PRIVACY POLICY
Pursuant to and for the purposes of the provisions set out in art. 13 of the 2016/679 European Regulation on the protection of personal data (“GDPR”) and the Italian privacy legislation, your personal data will be processed both through electronic devices and manual tools, in Italy and abroad. This privacy policy was drawn up on the basis of the principle of transparency and all the other requirements specified in the GDPR, and is divided into individual sections. Each section deals with a specific topic for faster reading and better understanding (hereinafter the “Policy”).

WHO IS THE DATA CONTROLLER?
The Data Controller (hereinafter “Controller”) is Botter spa, single-member company, Via L. Cadorna nr.17 30020 Fossalta di Piave (VE) – Italy

DATA PROTECTION OFFICER
The Data Controller has not appointed a DPO under Article 38, however you may contact the privacy office for all matters relating to the processing of your personal data and the exercise of the rights provided by the GDPR by writing to the following email address:
privacy@botter.it

WHAT ARE THE LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA?
The lawful basis for processing your personal data are:
• Contractual obligations and execution;
• Legal obligations;
• Legitimate interests pursued by the controller.

FOR WHAT PURPOSES WILL YOUR PERSONAL DATA BE PROCESSED?
a) Your personal data will be processed for the purposes of fulfilling legal obligations and managing the following services:
1. Execution of the supply contract or of the supply order;
2. Invoicing the amounts due and any additional services;
3. Compliance with regulatory obligations, including accounting, administrative and tax obligations.
4. Dealing with any complaints and disputes that may arise;
5. Fraud prevention and dealing with payment delays or missed payments;
6. Debt collection and recovery if necessary, either directly or through third parties (agencies /credit recovery companies, law firms) to which your data necessary for these purposes will be
communicated;
7. Transfer of receivable to authorized companies,
8. Preservation and use of accounting data related to the punctuality of payments for reward policies and to reject future contractual relationships;
9. Reporting, quality control and certification.
The provision of your personal data is necessary in order to achieve the purposes referred to in point a).
Failure to provide your personal data or a partial or incorrect provision of the same could result in the  impossibility of activating and supplying the requested service or executing the supply contract.

WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?

Your personal data will be processed exclusively by authorized persons and by persons designated as Data Processors in compliance with the GDPR in order to perform all the processing activities necessary to pursue the purposes set out in this Privacy policy. Your Personal Data may be disclosed to Public Bodies or Judicial Authorities, where required by law or to prevent or suppress the commission of criminal offences and in any case to:
• the legitimate recipients of communications required by law or regulations (such as, for example, Offices and Public Authorities);
• the recipients of necessary communications for the fulfillment of obligations arising from the supply and from the contract stipulated;
• third-party companies specialized in the management of commercial and credit information (such as, for example, call centers, data processing centers, banks, etc.);
• companies and/or collaborators in order to carry out the administrative services necessary to fulfil their legal or contractual obligations;
• other subjects (companies and natural persons) who collaborate with the data controller in providing the services and supplies proposed by the same.

MINORS
Personal data of minors under the age of 16 is not required and shall not be processed unless authorized by the holder of parental responsibility.

HOW LONG WILL YOUR PERSONAL DATA BE KEPT?
Your personal data will be kept for the period necessary for the pursuit of the purposes related to point a) above. In particular, your Personal Data will be processed for the time that is strictly necessary, that is until the termination of the contractual relations between you and the Data Controller without prejudice to a further retention period that may be imposed by law.
Data relating to CVs sent to us will be kept for no more than two years from the date of receipt. Your data will be kept for a further period in case of claims or disputes for the exercise or defense of legal claims.

HOW CAN YOU WITHDRAW YOUR CONSENT?
The type of processing laid out in this privacy policy does not require your explicit consent. However you may contact the Data Controller at the addresses indicated in the present Policy for further clarification.

WHERE WILL YOUR PERSONAL DATA BE PROCESSED?
Your Personal Data will be processed by the Data Controller in the territory of European Union. In the event that for technical and/or operational reasons we need to transfer your personal data to a third country or organization outside the European Union, these subjects will be appointed as Data Processors pursuant to and for the purposes of article 28 of the GDPR; the transfer of your Personal Data to these subjects will be restricted to the performance of specific processing activities, and will be governed by an appointment contract in accordance to the guarantees and protections required by the GDPR.
All necessary precautions will be taken to ensure the full protection of your Personal Data, subjecting the transfer to the provision of appropriate safeguards including, for example, decisions by the European Commission on the adequacy of the recipient third country; appropriate safeguards provided by the recipient third party pursuant to Article 46 of the GDPR.
In any case you may obtain more details from the Data Controller if your Personal Data have been processed outside the European Union, requesting evidence of the specific safeguard adopted.

WHAT ARE YOUR RIGHTS?
We remind you that you can exercise your rights under the GDPR, and in particular you have the right to:
• obtain confirmation whether Personal Data concerning you is being processed and obtain access to the data and the following information (purpose of the processing, types of personal data, recipients and / or categories of recipients to whom the data have been transferred and / or will be communicated, retention period);
• obtain rectification of inaccurate personal data concerning you and / or that incomplete personal data be completed, also by providing an additional statement;
• obtain erasure of personal data, in the cases envisioned by the GDPR;
• obtain restriction of processing in the cases envisaged by the current Privacy Regulation;
• obtain the portability of data concerning you, when technically feasible and relevant to the service provided
• object, on grounds relating to your situation, at any time to processing of personal data concerning you, in full compliance with the current Privacy Regulation.

You can exercise your rights by contacting the e-mail address privacy@botter.it, attaching a copy of your ID.
In any case you will always have the right to lodge a complaint with the competent supervisory authority
(Guarantor for the Protection of Personal Data), pursuant to art. 77 of the GDPR.