Observing what is established by the European Regulation 2016/679 (GDPR), BRF di BROCH RACHELE & C. SRL wants to inform you that the personal data that you provided us or that we acquired within our business activity, which we need to execute the services we offer to you, will be treated respecting privacy laws, fairness principles, lawfulness transparency and protection of your privacy and rights.
We want also to communicate you the following information.
The responsible of the treatment of the confidential data that you supplied is BRF di BROCH RACHELE & C SRL which is based in Via Ezio Vanoni 3, 37045 Legnago Vr tel.0442/641158 email firstname.lastname@example.org
The responsible of the treatment is Mrs. Ferrigato Silvia, email email@example.com
AIMS AND LEGAL BASIS OF THE DATA TREATMENT
The data that have been supplied voluntarily are the ones needed by the Responsible in order to supply the services and are treated in a licit way and under accuracy. Moreover, they have been collected and registered for specific, clear, and legitimate aims later explained and are used for operations that are compatible with the mentioned aims.
Personal data (as name, surname, company name, VAT number, address, telephone and fax number, e-mail address, bank account and payment data as well as other kinds of data, e. g.: structure of the organization, products, projects, brands etc.) are collected and treated for the following aims:
- To develop the business relationship with the customer according to the precontractual and contractual agreements;
- For administrative, fiscal or internal accounting aims linked to the supplier-customer relationship and in order to fulfil the obligations generally required by the law and regulations, the European laws, judicial authority requests against the Responsible or to exercise the rights of the Responsible (for example the right of defence in court).
The juridical basis that legitimates the data treatment is the execution of a supplying agreement for services of which the customer is part or the execution of pre-contractual activities required by the customer.
The data are treated both through manual elaborations in paper format and electronic devices, or automatic, IT and telematic devices.
DATA PROVISION NATURE
The data treatment for the above-mentioned aims is essential to regulate any operation or group of operations, carried out without using electronic devices as well, that concern the data collection, registration, organization, consultation, elaboration modification, selection, extraction, comparison, use, interconnection, block, communication, spread, cancellation and destruction, even if they aren't registered in a data bank.
Moreover, the Responsible discloses that the possible non-communication, or wrong communication of one of the compulsory information, has the following main consequences:
- The impossibility of the Responsible to guarantee the fairness of the data treatment according to the agreement;
- The possible non-conformity of the treatment results to the obligations imposed by the job regulation to which it is addressed.
The offered IT systems and software procedures for the functioning of this website acquire, over their usual functioning, some confidential data and their transmission is implied in the use of the records of internet communication.
This information are not collected to be associated to specific individuals, but for its nature, it could be used to identify users, through elaborations and associations with data held by third parties.
In this data category there are IP addresses or PC domain names of the users that connect to the website, URI addresses of requested resources (Uniform Resource Identifier), the time of the request, the method used to present the request to the server, the dimension of the file given as answer, the numeric code that shows the state of the answer given by the server (success, error, etc.) and other parameters related to the operating system and to the IT environment of the user.
The aim of this data collection is only to obtain anonymous statistical information about the use of the website and to check its proper work and will be deleted shortly after their elaboration. Data could be used to check possible IT crimes for the website damage: except for this eventuality, the data on web contacts do not remain for more than seven days.
Data supplied on purpose by the user
The optional, explicit and voluntary email sending to the addresses specified in this website leads to the following acquisition of the sender's address, essential to reply to his/her requests, and of all other possible personal data. The user can supply all personal data written on request forms to the Guarantor or written in the agreements between the user and the office to push for information material or other communications.
RECEIVERS OR POSSIBLE CATEGORIES OF CONFIDENTIAL DATA
The data treatment is made by the internal staff (employed, partners, System Administrators), chosen and authorized to the treatment according to the instructions given in compliance with privacy and data security current laws.
If this is necessary for the purposes listed in Article 2, the Customer's personal data may be processed by third parties appointed as Data Processors (pursuant to Article 28 of the GDPR) or "autonomous" Data Controllers, namely:
- by professionals, companies, associations, professional practices that give assistance or consultancy to the owner for administrative, accounting, fiscal or legal protection aim;
- by companies that offer server farm services;
- by all Public Institutions established by the law and generally all institutions approved by the law concerning accounting and fiscal subjects as receivers of compulsory communications.
- by banks for proceeds and payments.
- by Certification institutions chosen as authorized Organisms to carry out inspections according to the current law.
TRANSFER OF DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATIONS
Concerning the agreement relationship management, no transfer of customer data to non-EU third countries or international organizations is envisaged.
DATA PRESERVATION PERIOD AND CRITERIA USED TO DETERMINE THIS PERIOD
Customer's confidential data will be treated and preserved by the Responsible all the agreement period long and at the end of it, for any reason, they will be preserved for the expected time – for each type of data – by the current accounting, fiscal, civil and trial law.
As involved subject and in relation to the treatments described in this circular, the Customer can exercise his rights described in art. 7, from 15 to 21 and 77 of GDPR (access, adjustment, treatment limitation, data portability, opposition, suspension and claim right).
MODALITY OF RIGHTS' EXCERCISING
The Customer can in any moment exercise his/her rights sending a letter with acknowledgment of receipt to BRF di BROCH RACHELE & C SRL.
The Customer can exercise his/her rights with no charge according to art. 12 GDPR. However, in case of clearly excessive or unfounded requests (for their repetitiveness as well), the Responsible can charge the Customer with some reasonable fee, according to the administrative costs born to manage his/her request, or not to satisfy his/her request.