Information pursuant to the provisions in art. 13 of the EU Regulation no. 2016/679 of 27th April 2016
R.T.A REALIZZAZIONI TECNOLOGICHE AVANZATE S.R.L. (hereinafter, in short, only “R.T.A.” or “Data Controller” too) protects the privacy of its customers and guarantees that data is processed in compliance with the provisions in the privacy regulation currently in force.
Specifically, the EU Regulation no. 2016/679 of 27 th April 2016 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive no. 95/46/EC” approved the “General regulation on data protection” (hereinafter, in short, only “GDPR” too), which protects the concerned parties by requiring that they are provided with appropriate information on the processing of their personal data.
The regulation, alongside with the Leg. Decree no. 196/2003 of 30 th June 2003 “Code on the protection of personal data” (hereinafter, in short, only the “Privacy Code” too), aims at guaranteeing that personal data is processed in full respect of the fundamental rights and freedoms and of the dignity of the concerned party as well. Special reference shall be thus
made to confidentiality, personal identity and the right to protect personal data, pursuant to the principles of simplification, harmonization and effectiveness.
Thus, to enforce the norms of law, we are providing the information here below as concerns your personal data our company processes, in the wake of, pursuant to and for the effects of the provisions in article fiveof the GDPR, the principles of correctness, legality and proportionality, transparency, clarity, awareness and protection of your privacy and rights, and the principles of confidentiality that inspire the R.T.A. business as well.
1) Categories
As a mere example, the personal data that the customers shall report and R.T.A. process are as follows:
- Master data, company name, VAT number, tax code, addresses, civic numbers, zip code, province, nation, master data of the legal representative, e-mail, phone number
- Data acquired through the customers’ payment orders or bank data for payments communicated by the same customers
- Sundry data possibly reported during the execution of the contract - Data originating from public data banks.
2) Processing scope and legal basis, which data are destined to
In compliance with the provisions in articles seven, paragraph two, letter b), and 13, paragraph one, letter a), in the Leg. Decree no. 196/2003, and in articles 13, paragraph one, letter c) and 15, paragraph one, letter a), in the GDPR, we are herewith informing you that the personal data you have reported shall be processed for the following scopes:
a) The fulfilment of all the legal obligations connected to any statutory, fiscal, accounting or sundry regulations, to EU rules or standards also regarding public tenders. In such case, processing shall be compulsory and thus your consent shall not be required;
b) The exercise of all rights and legal actions, in all seats and in court too, also pursuant to the provisions in art. six, paragraph one, letter f, in the GDPR. In such case, your consent shall not be required;
c) The execution of contractual obligations, the administrative management of the contractual relationship, checks and certifications, technical support, technical information, post-sales service, management of the product guarantee, order management, provision of
the required services, management of required and expected payments. In such case, your consent shall not be required;
d) The information on future commercial initiatives, announcements of new products, services and offers, delivery of advertising materials, direct sales, commercial communications, also by means of automated calling systems, electronic or paper
communications (including letters, phone, the Internet, text messages, MMS and sundry communication systems). In such case, processing is optional and your consent shall be required.
In addition, R.T.A. may process personal data without consent if a legitimate interest exists for this, on condition that any interests, rights or fundamental freedoms of the concerned party do not prevail, which require the protection of personal data.
3) Addressees: categories of entities to whom data may be communicated
In compliance with the provisions under articles seven, paragraph 2, letter e), and 13, paragraph 1, letter d), in the Leg. Decree no. 196/2003, and articles 13, paragraph one, letter e) and 15, paragraph one, letter c) in the GDPR, R.T.A. shall commit to process the
data and information conferred by the Purchaser as confidential and not to reveal them to any unauthorised parties, and not to use them for any scopes that differ from those which originated their collection and not to send them to third parties. Such data shall be made accessible only to those who, inside R.T.A., require doing so due to their job or hierarchical position and/or by virtue of specific activities related to the execution of the contractual relationship and/or commercial relationship (company staff, employees, collaborators).
Data shall also be made accessible to the data processors appointed by the Data Controller, whose full list is available at the latter’s registered office. Such parties – whose number shall be as much limited as possible in compliance with the principle of data minimization – shall be instructed appropriately to prevent any loss, destruction, unauthorized accesses or unauthorised processing of the same data. Personal data shall also be made accessible and reported – for all legal scopes – to any entities and/or third- party companies (as a mere example: professional practices, freelancers, advisors, insurance companies for the provision of insurance services, auditing companies, etc.) that perform any activities on behalf of R.T.A..Personal data shall also be made accessible to public authorities pursuant to the legal provisions.
4) Scope of dissemination
In compliance with the provisions under article 13, paragraph one, lettera), in the Leg. Decree no. 196/2003, and in articles 13, paragraph one, letter f), and 15, paragraph one, letter c) in the GDPR, we are herewith informing you that the personal data you have
conferred may be disseminated on the national territory and in the territory of the member countries in the European Union to any entities as under item 4) here above.
