A. employees and consultants of the Data Controller, agents, companies providing IT services (website management, internet services, …), possibly as independent data processors;
B. forwarders or carriers of the goods to be delivered;
C. companies specializing in information systems on Customer solvency, companies and/or professionals for debt recovery;
D. manufacturers of the goods supplied by the Data Controller;
E. subjects who can access the data according to the law or EU regulations, within the limits specified by law;
The full list of recipients is available from the Data Controller.
5. Data retention time: the personal data at hand are processed for the entire duration of the business relationship and for a maximum of 10 years after that date.
6. Transfer of personal data to another country: data are normally processed in Italy.
7. Automated decision-making processes: any decision-making process including profiling is excluded.
8. Data Subject Rights: the Data Controller informs that, with reference to the data provided, you have the following rights, as Data Subject:
A. access to your data and acquisition of a copy of the same: to obtain confirmation from the Data Controller as to whether or not your Personal Data are being processed and, if so, to gain access to your Personal Data and to the information provided for by art. 15 of the GDPR, including, by way of example, the processing purposes, the categories of Personal Data processed, etc.;
B. correction: to have inaccurate Personal Data rectified as well as, taking into account the processing purposes, incomplete Data integrated by the Data Controller, providing adequate documentation;
C. erasure of Personal Data: to ask for your Personal Data to be erased by the Data Controller, if one of the reasons provided for in art. 17 of the GDPR applies, including, by way of example, when your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. The Data Controller shall have no obligation to erase your Personal Data if their processing is necessary, for example, for compliance with a legal obligation, to establish, exercise or defend a right before the courts;
D. restriction of processing: to restrict the processing of your Personal Data when one of the cases provided for in art. 18 of the Regulation applies, including, for example: the accuracy of your Personal Data is contested, for a period enabling the Data Controller to carry out the necessary checks; objection to processing, pending the verification by the Data Controller whether the legitimate grounds override those of the Data Subject;
E. portability of electronic data subject to automated processing: to receive from the Data Controller a copy of the Personal Data you provided in a structured, commonly used and machine-readable format (e.g. computer and/or tablet); to transmit your Personal Data to another Data Controller, third party, without hindrance from the Data Controller and according to your precise authorizations and indications;
F. object to processing: to stop the processing if this is carried out in pursuit of a legitimate interest of the Data Controller, unless there are legitimate reasons for the Data Controller (reasons overriding the interests, rights and freedoms of the Data Subject), or processing is necessary to establish, exercise or defend a right before courts;
G. to lodge a complaint with the competent supervisory authority: the Data Protection Authority.
9. Contact data: for any clarification and to exercise their rights the Data Subjects may contact the Data Controller by writing to: