INFORMATION NOTICE PURSUANT TO ART. 13 OF EU REGULATION 2016/679
Pursuant to art. 13 and 14 of (EU) Regulation no. 679/2016 (hereinafter referred to also as “GDPR” or “Regulation”), BDF Digital S.p.A. (hereinafter referred to also as “BDF” or the“Controller”),informs you that the personal data (hereinafter “Data”) concerning you or your company (hereinafter also the “Customer”) and physical persons acting on your behalf, collected from the Customers or third parties, will be processed in compliance with the provisions of (EU) Regulation no. 2016/679 and in conformity with the following information notice.
It is understood that it is the Customer’s responsibility to inform the natural persons acting on their behalf for the processing of the Data referred to in this information notice and to request, where necessary, their consent.
The Data Controller is BDF Digital S.p.A., with registered office at 40, Viale dell’Industria, 36100 Vicenza – e-mail, firstname.lastname@example.org.
PURPOSE OF THE PROCESSING AND LEGAL BASIS
The data are used by the Data Controller to follow up the registration request and the contract for the supply of products/services purchased, manage and implement the contact requests sent by the Customer, provide assistance, comply with the legal and regulatory obligations to which the Controller is bound according to the activity exercised. Under no circumstances does BDF Digital resell the Customer’s personal data to third parties or use them for undeclared purposes.
In particular, Customer data will be processed for:
a) registration and contact requests and/or information material
The processing of the Customer’s personal data takes place to perform the preliminary activities and those subsequent to the request for registration, to the management of requests for information and contact and/or to send information material.
The legal basis of this processing is the fulfilment of the services inherent to the request for registration, information and contact and/or sending information material art. 6, paragraph 1, letter b) of the Regulation.
b) Purposes related to the management of the contractual relationship
The data will be processed for: the establishment, management and termination of the contractual and commercial relationship resulting from the purchase of products/services, the management of the related order, production and/or shipment of the purchased Product and/or the provision of the Service; the fulfilment of accounting and tax obligations; the fulfilment of legal obligations; audits of a fiscal and accounting nature; the management of disputes; the provision, support, updating and information regarding the Products offered.
The legal basis of this processing is the fulfilment of the services inherent to the contractual relationship and compliance with legal obligations art. 6, paragraph 1, letter b) and letter f) of the Regulation.
c) Purposes related to promotional activities
The data will be processed for initiatives of sending information/promotional material and information on the activities and events in which BDF Digital participates or organised by BDF Digital.
This processing can be automated, using the following methods:
– telephone contact.
The legal basis of the processing is pursuant to art. 6, paragraph 1, letter f) “lawfulness of the processing based on the legitimate interest of the Data Controller”.
d) compliance with legal obligationsThe data will be processed to fulfil legal obligations, to which the Data Controller is subject (for example accounting, retribution, social security, anti-terrorism checks).
The legal basis of this processing is the fulfilment of the services inherent to the contractual relationship and compliance with legal obligations art. 6, paragraph 1, letter c) of the GDPR.
DATA PROVISION AND CONSEQUENCES IN CASE OF FAILURE TO PROVIDE SUCH DATA.
The provision of the Data for the purposes referred to in letter a), b) and d) is optional, but necessary for the fulfilment of legal and contractual obligations and the pursuit of the aforementioned legitimate interests of the Controller. In all these cases, failure to provide the data will make it impossible for the Controller to establish business relations with the customer. The provision of data for the purpose referred to in letter c) is optional and failure to provide them will make it impossible for the Controller to perform the functional activities to achieve the purpose in question.
DATA PROCESSING METHODS
The protection of the data of its Customers is the primary interest of BDF DIGITAL S.P.A. who base their processing on the principles of fairness, lawfulness and transparency. Therefore, personal data will be processed through the use of tools and procedures suitable to guarantee the maximum security and confidentiality, through paper-based archives and means, with the aid of digital media, computer and electronic means.
The Data will be retained for a maximum period of time equal to the period of limitation of the rights that can be activated by the Controller, as applicable from time to time.
Regardless of the Customer’s determination to remove them, the personal data will in any case be stored according to the terms established by current legislation and/or national regulations, for the sole purpose of ensuring compliance.
Furthermore, personal data will in any case be kept for the fulfilment of the obligations (for example fiscal and accounting) that remain even after the termination of the contract (art. 2220 of the It. Civil Code); for these purposes the Controller will retain only the data necessary to achieve the relative purpose.
Except in cases where the rights deriving from the contract and/or registration were to be enforced, in which case the personal data of the Customer, exclusively those necessary for such purposes, will be processed for the time necessary for their pursuit.
RECIPIENTS or CATEGORIES of RECIPIENTS
The communication of the Customer’s personal data takes place primarily with regard to third parties and/or recipients whose activity is necessary for the performance of the activities related to the relationship established and to meet certain legal obligations, such as:
|Categories of recipients
||Administrative, accounting and contractual obligations,
|Group companies and third-party suppliers*
||assistance, maintenance, delivery/shipment of products, provision of additional services related to the requested performance
|Credit and digital payment institutions, banking/postal institutions
||Management of collections, payments, refunds related to the contractual performance
|External professionals/consultants and consulting firms
||Fulfilment of legal obligations, exercise of rights, protection of contractual rights, debt recovery
|Financial administration, Public bodies, Judicial Authorities, Supervisory and control authorities
||Compliance with legal obligations, defence of rights; lists and registers held by public authorities or similar bodies on the basis of specific legislation, in relation to the contractual performance
|Formally delegated individuals or those holding a recognised legal right
||Legal representatives, legal guardians, administrators, etc.
*The Controller imposes compliance with security measures pursuant to art. 32 of the GDPR to Third party suppliers and to the Data Processors.
Customer data will not be disseminated but they will remain within the BDF Group for the purposes set out above
The Controller does not transfer the Customer’s personal data in countries where the GDPR is not applied (non-EU countries), unless otherwise specifically indicated, for which an information notice will be provided and authorisation will be requested from the Customer.
RIGHTS OF THE CUSTOMER
Customers are entitled to the rights, within the limits and in the cases provided for by the Regulation as referred to in articles 15 to 20. By way of example, each Customer can:
- obtain confirmation as to whether or not personal data relating to the data subject are being processed;
- if processing is in progress, obtain access to personal data and information related to the processing and request a copy of the personal data;
- obtain the correction of inaccurate personal data and the completion of incomplete personal data;
- obtain, if one of the conditions envisaged by art. 17 of the GDPR exists, the erasure of personal data concerning the data subject;
- obtain, in the cases provided by art. 18 of the GDPR, the limitation of the processing;
- receive personal data concerning him/her in a structured format, of common use and legible by an automatic device and request their transmission to another controller, if technically feasible.
OBJECTION TO THE PROCESSING
The Customer may revoke, at any time, the consent to the processing of their personal data, sending the request to email@example.com, without, however:
- affecting the lawfulness of the treatment based on the consent given before the revocation;
- affecting further processing of the same data based on other legal bases (for example, contractual obligations or legal obligations to which BDF DIGITAL S.P.A. is subject.
RIGHT TO LODGE A COMPLAINT WITH THE AUTHORITY
Furthermore, each Customer may lodge a complaint with the Data Protection Authority in the event he/she believes that the rights they hold under the GDPR have been violated, in accordance with the procedures indicated on the website of the Authority accessible at: www.garanteprivacy.it.