Information on the processing of personal data (art. 13 GDPR 2016/679)
REASON FOR THIS NOTICE
This page describes the processing carried out by our company on personal data relating to any type of data subject (hereinafter “data subjects” pursuant to Art. 4, p. 1 of GDPR). The purpose is to illustrate the corporate policy implemented to guarantee compliance with the provisions of GDPR 2016/679 L.D. 196/2003, relevant national measures, guidelines issued by the European Data Protection Board as well as EC directives on the protection of the data of natural persons.
It is intended to provide information pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR) to those who enter into any form of relationship with our company.
The Data Controller is the undersigned Company:
Molino Grassi Spa,
Via Emilia Ovest 347
43126 Parma (PR) Italy
- All data are processed lawfully, fairly and in a transparent manner in relation to the data subject, in compliance with the general principles provided for by Article 5 of the GDPR;
- Specific security measures are implemented in order to prevent the loss of, unlawful or unfair use of, or unauthorised access to the data.
TYPES OF DATA PROCESSED
DATA FOR REQUESTING CONTACT
The optional, explicit and voluntary provision of the personal data necessary to request contact through the forms on this website, or through any email addresses indicated on this website, results in the subsequent acquisition exclusively of the data necessary to respond to the requests sent.
|Purpose and legal basis for processing(GDPR – Art.13, par. 1, c)||These data are used exclusively for the purpose of responding to the information requests sent by filling out the forms.|
|Scope of communication(GDPR – Art.13, par. 1, e, f)||Your data will be processed only by internal staff who have been duly authorized and trained for processing (GDPR, Art.29) and they will not be disclosed to external persons, disseminated or transferred to non-EU countries. They may be disclosed to competent authorities only in the event of an investigation. Any other case will be specified in the relevant form.|
|Processing methods(GDPR C. 39)||Personal data are processed using automated instruments, for the time strictly necessary to attain the purposes for which the data were collected.Specific security measures have been deployed in order to prevent the loss of, unlawful or unfair use of, or unauthorised access to the data,|
|Retention period(GDPR – Art.13, par. 2, a)||The data are usually stored for short periods of time, exclusively to fulfil the requests received.|
|Provision(GDPR, Art.13, par, 2, f)||The data is provided by the data subjects on an optional basis.|
|Legal basis(GDPR – Art.6, par. 1).||The processing is necessary to fulfil the requests received, and therefore consent is expressed by filling out the forms.|
DATA OF CONSUMERS/END USERS, REPRESENTATIVES OF CLIENT COMPANIES, REPRESENTATIVES OF SUPPLIER COMPANIES
The personal data provided by the above data subjects or collected during the performance of contract-related activities, derive from the need to carry out the activities organized by the parties.
|Purpose and legal basis for processing(GDPR – Art.13, par. 1, c)||Data is collected and used in order to:enter into contractual/professional relationships; fulfil pre-contractual, contractual and tax-related obligations deriving from existing relationships, as well as to manage the associated communications;comply with legal obligations, regulations, EU standards or with the orders of the Authority;exercise a legitimate interest or right of the Data Controller (e.g. the right to defence in Court, the protection of credit positions; ordinary internal requirements in the areas of operations, management and accounting).|
|Scope of communication(GDPR – Art.13, par. 1, e, f)||Your data will be processed only by internal staff who have been duly authorized and trained for processing (GDPR, Art.29) and they will not be disclosed to external persons, disseminated or transferred to non-EU countries. Any other case will be specified in the relevant form.|
|Processing methods(GDPR C. 39)||Your personal data will be processed by automated systems and on paper.Specific security measures have been deployed in order to prevent the loss of, unlawful or unfair use of, or unauthorised access to the data,|
|Retention period(GDPR – Art.13, par. 2, a)||Data are normally stored for short periods of time, as strictly needed for fulfilling contractual or regulatory obligations.|
|Provision(GDPR – Art.13, par. 2, f)||They are requested by our company for the purposes indicated.|
|Legal basis(GDPR – Art.6, par. 1).||Processing is necessary for entering into contractual relationships and therefore consent is not required.|
DATA FOR REGISTRATION TO ONLINE SHOP
The personal data provided by the data subjects when filling out specific forms for activating accounts are subject to processing with the purpose of registering users with the online shop site.
|Purpose and legal basis for processing(GDPR, Art.13, par. 1, letter c)||Personal data are requested to data subjects to follow up the registration on the online shop site. The provision of data in the registration form and/or in the form for purchasing products, as well as other personal data that may be requested for payment and delivery of the goods, is aimed at fulfilling the order and signing the agreement.|
|Scope of communication(GDPR, Art.13, par. 1, letters e and f)||The categories of people authorised to process data for the above purposes are the people in charge of managing the site, the accounting, the customer service, the IT systems, as well as third companies that process data on behalf of Data Controller (such as, by way of example, companies providing IT maintenance services, shipping companies and carriers, legal consultants, companies carrying out and/or managing promotional campaigns, etc.); data may be communicated to the authorities entitled to receive them.To have the full list of people processing the data collected, data subjects are invited to contact the Customer Service.The data collected shall not be notified to external subjects, disclosed or transferred to countries outside the EU. Any other case will be specified in the relevant form.|
|Retention period(GDPR, Art.13, par. 2, letter a)||The data collected are stored solely for the time necessary to allow us to provide the requested services.|
|Provision(GDPR, Art.13, par. 2, letter f)||The provision of personal data is mandatory for the purposes given above to be able to provide the requested services.|
The information systems and software procedures required for the proper functioning of this site will acquire, during normal operation, some personal information whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers used by the users that connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, request time, method used to submit the request to the server, size of the response file, numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment.
|Purpose and legal basis for processing(GDPR, Art.13, par. 1, letter c)||These data are used only to obtain statistical information on website use and to check that is functioning properly. Data could be used to ascertain responsibility in case of alleged computer fraud against the website (legitimate interest of Data Controller).|
|Scope of communication(GDPR, Art.13, par. 1, letters e and f)||Your data will be processed only by internal staff who have been duly authorized and trained for processing (GDPR, Art.29) and they will not be disclosed to external persons, disseminated or transferred to non-EU countries. They may be disclosed to competent authorities only in the event of an investigation. Any other case will be specified in the relevant form.|
|Retention period(GDPR, Art.13, par. 2, letter a)||Data are normally retained for brief periods of time, except for possible extensions connected with investigation activities.|
|Provision(GDPR, Art.13, par. 2, letter f)||Data in a non-identifying form are collected autonomously and without consent. Data in an identifying form are provided voluntarily by the data subjects after giving consent.|
RIGHTS OF THE DATA SUBJECT (GDPR Articles 15–22)
At any time, the data subject may exercise the right to:
- ask for confirmation of the existence or otherwise of their personal data;
- obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated, and, where possible, the period of time for which the data will be stored;
- obtain the rectification or erasure of the data;
- obtain restriction of processing.
- obtain data portability, i.e. receive them from one data controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance;
- object to the processing at any time, including in the case of processing for direct marketing purposes;
- object to an automated decision-making process relating to individuals, including profiling;
- file a claim with the Italian Data Protection Supervisor.
Requests must be sent to the Data Controller by writing to the e-mail addresses that refer to the specific data processing purposes: email@example.com
Every effort will be made to make the functions of this site as interoperable as possible with automatic privacy control mechanisms available in some of the products utilised by users.
This information document is updated as at 11/06/2023.