Customer information on data processing
Information pursuant to and for the purposes of articles 13 and 14 of the GDPR 2016/679 and of the national legislation in force relating to the protection of the processing of personal data.
With this information RELAX SRL provides the interested party with the information referred to in Articles 13 and 14 of the GDPR 2016/679 regarding the processing of personal data concerning him.
Data Controller.
The Data Controller is RELAX SRL, with headquarters in Via Leonardo da Vinci, 2A – 30020 Torre di Mosto (VE).
Purpose and legal basis of the processing.
The collection and processing of personal data are carried out in order to conduct:
- the fulfillment of all operations imposed by regulatory obligations, fiscal and tax provisions and the provisions laid down in the field of anti-money laundering (treatment necessary to fulfill a legal obligation to which the Data Controller is subject pursuant to art. . 1 let. C) GDPR 2016/679);
- the establishment and execution of contractual relationships in progress, as well as any pre and post-sales assistance activities (processing necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same pursuant to art.6 par.1 let.b) GDPR 2016/679; processing necessary to fulfill a legal obligation to which the Data Controller is subject pursuant to art. 6 par. 1 let. c) GDPR 2016/679);
- operations strictly connected and instrumental to the initiation of the aforementioned relationships, including the acquisition of preliminary information for the conclusion of the Contract (processing necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual adopted at the request of the same pursuant to art. 6 par. 1 let. b) GDPR 2016/679);
- the management of relations with the Customer for administration, accounting, orders, shipments, invoicing, services, management of any out-of-court resolution of disputes where provided (treatment necessary for the execution of a contract of which the interested party is part or to the execution of pre-contractual measures adopted at the request of the same pursuant to art. 6 par. 1 let. b) GDPR 2016/679);
- the management of any judicial dispute (treatment attributable to the legitimate interest of the Data Controller pursuant to art.6 par. 1 let. f) GDPR 2016/679, strictly limited to the assessment, exercise and defense of a right in court);
- the supply of installation services in general and connected to the supply, use and / or assistance of products and solutions of our production and / or marketing (processing necessary for the execution of a contract referred to in The interested party is a party to or to the execution of pre-contractual measures adopted at the request of the same pursuant to art.6 par. 1 let.b) GDPR 2016/679);
- sending advertising or direct sales material, carrying out market research or commercial communication by e-mail, paper mail, sms / mms and instant messaging services, in full compliance with the GDPR 2016/679, of the legislation current national law, in particular art. 130 Legislative Decree. June 30, 2003, n. 196, and of the Provision of the Guarantor Authority of 4 July 2013 “Guidelines on promotional activities and the fight against spam” (treatment subject to consent, except in cases where it can be disregarded pursuant to art. 130 paragraph 4 Legislative Decree 30 June 2003, n. 196);
- the detection of the degree of customer satisfaction, the processing of statistics for internal use (treatment attributable to the legitimate interest of the Data Controller pursuant to art.6 par.1 let. f) GDPR 2016/679, strictly limited to the control of standards quality interiors).
& nbsp;
The collection and recording of data will take place in compliance with the principles set out in art. 5 GDPR 2016/679, that is: for specific, explicit and legitimate purposes and in a manner compatible with these purposes, in the context of the processing necessary for the operation of the business; exactly and if necessary with the appropriate updates. So that they are relevant, complete and not excessive in relation to the collection purposes; so that their conservation is functional to the period of time necessary for the purpose for which they were collected and subsequently processed according to the GDPR 2016/679 and to the national legislation in force.
Personal data may be processed with the aid of both paper and electronic tools, or in any case suitable for recording and storing the data, and in any case in such a way as to guarantee its security and protect the maximum confidentiality of the data subject. Specific security measures will be observed to prevent the loss of data, illegal cites or incorrect and unauthorized access in full compliance with art. 32 of the GDPR 2016/679 and of the national legislation in force.
Mandatory or optional nature of providing data and consequence of any refusal.
The provision of personal data necessary for the fulfillment of legal obligations, for the establishment of the contractual relationship or for its execution is mandatory. Failure to provide it will make it impossible to follow up on the requests of the interested party or to execute the contract.
The consent to the provision of personal data for information, promotional and / or marketing purposes is optional and, if given, it can be revoked at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation. In this case, failure to provide it will make it impossible for the undersigned to send you commercial communications.
Anti-money laundering and anti-terrorism.
