Privacy
Policy
PRIVACY POLICY STATEMENT
Object of processing
The Data Controller processes personal identification data (e.g., first name, last name, company name, address, telephone, cell phone, fax number, email, PEC.email, SDI code, tax code, VAT number, bank and payment references – hereinafter, “personal data” or also “data”) communicated by you in connection with the establishment of contracts for the products/services of the Data Controller.
Purposes of the processing.
Your personal data are processed:
A) pursuant to Article 6 letter b) and c) GDPR, for the following Purposes:
– Execution of the object of the contractual relationship to which you are a party or execution of pre-contractual measures taken at your request;
– fulfillment of pre-contractual, contractual and tax obligations arising from existing relations with You;
– fulfillment of obligations under the law, a regulation, EU legislation or an order of the Authority (such as anti-money laundering);
– exercise of the Controller’s rights, such as the right to defense in court;
Please note that if you are already our customer, we may send you commercial communications relating to products/services of the Controller, homologous to those already purchased by you from our company, through a previous business relationship, unless you disagree.
B) Only with your specific and distinct consent (art. 7 GDPR), for the following Marketing purposes:
– to send you via newsletter, e-mail, mail and/or sms, Facebook Messenger, Instagram Messenger, live chat of tawk.to, WhatsApp Messenger and/or telephone contacts, commercial communications and/or advertising material on products/services offered by the Owner and detection of the degree of satisfaction on the quality of products/services;
Method of processing
The processing of your personal data is carried out by means of the operations indicated in Article 4 No. 2) GDPR and namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing.
The Data Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for no longer than 10 years from the termination of the relationship for the Purposes indicated and for no longer than 3 years from the collection of the data for Marketing Purposes.
Access to Data
Your data may be made accessible for the Purposes stated in Art. 2.A) and 2.B):
– to employees and collaborators of the Controller in Italy and abroad, in their capacity as authorized and/or internal contact persons for the processing and/or system administrators;
– to third-party companies or other entities (by way of example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Controller, in their capacity as external data processors.
Communication of data
Without the need for your express consent (ex art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is obligatory by law for the fulfillment of the said purposes. These subjects will process the data in their capacity as autonomous data controllers.
Your data will not be disseminated.
Data transfer
Personal data will be processed both in paper and electronic and/or automated form at the legal headquarters of the owner, and stored within the European Union. Personal data received by us via e-mail or contact form on our website will be stored on Aruba S.P.A.’s servers in Arezzo, Rome and Milan (Italy) within the European Union.
Nature of data provision and consequences of refusal to respond
The provision of data for the purposes of Article 2.A) is mandatory. In their absence, we will not be able to guarantee the execution of the contract referred to in Art. 2.A).
On the other hand, the provision of data for the purposes of Art. 2.B) is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material related to the Products/Services offered by the Owner. You will, however, continue to be entitled to the Products/Services referred to in Article 2.A).
Rights of the Data Subject
In your capacity as a data subject, you enjoy the rights set forth in Art. 15 GDPR, namely the rights to:
obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in intelligible form;
obtain the indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, the
managers and the designated representative under Article 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as designated representative in the territory of the State, designated or authorized;
obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, by e-mail and/or by traditional marketing methods by telephone, tawk.to live chat, WhatsApp Messenger, Facebook Messenger, Instagram Messenger and/or paper mail.
Where applicable, it also has the rights under Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.
How to exercise your rights
You may at any time exercise your rights by sending:
– a registered letter with return receipt to the address of the holder’s registered office;
– an e-mail to info@ecosabsrl.com or certified e-mail address ecosabsrl@legalmail.it
Data controller, data processors and authorized persons
The data controller is the company ecoSAB S.R.L., with registered office in 39023 Oris (BZ), Via Plur 40.
The data controller is Sabatini Francesco.