WHO IS THE DATA CONTROLLER?
The Data Controller (hereinafter “Controller”) is Botter spa, single-member company, Via L. Cadorna nr.17 30020 Fossalta di Piave (VE) – Italy
DATA PROTECTION OFFICER
The Data Controller has not appointed a DPO under Article 38, however you may contact the privacy office for all matters relating to the processing of your personal data and the exercise of the rights provided by the GDPR by writing to the following email address:
WHAT ARE THE LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA?
The lawful basis for processing your personal data are:
• Contractual obligations and execution;
• Legal obligations;
• Legitimate interests pursued by the controller.
FOR WHAT PURPOSES WILL YOUR PERSONAL DATA BE PROCESSED?
a) Your personal data will be processed for the purposes of fulfilling legal obligations and managing the following services:
1. Execution of the supply contract or of the supply order;
2. Invoicing the amounts due and any additional services;
3. Compliance with regulatory obligations, including accounting, administrative and tax obligations.
4. Dealing with any complaints and disputes that may arise;
5. Fraud prevention and dealing with payment delays or missed payments;
6. Debt collection and recovery if necessary, either directly or through third parties (agencies /credit recovery companies, law firms) to which your data necessary for these purposes will be
7. Transfer of receivable to authorized companies,
8. Preservation and use of accounting data related to the punctuality of payments for reward policies and to reject future contractual relationships;
9. Reporting, quality control and certification.
The provision of your personal data is necessary in order to achieve the purposes referred to in point a).
Failure to provide your personal data or a partial or incorrect provision of the same could result in the impossibility of activating and supplying the requested service or executing the supply contract.
WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?
• the legitimate recipients of communications required by law or regulations (such as, for example, Offices and Public Authorities);
• the recipients of necessary communications for the fulfillment of obligations arising from the supply and from the contract stipulated;
• third-party companies specialized in the management of commercial and credit information (such as, for example, call centers, data processing centers, banks, etc.);
• companies and/or collaborators in order to carry out the administrative services necessary to fulfil their legal or contractual obligations;
• other subjects (companies and natural persons) who collaborate with the data controller in providing the services and supplies proposed by the same.
Personal data of minors under the age of 16 is not required and shall not be processed unless authorized by the holder of parental responsibility.
HOW LONG WILL YOUR PERSONAL DATA BE KEPT?
Your personal data will be kept for the period necessary for the pursuit of the purposes related to point a) above. In particular, your Personal Data will be processed for the time that is strictly necessary, that is until the termination of the contractual relations between you and the Data Controller without prejudice to a further retention period that may be imposed by law.
Data relating to CVs sent to us will be kept for no more than two years from the date of receipt. Your data will be kept for a further period in case of claims or disputes for the exercise or defense of legal claims.
HOW CAN YOU WITHDRAW YOUR CONSENT?
WHERE WILL YOUR PERSONAL DATA BE PROCESSED?
Your Personal Data will be processed by the Data Controller in the territory of European Union. In the event that for technical and/or operational reasons we need to transfer your personal data to a third country or organization outside the European Union, these subjects will be appointed as Data Processors pursuant to and for the purposes of article 28 of the GDPR; the transfer of your Personal Data to these subjects will be restricted to the performance of specific processing activities, and will be governed by an appointment contract in accordance to the guarantees and protections required by the GDPR.
All necessary precautions will be taken to ensure the full protection of your Personal Data, subjecting the transfer to the provision of appropriate safeguards including, for example, decisions by the European Commission on the adequacy of the recipient third country; appropriate safeguards provided by the recipient third party pursuant to Article 46 of the GDPR.
In any case you may obtain more details from the Data Controller if your Personal Data have been processed outside the European Union, requesting evidence of the specific safeguard adopted.
WHAT ARE YOUR RIGHTS?
We remind you that you can exercise your rights under the GDPR, and in particular you have the right to:
• obtain confirmation whether Personal Data concerning you is being processed and obtain access to the data and the following information (purpose of the processing, types of personal data, recipients and / or categories of recipients to whom the data have been transferred and / or will be communicated, retention period);
• obtain rectification of inaccurate personal data concerning you and / or that incomplete personal data be completed, also by providing an additional statement;
• obtain erasure of personal data, in the cases envisioned by the GDPR;
• obtain restriction of processing in the cases envisaged by the current Privacy Regulation;
• obtain the portability of data concerning you, when technically feasible and relevant to the service provided
• object, on grounds relating to your situation, at any time to processing of personal data concerning you, in full compliance with the current Privacy Regulation.
You can exercise your rights by contacting the e-mail address email@example.com, attaching a copy of your ID.
In any case you will always have the right to lodge a complaint with the competent supervisory authority
(Guarantor for the Protection of Personal Data), pursuant to art. 77 of the GDPR.