NOTICE PURSUANT TO ARTICLE 13 OF THE EU NO. 679/2016
(on the protection of natural persons with regard to the processing of personal data and on the free movement of such data)
the company BIBIELLE S.P.A., with registered office in Via Cuneo, 35 – 12040 Margarita (CN), fiscal code 02179070046 as Controller of the process, pursuant to article 13 of European Regulation No. 679/2016, would like to inform you that your personal data will be processed in accordance to the principles established by G.D.P.R. (General Regulation about the Protection of Personal Data, under EU 679/2016), i.e. in accordance to the principle of lawfulness, correctness, transparency, limitation of the purposes and preservation, minimization of data usage, accuracy, integrity and confidentiality.
OBJECT OF THE PROCESS
The data subject to the process are:
1. web surfing data;
2. personal, identification data and contact details.
SOURCE OF DATA
The Controller processes the web surfing data and the personal data which are spontaneously given by the concerned person in occasion of:
visits or telephone calls;
request of a work quote or proposal of an offer;
interactions by way of the official website (compiling the form “Contacts”).
PURPOSE AND LEGAL BASIS OF THE PROCESS
The personal data intentionally provided will be subject to the process pursuant to the purposes set forth below.
With regard to the web surfing data: to allow the user to browse on the Controller’s website; to execute surveys/statistical analysis on aggregate or anonymous data, with no possibility to identify the Visitor, and with the aim to measure the functioning, the traffic and the interest on the website itself; to fulfill the law obligation to whom the Controller is subject.
With regard to the personal, identification data and contact details:
By executing the agreement between the concerned person and BIBIELLE S.P.A. o executing pre-contractual measures adopted upon request of the concerned person himself to:
perform the administrative-accounting activities strictly related and ancillary to the fulfillment of fiscal and administrative obligations and to management of the requested performances;
exchange information, including the pre- and post- contractual activities;
supply goods and services requested and protect the creditors’ claims which might derive; and
finalize the request of information, set quotas and offers, manage the negotiation and the pre-contractual relationships; and
make demands or handle the requests.
With the approval of the concerned person, to:
send commercial and/or promotional communication concerning the products, services, news and offers.
Pertaining to the marketing activity, it must be clarified that, being absent a specific consent given by the concerned person, the abovementioned activities shall not be performed.
COMMUNICATION OF DATA
The personal data processed by the Controller will not be circulated or will not be given to any unknown person, in any form, including in the form they have been presented or for simply consultation.
The personal data might be, instead, circulated to employees of the Controller’s company and to external Controller’s collaborators. In particular, depending on work roles, some employees might be entitled to process personal data within the limit of their competences and in line with the Controller instructions. The personal data might be also circulated, within strictly necessary limits, to any subject supplying goods and/or executing performance or services upon our request of information and budget. Furthermore, the personal data might be circulated to any subject who is entitled to under laws, regulations, and European provisions for fiscal employment consultancy.
Furthermore, the personal data might be circulated to any third party belonging to one of following categories:
-suppliers of services for the management of the IT system;
-entrepreneurs, firms and companies within relations of assistance and fiscal and employment consultancy;
-competent authority to fulfil obligations arising from law and/or provisions enacted by public bodies, upon request.
TRANSFERRING OF DATA
The Controller of the processing data does not transfer personal data to any third country or to any international organization. However, the Controller retains the right to use the services by way of cloud modality; in such a case, the suppliers of the services will be selected among those who grant the adequate guaranties, pursuant to article 46 G.D.P.R. 679/2016.
MODALITIES OF THE PROCESSING AND PROTECTING DATA
The processing of personal data will take place either automatically or manually, by way of modalities and tools ensuring the maximum level of safety and confidentiality, and it will be executed by subjects whose characteristics must be in line with article 4 and with the accountability principle of the G.D.P.R.
The Controller stores and processes personal data for the period necessary to achieve the aforementioned purposes and to perform what requested by the Users. Subsequently, the personal data will be stored, and no longer processed, for the period established by the fiscal and civil provisions in force.
The data processed for the marketing purpose will be stored by the Company from the moment the concerned person will provide his consent and until such consent will be revoked.
RIGHTS OF THE CONCERNED PERSON
Pursuant to G.D.P.R. 679/2016, the concerned person had the right to access (art. 15); the right of ratification (art. 16); right to cancellation (art. 17); right to limit the process of personal data (art. 18); right to portability (art. 20); right to oppose (art. 21); right to oppose to the automatic decisional process (art. 22).
To exercise his rights, the concerned person may contact the Controller of the process by specifying, in the object of his request, the right he intends to exercise and attach a copy of the identification card, certifying the legitimacy of the request, and send it to the following address:
Dear BIBIELLE S.p.a.
Via Cuneo, 35 – 12040 Margarita (CN)
or sending an email to the following address:
REVOCATION OF THE CONSENT
With regard to article 6 of G.D.P.R. 679/2016, the concerned person may revoke at any moment the given consent, except in case the communication of data to third parties is required by law, and the failure of giving a consent may jeopardize in whole or in part the performance of services.
The concerned person has the right to lodge a complaint before the controlling authority of his state of residence.
REFUSAL TO THE CONFERRING OF DATA
The concerned person must not refuse to confer to the Controller personal data necessary to comply with the law regulating the commercial and fiscal transactions. The conferring of additional data may be necessary to improve the quality and the efficiency of the transaction. Therefore, the refusal to confer personal data required by law might obstruct the fulfilments of the orders; while the conferring of additional personal data may jeopardize in whole and in part the fulfilments of other orders and the quality and efficiency of the transaction itself.
The persons who operates in the name and on behalf of legal persons can refuse to confer to the Controller their personal data. The conferring of such personal data is however necessary for a correct and efficient management of the contractual relationship. Therefore, an addition refuse to the conferring might jeopardize in whole or in part the contractual relationship.
With regard to the data conferred in occasion of the compiling of the form “Contact”, the concerned person can refuse to communicate such data to the Controller since the conferring is not mandatory. However, the compilation of indicated fields is essential to fulfill the provided requests.
AUTOMATIC DECISIONAL PROCESS
The Controller does not execute any automatic decisional process on personal data.
CONTROLLER OF THE PERSONAL DATA PROCESS
The Controller is the company BIBIELLE S.p.a., with registered office in Via Cuneo, 35 – 12040 Margarita (CN). The Controller ensured the safety, the confidentiality, and the protection of the personal data at his disposal, in any phase of the personal data process.
The updated list of the internal and external Supervisors is held by the Controller of the personal data process.
AMENDMENT TO THIS CIRCULAR
The Controller shall have the right to amend, in whole or in part, the content of this circular, also as a consequence to the Privacy regulation.
The Controller will execute the publication on the web site of the updated version of this circular, and from that moment on, it will be binding: the concerned person shall then regularly visit the website.