Information note on the Processing of Personal Data pursuant to NEW GDPR 2016/679
1. Controller (Owner of data processing)
EA srl, with registered office in the Republic of San Marino, Strada degli Angariari 25, 47891 Falciano.
San Marino VAT number (C.O.E.): SM 05756.
E-mail address: firstname.lastname@example.org
The following data will be subject to processing:
- Personal information (i.e. company name, name and surname of reference people, address, telephone and fax numbers and e-mail addresses);
- Bank records.
3. Data collection and processing
Data collection and processing will be carried out using electronic and paper tools and according to safety, processing and internal organization procedures closely connected with the following purposes in order to ensure confidentiality and integrity in compliance with people's rights as provided for by the laws in force.
In particular, data will be collected and processed using the following tools:
• Paper tools (quotations, order confirmations, transport documents and invoices);
• Computer tools (in-house business programmes);
• Telecommunication tools (fax, e-mail and newsletters).
4. Processing purposes
Collected data will be processed for the following purposes:
a) Supply of services upon data subject's request:
• ordinary administration and business management (i.e. quotations, orders, invoices, transport documents, etc.);
• administration purposes to fulfil law requirements (accounts, registers, etc.).
b) Marketing permission:
• delivery of information and business communications, newsletters and/or advertising material about products and services offered by the controller;
• surveys to assess the level of clients' satisfaction as for service quality.
5. Legal basis of data processing
Clients' consent to data processing for the purposes detailed in article 4, letter a) above is compulsory. Therefore, any total or partial denial to the use of such data will impede the supply of required services.
The consent to data processing for the purposes detailed in article 4, letter b) above is elective and it may be granted by data subjects only by:
• Filling in contact forms on a voluntary basis, asking for information/cooperation or subscribing to receive the newsletter at www.easrl.com;
• Replying to a communication/information note sent by e-mail or newsletter (in this case by clicking on available links therein).
As for the second purpose, consent may be freely revoked and, at any time, data subjects may ask for cancellation, rectification and/or update of their data.
6. Access to personal data
Besides the controller, the data may be accessed by its employees and staff in their role as people in charge of data processing (i.e. administration, sales, marketing or stock department) for the purposes listed in article 4.
7. Data disclosure
With no need for explicit consent, the controller may disclose the data to third parties such as supervisory bodies, judicial authorities, professionals, public offices, advisors, insurance companies for the supply of insurance services, suppliers of technical services, couriers, hosting providers, computer companies, outsourcing agencies, as well as to those entities entitled by Law provisions to be notified such information to fulfil their duties. If necessary, such third parties may be charged with data processing by the controller.
An updated list of the people in charge of data processing shall be made available by the controller at any time.
8. Place of data processing
The data will be processed at the operational headquarters of the controller and in any other place were the people involved in data processing are based.
The processing, storage and transfer of personal information will be done in compliance with GDPR 2016/679.
9. Period of storage
Compulsory personal information processed for contractual and administrative purposes or for reasons referred to the lawful interest of the controller shall be archived in our database for the time necessary to complete business relations and for all the time provided for by tax and public security laws in force. Any user has the right to contact the controller to obtain further information about the lawful interest of the latter.
If data subjects have given their consent to the use of personal information for any other purpose, the data will be archived in our database until they ask for their cancellation.
However, if the parties do not exchange any information, either to fulfil law obligations or against an order issued by an authority, after 10 years the data will be stored only for statistical purposes.
8. Data subjects' rights
Data subjects may exercise specific rights as for the data processed by the controller. In particular, they can ask for and obtain to know:
1. If data referring to them exist and receive them in an intelligible form;
2. Where such data were taken from;
3 The purposes such data were collected for and how they will be processed;
4 How they will be used in case of electronic processing;
5. All personal information about the controller, the entities in charge of data processing, designated officers and any third party to whom the data may be communicated or who may learn about them;
6. If any update, rectification or addition to the data has occurred;
7. About any cancellation (right to be forgotten), change into an anonymous form or blocking of processed data due to the fact that they are no longer necessary for the purposes they had been collected and processed for or because the consent was revoked in order to comply with legal obligations or because such data were being processed in an unlawful way;
8. About consent revocation, except it is necessary for the purposes explicitly listed under article 4, letter a) above. Consent revocation will not affect the lawful processing of data carried out based on the consent granted before revocation;
9. About the confirmation that the procedures under articles 6) and 7) above have been communicated to those whom the data had been previously disclosed to, except for the cases when such action is proved to be impossible or requires the use of tools which are clearly disproportionate to the request for right to protection;
10. About the right to object or limit (totally or partially for lawful reasons) data processing, even though such information is relevant for collection purposes;
11. About the right to submit claims to the Data Protection Authority.
In order to exercise their rights, data subjects may send a petition to the controller at the mail or e-mail address listed in this document. All petitions will be free of charge and processed by the controller as soon as possible or not later than 30 days after it has received them.