Il Calzaturificio HEROS S.r.l. with registered office in Street Via Spineto, n. 3/h-i, 63837 Falerone (FM) Tax code/Vat Number IT00990820441 (hereinafter called “Data Controller”), as data controller, informs you pursuant to art. 13 D.Lgs. 30.6.2003 n. 196 (later called “Privacy Code”) and art. 13 EU Regulation n. 2016/679 (hereinafter referred to as “GDPR”) that your data will be processed in the manner and for the following purposes:
1.Object of the Processing
The Data Controller processes personal data, identifying them as:
Bank and payment details
(hereafter called “personal data” or also “data”)
2. Purpose of the processing
Your personal data are treated:
A) without your express consent (Art. 24 letter a), b), c) Privacy code and art. b), e), GSPR), for the following services purposed:
– finalize contracts with services of Data controller;
– fulfill pre-contractual obligations, contractual and tax obligation originated from relations with you in existence;
– fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for anti-money laundering);
– exercise the rights of the owner, for example the right to defense in court;
B) Only subject to your specific and distinct consent (art. 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following Marketing Purposes:
– sending email, ordinary post, text messages, telephone calls, newsletter, advertising materials on services and products offered by the data controller and survey on satisfaction on quality of services;
– sending email, ordinary post, text messages, telephone calls, commercial communications, advertising of third parties (ex: business partners, insurance companies, other societies of group Card Protection Plan).
Please note that if you are already a customer, we may send you commercial communications relating to services and products of the Owner similar to those you have already used, subject to your disagreement (Article 130 paragraph 4 of the Privacy Code).
3. Data processing methods
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic processing
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no longer 10 years from the termination of the relationship for the purposes of the Service.
4. Data access
Your data can be accessible for the purposes referred to in art. 2.A) and 2.B) to:
– service providers and auxiliaries appointed by us may have access to the data for the purposes indicated, if they maintain the professional secrecy conferred upon them. These are companies in the categories banking services, IT services, logistics, printing services, telecommunications, collection, consulting, sales and marketing.
– to employees and collaborators of the Data Controller, in their capacity as persons in charge and/or internal managers of the processing and/or system administrators.
– to third-party companies or other subjects (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the data controller, in their capacity as external managers Processing.
5. Data communication
Without the need for express consent (pursuant to Art. 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies (such as IVASS), Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers.
Your data will not be spread.
6. Data transfer
Personal data are stored on servers located in via Spineto, n.3/h-i, 63837 Falerone (FM), Italy, within the European Union. In any case, it is understood that the Data Controller, where necessary in the future, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of EXTRA-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
7. Nature of the provision of data and consequences of refusal to reply
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we can not guarantee the services of the art. 2.A). The provision of data for the purposes referred to in art. 2.B) is optional. It can therefore decide not to give any data or to subsequently deny the possibility of processing data already provided: in this case, it will not be able to receive the services referred to in art. 2B). However, you will continue to be entitled to the Services referred to in art. 2.A).
8. Rights of the interested party
Each interested person has:
– the right of access under Article 15 of the GDPR;
– the right of rectification pursuant to Article 16 of the GDPR;
– the right to cancellation pursuant to Article 17 of the GDPR;
– the right to limit the processing pursuant to Article 18 of the GDPR;
– the right to object within the meaning of Article 21 of the GDPR;
– where applicable, the right in relation to the decision-making process and to automated profiling.
– where applicable, the right to data portability pursuant to Article 20 of the GDPR;
– where applicable, the right to lodge a complaint with an authority responsible for monitoring data privacy (Article 77 GDPR).
You can withdraw your consent to the processing of personal data granted to us at any time. This also applies to the revocation of consent statements made before the entry into force of the GDPR, ie before 25 May 2018. Please note that the revocation is only valid for the future and has no effect on the processing before the same
9. How to exercise rights
You can exercise your rights at any time by sending:- a registered letter to Company: Calzaturificio HEROS S.r.l. with registered office in Street Spineto, n.3/h-i, 63837 Falerone (FM);or a certified email to emal address: email@example.com
10.Data controller, Responsible persons and officers
The data controller is Cugnigni Giorgio con sede in Falerone (FM)-Italy
The updated list of responsible persons and officers is kept at the registered office of the Data Controller.