The provision of the data required by the anti-money laundering and anti-terrorism legislation is mandatory and any refusal precludes the professional service required and may result in the transaction being reported to the competent supervisory body. In this regard, it should be noted that the processing of personal data connected to the anti-money laundering obligations will take place having regard to the specific methods of execution imposed on non-financial operators by the Regulation on the identification and storage of information provided for by art. 3 paragraph 2, of Legislative Decree no. 56/2004 and adopted with D.M. n. 143/2006. Other information could also be obtained from public sources to comply with the obligations set out in Legislative Decree 231/2007.
Data communication.
Without prejudice to compliance with current regulations and in particular with the principles set out in art. 5 GDPR 2016/679, the data may be communicated, exclusively for the pursuit of the purposes mentioned in this statement, to:
- Companies belonging to the same business group;
- Subjects to whom it is necessary to communicate the data for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same, as well as, in general, for the pursuit of purposes mentioned in this information;
- Subjects in charge of credit management such as, for example, factoring companies, credit institutions, debt collection companies, credit insurance companies, commercial information companies;
- In particular, subjects who carry out treatments on behalf of the Data Controller as managers pursuant to art. 28 GDPR 2016/679, such as, by way of example and not limited to: professionals and / or companies in charge of carrying out activities in the administrative-accounting, legal, commercial, management, technical, technical-IT fields. The complete and updated list of Managers is available to those entitled to do so upon request at the headquarters of the Data Controller;
- Subjects authorized to access data by current legislation and / or to whom data must be communicated in compliance with legal obligations.
Personal data may be processed by employees and collaborators assigned to the competent offices of the Data Controller, explicitly authorized for processing on the basis of art. 29 of the GDPR 2016/679 and the national legislation in force.
Transfer of data abroad.
Personal data may be communicated and / or transmitted abroad only for the pursuit of the purposes referred to in this information, or for exclusively technical reasons related to the structure of the company Information System and / or the application of technical and organizational security measures. deemed suitable by the Data Controller (Article 32 GDPR 2016/679), and exclusively in compliance with articles 44 s.s. of the GDPR 2016/679.
Retention times of the data.
Without prejudice in any case to compliance with art. 5 GDPR 2016/679 (“conservation limitation principle”), the data will be stored in our archives according to the following parameters:
- Data processed for the fulfillment of the obligations pursuant to art. 2220 of the Italian Civil Code: 10 years, without prejudice to any delayed payments of the fees that justify their extension;
- Data processed for the fulfillment of anti-money laundering obligations: 10 years;
- Data processed for information, promotional and / or marketing purposes: 10 years, based on the assessments of the Data Controller relating to the characteristics of the product marketed, its average duration approved by TUV certification, as well as the related purchase need of spare parts for ordinary and extraordinary maintenance;
- Data rated for purposes other than the previous ones, as part of the contractual relationship and referred to in this information: until the expiry of the contract and / or the commercial supply relationship.
In relation to the specific limitation periods provided for by the law, the data necessary for the assessment, exercise or defense of a right in court may be subject to longer retention times.
The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically.
Rights of the interested party.
With regard to the personal data themselves, the interested party may exercise the rights provided within the limits and under the conditions set out in Articles from 15 to 22 of the GDPR 2016/679 and by the national legislation in force. In particular, the GDPR attributes to the interested party:
- Right of access (Article 15 of the GDPR 2016/679);
- Right to rectify inaccurate personal data and right to integrate incomplete personal parts (Article 16 of the GDPR 2016/679);
- Right to cancellation (Article 17 GDPR 2016/679);
- Right to limit the processing (Article 18 of the GDPR 2016/679);
- Right to request the recipients to whom any corrections or cancellations or limitations of processing have been communicated (Article 19 GDPR 2016/679);
- Right to data portability (Article 20 of the GDPR 2016/679);
- Right to object (Article 21 GDPR 2016/679);
- Right not to be subjected to a decision based solely on automated processing (Article 22 GDPR 2016/679).
In the event of signing any form of consent to the processing, it should be noted that the interested party can revoke it at any time, without prejudice to the mandatory obligations provided for by the legislation in force at the time of the revocation request, by contacting the Data Controller at the following address by e-mail: info@relaxsrl.com.
Right of Complaint
The interested party who believes that the processing of personal data is in violation of the provisions of the GDPR 2016/679 has the right to lodge a complaint with the supervisory authority of the State of the European Union in which he habitually resides, works, or of the place in which the alleged violation has occurred, as required by art. 77 GDPR 2016/679, or to take the appropriate judicial offices.
Torre di Mosto, 05/11/2021
RELAX SRL