If it were required for any technical, organizational or operating reasons,R.T.A. shall reserve to transfer your personal data to any countries outside the European Union or to any international organizations deemed appropriate by the European Commission. However, appropriate guarantees must be given by the same country or special derogations must be provided for in the GDPR.
5) Storing period
In compliance with the provisions in articles 13, paragraph two, letter a) and 15, paragraph one, letter d) in the GDPR, we are herewith informing you that each customer’s personal data shall be stored by the Data Controller for the full duration of the contractual and/or
commercial relationship plus any possible storing period provided for by the commercial and fiscal law and by sundry applicable standards. However, storing shall never be for a period exceeding that required for the scopes, which originated their collection or processing in compliance with the legal obligations.
Personal data may be processed for a longer term if any interruptions or suspensions occur for the prescription, which may justify the extension of the data storing.
6) Rights of the involved party
In compliance with the provisions in art. 13, paragraph one, letter e), in the Leg. Decree no. 196/2003, and in articles 13, paragraph two and 15 -22 in the GDPR, the customer shall enjoy the following rights:
a) To obtain fromR.T.A.the confirmation on the existence or not of personal data regarding the same, even if not registered yet, and their dissemination in an intelligible form.
b) To obtain the indication of the logic applied if processing is performed with the help of electronic devices.
c) To obtain the indication of the entities or categories of entities whom personal data may be disseminated to or whom may come to know it as designated representatives in the territory of the State, as controllers or processors.
d) To obtain the update, correction, integration of data or the limitation of data processing by R.T.A.
e) To obtain the cancellation, anonymization or block of the data processed unlawfully, including the data whose storing is not required for the scopes which originated the data collection or later processing, and thus to oppose any processing performed unlawfully.
f) To obtain the confirmation that the operations under letters d) and e) have been acknowledged – as regards their contents as well – by those whom data was reported or disseminated to, with the exception of the case when such fulfilment is impossible or involves the use of any means that are clearly disproportionate compared to the protected right.
g) To oppose, in full or in part: i)the processing of the conferred personal data for legitimate reasons; ii)the processing of personal data to send advertising materials or direct sales or to perform market or commercial communication researches, by means of automated calling systems without the intervention of an operator, by e-mail and/or traditional marketing modalities, by phone and/or paper mail. Please note that the interested party’s right to oppose any direct marketing purposes by means of automated modalities shall extend to traditional modes too. The possibility for the interested party shall remain unprejudiced to exercise the right to oppose even also in part and thus the right to authorize processing only to receive communications by means of traditional modalities or only automated communications or none of the above communication typologies.
h) To file a claim to the control bodies pursuant to art. 77 in the GDPR.
i) To obtain the portability of data.
l) To obtain a copy of the process ed personal data, with warning that R.T.A. may charge a reasonable cost contribution based on administrative costsif the interested party required further additional copies. If the Purchaser files the request by means of any electronic means – and unless otherwise reported by the interested party –, the information shall be provided in a common electronic format.
7) Processing modalities
In compliance with the provisions under articles seven, paragraph 2, letter b), and 13, paragraph one, letter a), in the Leg. Decree no. 196/2003, and in articles 13, paragraph two, letter f) and 15, paragraph one, letter h) in the GDPR, personal master and fiscal data
acquired directly and/or through third parties by R.T.A. being the Data Controller, shall be collected and processed in paper, IT, electronic form, depending on the processing modalities to register orders and activate the related procedures to execute the contract
and the related necessary communications. In addition, possible legal obligations shall be fulfilled and the commercial relationships shall be managed effectively to an extent required to perform the necessary service at best.
8) Nature of the conferment of data
In compliance with the provisions in article 13, paragraph one, letter b) and c), in the Leg. Decree no. 196/2003, we are herewith informing you that the dissemination and processing of the customer’s personal data is a required for the correct and timely execution of the existing contract between the same and R.T.A. Failing so, the Purchaser’s requests may not be complied with. In compliance with the provisions in article 13, paragraph one, letter f), in the Leg. Decree no. 196/2003 and in article 13, paragraph one, letter a), in the GDPR, the personal data collection and processing Controller is R.T.A., to whom the purchaser may address any requests at the company’s registered office.
9) Data Processor
The Data Processor is R.T.A., REALIZZAZIONI TECNOLOGICHE AVANZATE S.r.l. (Tax Code/VAT no.11950140159), with registered office in Via E. Mattei, Fraz. Divisa, 27020 Marcignago (province of Pavia).Possible notices received at the postal address (also by e-mail) of R.T.A. (requests, suggestions, ideas, information, materials, etc.) shall not be considered as confidential information or data, shall not violate other people’s rights and must contain truthful and valid information, which does not harm other people’s rights. In any case,
R.T.A. shall suffer no liability on the content of the same messages.
10) Final clauses
You can exercise your rights in any moment as under this information by sending a notice to R.T.A., Realizzazioni Tecnologiche Avanzate S.r.l. (Tax Code/VAT no.11950140159), at the registered office located in Via E. Mattei, Fraz. Divisa, 27020 Marcignago (province of Pavia) by e-mail at info@rta.it or by registered letter.
Version: September 2018 - R.T.A. s.r.l.