INFORMATION – PROCESSING AND PROTECTION OF PERSONAL DATA
pursuant to Article 13, Regulation (EU) 2016/679 (“GDPR”)
With this information, the Data Controller, as defined below, intends to explain the purposes for which Seica collects and processes your personal data, which category of data categories are processed, what are your rights recognized by the legislation disciplining protection of personal data and how they can be exercised, also giving you the opportunity to provide your consent to processing, when necessary, in an informed manner.
- WHO IS THE DATA CONTROLLER
S.E.I.C.A. S.p.A., with registered offices in Via Kennedy 24, Strambino (TO) ITALY, in the person of the legal representative, is the Controller of the processing of your personal data (the “Controller” or “SEICA”).
- HOW TO CONTACT THE DATA PROTECTION OFFICER
The Controller has appointed a data protection officer (“Data Protection Officer” or
“DPO”) that can be contacted by sending an e-mail to the e-mail address firstname.lastname@example.org
or writing to:
Data Protection Officer (DPO)
c/o SEICA S.p.A.
10019 STRAMBINO (TO)
- WHAT WE MEAN BY PERSONAL DATA
Pursuant to the GDPR, “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- WHAT ARE THE PURPOSES OF PROCESSING YOUR PERSONAL DATA AND THE RELEVANT LEGAL BASIS
4.1. SEICA collects and processes your data for communication and performance of business activities (providing or requesting information on products and services, organizing meetings, issuing and receiving offers) and administrative activities (receiving and issuing orders, invoicing, accounting and financial management) and providing and receiving services as they come to be required.
In particular, SEICA collects and processes the following data for these purposes:
- personal data and identification (name, surname, role / title / function);
- the office address, telephone number and e-mail address;
- in general, any other data and information necessary for conducting business relationships
4.2. Your data may also be processed by the Data Controller for the fulfillment of legal obligations.
By way of example, SEICA may process your data for purposes related to taxes, the execution of contracts, for the management of the Authority’s requests, as well as for obligations related to fraud prevention regulations, money laundering and financing of terrorism, where applicable.
4.3. The Data Controller may process your data for sending communications of a commercial nature and/or for promotional initiatives in order to offer products and/or services. SEICA will carry out this activity in compliance with the principles of the GDPR, and for the pursuit of its own legitimate interests; in any case, you may object to receiving such communications at any time by writing to the Data Controller at email@example.com or by contacting the DPO at the addresses indicated in paragraph 2 above.
4.4. Except as provided for in the previous paragraph 4.3, with your express and specific
consent, the Data Controller may also process your Data for promotional initiatives (present and
future) of a commercial nature, sending advertising material, carrying out market research, direct sales, commercial communications, related to the whole range of products and/or services offered by Seica and companies in the Seica Group (company subsidiaries and / or affiliates). The sending of commercial communications can be done through the use of traditional (paper mail, telephone calls) and electronic (SMS, e-mail, notifications on the App) media.
The consent you have given on the individual topics referred to in paragraph 4.4 above may
be revoked at any time by writing to the Controller at the email address firstname.lastname@example.org or by contacting the DPO at the addresses indicated in paragraph 2 above.
In any case, we are committed to ensuring that the information collected and used is
appropriate for the purposes described, and that this does not result in an invasion of your personal sphere.
- TO WHOM WE COMMUNICATE YOUR DATA
SEICA may communicate some of your data to third parties which we use for the performance of activities necessary for achieving the purposes indicated and described in paragraph 4 above.
Your data may also be communicated to external companies that offer services to SEICA: for example, logistics services, companies that perform technical coordination, assistance and maintenance activities in favor of the SEICA and provide assistance to you on issues related to SEICA products.
The parties mentioned above who process your data on behalf of SEICA are specifically appointed as Data Processors by the Controller. The list of data processors may be requested by contacting the DPO at the addresses indicated in paragraph 2 above. Finally, the Controller may communicate your data to entities to whom the communication is due by virtue of legal obligations, and to the credit institutions with which SEICA operates, for the purpose of carrying out the commercial activities and business relationships described in this document. These subjects perform their respective treatment activities as independent controllers.
- HOW LONG WILL WE STORE YOUR DATA
Your personal data will be processed and stored by SEICA only for the time necessary for the purposes mentioned above. In particular, the main periods of use and storage of your data with reference to the different purposes of treatment are the following:
a) for the purposes of the execution of contracts of which you are a part, your personal will be processed by SEICA for the duration of the same and until there are obligations or obligations related to the execution of the contracts, and will be kept for a period of 11 years after termination of the contractual relationship exclusively for purposes related to the fulfillment of legal obligations or the defense of SEICA’s rights;
b) with reference to the processing for marketing and commercial purposes, carried out on the basis of a legitimate interest of SEICA, or by your consent, your data will be processed for the entire duration of the contract or business relationship, as long as there are obligations or obligations related to the performance of a contract, and in any case for a period of 5 years, unless you oppose the processing or revoke your consent;
c) for the fulfillment of legal obligations, your data will be processed and stored by SEICA as long as the need for treatment exists to fulfill any legal obligations.
- YOUR RIGHTS AS THE DATA SUBJECT
During the period in which SEICA is in possession or processing your data you, being the processed data subject, can at any time exercise the following rights:
- Right of access. You have the right to obtain confirmation about the existence or not of personal data processing and you have the right to receive all the information relating to said processing;
- Right to rectification. You have the right to obtain correction of your data in our company possession, if they are incomplete or inaccurate;
- Right to cancellation (so-called “right to be forgotten”). In some circumstances, you have the right to obtain the cancellation of your data in our archives if they are not relevant for the purposes of the continuation of the contractual relationship or necessary by law;
- Right to limitation of treatment. Upon the occurrence of certain conditions, you have the right to obtain the limitation of processing concerning your data, if it is not required for the purposes of continuation of the contractual relationship or necessary by law;
- Right to portability. You have the right to obtain the transfer of your data to a different Controller;
- Opposition law. You have the right to oppose, at any time for reasons connected with your particular situation, to the processing of your data based on the lawfulness of legitimate interest or the performance of a task of public interest or the exercise of public authority , unless there are legitimate reasons for the Data Controller to continue the processing that prevails over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court;
- Right of withdrawal of consent. You have the right to withdraw consent to the processing of the your Data at any time, remaining firm the legality of the processing by consent prior to its withdrawal;
- Right to present a complaint to the Supervisory Authority. In the event that SEICA refuses to satisfy your requests for access, the reasons for the relative refusal will be provided. If there is a case for it, you have the right to lodge a complaint as described in the following paragraph 8.
The above rights may be exercised against the Data Controller by writing to the address email email@example.com or by contacting the DPO at the address indicated in paragraph 2 above.
The exercise of your rights as an interested party is free of charge under Article 12, GDPR.
However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness,
the Data Controller may charge a reasonable fee, in light of the administrative costs incurred to handle your request, or deny the satisfaction of your request.
- HOW TO PRESENT A COMPLAINT
At any time, you have the right to present requests for the exercise of the rights referred to in paragraph 7 above, by writing to the email address firstname.lastname@example.org or by contacting the DPO at the address indicated in paragraph 2 above.
In any case, if you wish to lodge a complaint regarding the methods by which your data are processed by SEICA, or with respect to the management of a complaint you have presented, you have the right to submit an application directly to the Supervisory Authority.