INFORMATION ON THE TREATMENT OF PERSONAL DATA.
NEROSUBIANCO S.R.L. with registered office in Mantova (MN), Corso Garibaldi 157, cap 46100, as owner of the processing of personal data (hereinafter “Owner”), issues this information to the interested party in accordance with European and Italian regulations on the protection of personal data.
Purpose and legal basis of the treatment
The Owner processes personal data for different purposes:
1) to respond to requests made through this form, for example to obtain information on its services (including the sending of the brochure, catalog and / or other informational material company), to get a quote, etc..: in this case the consent is not required because the treatment is necessary to respond to such requests;
2) use the e-mail address of the interested party to send commercial communications containing information about their services, as well as promotions or invitations to events in which the owner will participate: for this purpose the express consent of the interested party is required.
Period of data retention
The Owner intends to process data according to the following time criteria:
- if information is requested, the data will be processed for the time necessary to pursue the above-mentioned purposes, as a rule no longer than two months from the last contact with the interested party, without prejudice to further storage for the time necessary for the definition (however reached) of any disputes that may have been initiated and, subsequently, for the time corresponding to the period of prescription of the rights consequently arising;
- for the purpose referred to in point 2), the data will be processed for twenty-four months from the last communication.
Nature of data conferment and consequences in case of refusal
The provision of data for the purposes referred to in paragraph 1) is necessary and therefore the refusal to provide them in whole or in part may make it impossible for the owner to pursue the above purposes. The provision of data for further purposes is optional: in the absence of this, the Data Controller will not be able to carry out the corresponding activities but will still be entitled to pursue the purposes referred to in paragraph 1).
Categories of recipients
The Data Controller will not disseminate the data, but intends to communicate them to internal figures authorized to the treatment because of their duties, as well as credit institutions, credit insurance companies, credit recovery, business information, consulting, associations and / or business organizations, professionals or service companies, as well as public and private entities, including as a result of inspections and audits.
These recipients, should they process data on behalf of the Owner, will be appointed as data processors with a specific contract or other legal act.
Data transfer to a third country and/or an international organization
Personal data will not be transferred either to non-European third countries or to international organizations. However, the Data Controller reserves the possibility to use cloud services: in this case, the providers of such services will be selected from among those who provide adequate guarantees, as provided for by art. 46 GDPR.
Rights of the interested parties
The data subject has the right to ask the Data Controller to access their personal data and to rectify them if inaccurate, to delete them or limit their processing if the conditions are met, to object to their processing for legitimate interests pursued by the Data Controller, as well as to obtain the portability of the data personally provided only if they are subject to automated processing based on consent or contract. The interested party also has the right to revoke the consent given for the processing purposes that require it, without prejudice to the lawfulness of the processing carried out until the time of revocation.
In order to exercise his/her rights, the interested party may use the form available here and forward it to the Data Controller at the following address: firstname.lastname@example.org. The interested party also has the right to lodge a complaint with the competent supervisory authority, Garante per la protezione dei dati personali (www.garanteprivacy.it).