Privacy Policy

General Privacy Policy – Fossati Serramenti Srl

Information provided pursuant to Article 13 of EU Reg. 2016/679 (hereinafter the GDPR) and Italian Legislative Decree No 196/2003 “Personal Data Protection Code” as amended by Italian Legislative Decree No 101/18

1) GENERAL INFORMATION

Anyone concerned by the following general profiles, which are valid for all areas of the processing, should please note that:

• all data subjects’ data with whom we interact is processed lawfully, fairly and transparently, in accordance with the general principles laid out in Article 5 of the GDPR;
• special security measures are followed to prevent any data loss, unlawful or improper use of data and unauthorised access, pursuant to Article 32 of the GDPR.

References and data subject rights

The Data Controller is the undersigned Organisation, in the person of its present legal representative. In order to guarantee appropriate support for data subjects, the Data Controller has appointed a DPO, who they may contact (Contact details: Dr Claudio Inzani – +39 0523-1865049 – dpo@gallidataservice.com) to exercise any of the rights set out by Articles 15-21 of the GDPR (right to access, amend, delete, limit, make portable or object), as well as to withdraw previously granted consent; if they do not receive a reply to their requests, data subjects may file a complaint with the Italian Data Protection Authority (GDPR - Article 13, paragraph 2, letter d).

2) PROCESSING OF DATA CONNECTED TO RELATIONSHIPS ESTABLISHED WITH CUSTOMERS AND SUPPLIERS

2.1) Subject of data processing::
The company processes identifiable personal data of current and potential customers/suppliers (for example, their name, surname, company name, personal/tax details, address, telephone number, e-mail address, bank and payment details) and of their operating representatives (name, surname and contact details) acquired and used to provide any requested and provided services.

2.2) Purposes and legal grounds for the processing::
Data is processed to:

• conclude contractual/professional relationships;
• fulfil pre-contractual, contractual and tax obligations from any existing relationships, as well as to handle any necessary communications linked to these relationships;
• fulfil obligations required by law, regulations, EU legislation or orders from the Italian Data Protection Authority;
• exercise a legitimate interest or right of the Data Controller (for example: the right to defend oneself in a court of law; the protection of receivable balances; ordinary internal operational, managerial and accounting requirements; the assessment of solvency and reliability prior to granting a credit limit; the protection of corporate assets, etc).

If this data is not provided, it shall not be possible to establish a relationship with the Data Controller. Pursuant to Article 6, paragraphs b, c and f, these purposes constitute appropriate lawful legal grounds for the processing. If any processing is planned for other purposes, data subjects shall be asked for their appropriate consent; for example, with users’ informed consent, the company might carry out promotional work through the website https://www.iubenda.com/privacy-policy/65217670/legal (Displaying content from external platforms, Statistics and Remarketing and behavioural targeting).

2.3) Processing methods
Personal data shall be processed through the operations indicated under Article 4(2) of the GDPR and more specifically: the collection, recording, organisation, storage, consultation, processing, amendment, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Personal data shall be processed both in paper and electronic and/or automated forms. The Data Controller shall process personal data for the time required to fulfil the purposes for which it was collected and for any relevant legal obligations.

2.4) Scope of the processing
Data is processed by properly authorised and trained in-house employees pursuant to Article 29 of the GDPR. You may also request the scope of communication of personal data, obtaining specific information on any potential external individuals operating as independent Data Processors or Data Controllers (consultants, technicians, banks, carriers, warehouse staff, etc).

3) POLICY UPDATES

Please note that this policy may be revised regularly, including in relation to any relevant regulations and case law. Any major changes will be suitably highlighted on the website homepage for a reasonable period of time. Data subjects should check this policy regularly in any case.