Pursuant to and in compliance with the provisions of article 13 of EU Regulation 679/2016 (hereinafter "Regulation"), NOYFAR S.r.l. (hereinafter “Company”), Tax ID 02159940200 with registered offices in Suzzara, Strada Statale Cisa 62, Km 163, 38/C, provides the following information on the processing of personal data of its Customers (hereinafter “Data”) carried out by the Company in its capacity as Data Controller.
1. Data Controller and contact procedures
Pursuant to article 4 of the Regulation, the Company is the Data Controller of the Data regarding its Customers. For information or requests, the Company is available at e-mail firstname.lastname@example.org or at the following address: NOYFAR Srl, Strada Statale Cisa 62, Km 163, 38/C – 46029 SUZZARA (Mantova) - ITALY
2. Categories and types of Data collected and processed
The Data processed by the Company may include general data collected with the aim of signing an agreement with the Customer and/or executing the same. Furthermore, the Company may process personal data of third parties communicated to it by the Customer. In this respect, the Customer is the Data Controller and undertakes the resulting legal obligations and responsibilities, holding the Company harmless from any complaints, claims and/or requests for compensation for damage deriving from processing that the Company may receive from the third parties concerned.
3. Purpose of data processing and relevant legal basis
Your personal data will be processed:
(i) without your consent (article 6, letters b, c, f, GDPR), for the following purposes:
• for the performance of a contract, execution and/or signing of the contract and/or management of any pre-contract measures;
• for the compliance with any legal obligations, fiscal and tax provisions deriving from doing business, and with obligations associated to administration/accounting activities;
(i) without your consent (article 7, GDPR), for the following purposes:
• marketing activities of various types, including the promotion of professional services, distribution of information and promotional material, sending of newsletters and publications,
• management of surveys and questionnaires, including regarding the level of customer satisfaction.
The legal basis of processing for the purposes (i) given above are articles 6.1.b) and 6.1.c) of the Regulation.
The provision of Data for the above purposes is optional, but failure and refusal to provide such Data may make it impossible for the Company to execute and/or sign the contract and provide the services requested therein.
The legal basis of data processing for the purposes (ii) is art. 6.1.a) of the Regulation since processing is based on consent; it is specified that the Data Controller may get a single consent for the marketing purposes described herein, pursuant to the General Security Measure of the Italian Data Protection Authority "Guidelines for preventing commercial activities and spamming” dated 4 July 2013.
It is pointed out that for processing data for the purposes of sending advertising material or direct sales or market research or commercial communications regarding products or services similar to the ones used by the Customer, the Company may use the e-mail addresses pursuant to and within the limitations set by art. 130, paragraph 4 of the Italian Personal Data Protection Code (Legislative Decree No. 196/2003) and by the provision of 19 June 2008 of the Italian Data Protection Authority also without explicit consent.
4. Categories of personal data processed and processing procedures
In the context of the purposes of data processing highlighted in the previous paragraph (3), only personal data dealing with, by way of example, name and surname, tax payer's code, tax ID, residence, domicile, e-mail address, certified e-mail address (PEC), phone and fax number, etc. will be processed.
5. Data Processing Procedure
In relation to the above-specified purposes, Data processing is carried out using manual, IT and electronic instruments on the basis of a logic which is closely linked to the purposes and anyway ensuring the security and confidentiality of said Data, in addition to the respect of the obligations established by the legislation in force.
Data shall be processed respecting the principle of lawfulness, fairness, relevance and not redundancy, according to the provisions of the law on the protection of personal data.
Processing shall be carried out by officially appointed and duly trained staff.
6. Scope of communication and dissemination of Data, receivers and transfer of Data and Data Processors
Furthermore, for the above purposes, Data may be shared with third parties appointed as Data Processors pursuant to article 28 of the Regulation and in particular with banks, insurance companies, providers of services that are strictly necessary for carrying out the Company business, where this is necessary for fiscal, administrative, contract reasons or for requirements protected by the legislation in force.
Finally, Data may be shared with authorities, entities and/or subjects to whom Data has to be communicated pursuant to legal provisions or orders from authorities. Such authorities, entities and/or subjects shall act as independent Data Controllers.
Data shall not be disclosed.
The complete and periodically updated list of the Data Controllers may be requested sending an e-mail to the addresses given above.
7. Transfer of Data towards international organisations or countries outside the EU
The data collected will not be transferred abroad.
8. Storage of data
Data shall be stored using paper and/or computer media only for the time required for the purposes for which they were collected, respecting the principles of limitation of storage and minimisation pursuant to art. 5, paragraph 1, letters c) and e) of the Regulation.
Data shall be stored to comply with the legal obligations and to pursue the above purposes in compliance with the principles of essentiality, non redundancy and relevance. The Company may store the Data also after the termination of the Contract to comply with legal and/or post-contract obligations; subsequently, once the above reasons for processing are no longer present, Data shall be deleted, destroyed or simply stored in an anonymous way.
Upon request, additional information may be received from the DPO and/or the Company via the above given contact details.
9. Rights of the Data subjects
With regards to the above Data processing, all data subjects may exercise their rights pursuant to articles from 15 to 22 of the Regulation. In particular, Data subjects are entitled to request the Company access to their Data, modification or erasure of such Data, they have the right to object to processing or request to limit processing to the cases envisaged by article 18 of the Regulation and to receive their personal Data in a structured, commonly used and machine-readable format in the cases established by article 20 of the Regulation.
Data subjects may also withdraw the consent given pursuant to article 7 of the Regulation at any time, as well as complain with the Italian Data Protection Authority pursuant to article 77 of the Regulation, should they believe that Data processing is against the legislation in force.
In the cases of objection to Data processing pursuant to article 21 of the Regulation, the Company reserves the right to assess the request that may be rejected if there are legitimate reasons to process Data that prevail on the interests, rights and freedoms of the Data subjects.
Requests must be sent in writing to the Company to the addresses given above.