With reference to the data provided when the current contractual relationship was entered into and to the data that will be provided for the purpose of managing future contractual relationships, and given that, pursuant to EU Regulation 2016/679 of 27 April 2016:
- data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the main purposes and means of the processing of personal data, even with respect to data protection
- data processor is the natural or legal person, public authority, agency or other body which, alone or jointly with others, processes personal data on behalf of the controller
- data subject is the natural person to whom the Personal Data refers
- third party is a natural or legal person or body not related to ROJ
- personal data is any information relating to an identified or identifiable natural person such as his/her physical appearance, habits, lifestyle, personal relationships, health status, financial status
and that, according to the same EU Regulation 2016/679, the processing of personal data, meant as any operation involving them, is allowed, in addition to the cases already foreseen, with the freely-expressed consent of the Data subject to the data processing after he/she has been provided with the information referred to in Article 13 (“Information”) of the EU Regulation 2016/679, we inform you of the following:
1. Data controller and Data processor
The Data controller (the person in charge for all decisions relating to the purposes and means of the processing of personal data, including the data protection and the tools used) is Nuova ROJ Electrotex (referred to hereinafter as ROJ). – Via Vercellone, 11 – 13900 Biella – Italia – P. IVA IT 01737580025 in the person of its legal representative Ing. Franco Oliaro, with legal address at the company’s registered office.
2. Purpose and legal basis for the Processing
Any and all personal data provided by the Data subject will be used, in compliance with the regulations in force and with the obligation of confidentiality, exclusively for purposes connected and / or subordinate to entering into the contractual relationship between the writer and the Data subject – therefore excluding any different use and / or any use coming into conflict with the interests of the latter (“Data subject”) – such as:
- 1. Compliance with current legislation on tax and accounting matters
- 2. Fulfillment of contractual obligations to which the Data subject is a party
- 3. Requirements related to Customers management (personal data records, contracts, orders and invoices)
- 4. Requirements related to Suppliers management (personal data records, contracts, orders and invoices)
- 5. Litigation management
- 6. Market research, sending of informative and promotional material, marketing and advertising activities, both using traditional contracts and automated communication means
- 7. Detection of customer satisfaction
- 8. Statistical analysis, even for Marketing purposes
3. Data provision
The provision of personal and identification data is mandatory for the fulfillment of the foreseen legal requirements, even within the scope of EU law, (par. 2, no. 1); as far as the additional purposes are concerned, the data provision is optional.
4. Refusal to provide data
Failure to provide the aforementioned data, with regard to the purposes referred to in par. 2 no. 1, 2, 3 , 4, 5 shall carry with it the impossibility to perform the contract and / or to fulfill the requirements, even of a fiscal nature, related to the contractual relationship, to the extent that this data is necessary for the performance of such contract.
5. Data recipients
As far as the undersigned Company is concerned, the processed personal and identification data may be disclosed to the following categories of internal and external appointees and / or representatives, identified in writing and to whom specific instructions have been previously given:
- management and Administrative office staff, for the purposes referred to in par. 2, no. 1 2, 3, 4 and 5
- marketing and Sales Department staff, for the purposes referred to in par. 2, no. 2, 3, 4, 5, 6, 7
- professionals or Service Companies for the fulfillment of corporate, tax and accounting obligations, corporate administration and management, including employees operating on behalf of the company itself
- system administrators
- professionals or Service companies operating on behalf of the Company for the management and maintenance of the IT system; any and all personal data may, for purposes related to the aforementioned par. 2, be disclosed to:
– credit institutions
– insurance companies
– service companies dealing with financial information and debt collection
Personal data is not subject to public disclosure or transfer to non-EU countries or International organizations.
6. Processing methods and retention period of personal data
The processing of personal data will be carried out with paper and electronic tools allowing the storage, management and transmission of the same, in order to ensure adequate protection and confidentiality of the data itself, within the scope and provisions of the pertaining regulations.
The data provided shall not be subject to any automated decision-making process, including profiling. All the aforementioned data will be stored even after the termination of the contractual relationship to comply with all related or derivative obligations for a period of 10 years.
7. Data subject Rights
The European Regulation 679/2016 recognizes the rights listed below, which you can exercise in relation to the Data Controller. Below you will find a complete extract of the related law provisions.
Any request about your rights and/or any request for information or explanations you may need can be sent by written to the Data Controller/Processor, by ordinary mail to the following address: ROJ S.r.l. – Via Vercellone, 11 – 13900 Biella, or by e-mail to firstname.lastname@example.org.
7.1. Right of access by the Data subject
According to art. 15 of the European Regulation you shall have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data.
7.2. Right to rectification
According to art. 16 of the GDPR you shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
7.3. Right to erasure
According to art. 17 of the GDPR you shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the grounds foreseen by the regulation applies.
7.4. Right to restriction of processing
According to art. 18 of the GDPR you shall have the right to obtain from the controller restriction of processing where one of the cases foreseen by the regulation applies.
7.5. Right to Data Portability
According to art. 20 of the European Regulation you shall have the right to receive the personal data concerning you, which you have provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Furthermore, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
7.6. Right to object
According to art. 21 of the European Regulation you shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
7.7. Consent withdrawal right
According to art. 7 of the European Regulation you shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
7.8. Right to lodge a complaint
According to art. 77 of the European Regulation you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation.
The Data Controller