Information on the processing of data
The company ADVANCED MICROWAVE ENGINEERING s.r.l., with registered office in VIA LUCCA 50-54, 50142 FLORENCE, VAT number 05016620485, e-mail address email@example.com , the Controller of the treatment of personal data informs that, according to the law in force, every operation concerning the same will be marked by the principles of correctness, lawfulness and transparency.
The person responsible for the processing of personal data is Mr. CLAUDIO SALVADOR, who can be contacted at the e-mail address firstname.lastname@example.org during the working hours.
Pursuant to and for the effects of articles 13 and 14 of Regulation (EU) no. 2016/679, and in relation to the personal data that we intend to process, we advise you of the following:
1. PURPOSES FOR PROCESSING PERSONAL DATA
1.1 Any personal identifying data attributable to you, to your company’s legal person and/or to the personnel who work for your company, such as, for example, personal details, email addresses, telephone numbers, bank details, etc., is processed in order to: send information about various subjects and by any means (telephone, email, electronic message, fax, traditional postal service, etc.); prepare estimates, quotations and offers, contracts, invoices, orders and the like; and to fulfil any other purpose related to the regular execution of a contractual relationship in accordance with that set forth by law, including administrative and tax obligations.
1.2 You are requested to send such data because it is needed to fulfil, in a proper manner, contractual obligations and to answer your requests and/or to meet your requirements, as well as to fulfil legal obligations to which our company is subject such as, for example, obligations of an administrative or tax nature, etc.
1.3 Personal details attributable to your company’s legal person and, therefore, normally available from public records, may be used and sent to the categories of recipients listed under paragraph 4.1, below, for the purposes relative to our company’s processes for certification, verification, qualification and the like which may be performed by third parties.
1.4 For any other purpose other than those purposes described above and relative to the personal data attributable to you, to your company’s legal person and/or to the personnel who work on behalf of your company, we will ask for your prior, appropriate and explicit consent, using documented methods that will be established from time to time.
1.5 The Controller does not intend to submit the data described under paragraph 1.1, above, to profiling processes or to automated decision-making processes.
1.6 Within our company’s offices, it is prohibited, in the interests of the privacy of personnel and visitors, to make any audio or video recording or to take photographs.
2.SOURCES OF DATA
2.1 The personal identifying data attributable to you, to your company’s legal person and/or to the personnel who work for your company, as specified above under paragraph 1.1, was provided by you in order for us to prepare an estimate, a quotation or an offer, a contract or an invoice and, generally, was done either verbally or in writing, including by email, by completing an on-line form, by telephone or by any other means of communication or was retrieved from public records.
2.2 Data collected automatically when you visit our website includes certain information about you and your visit such as your IP (Internet Protocol) address which allows your device to communicate with the internet, as well as other information including the type and version of the browser that you use and the pages of the site that you visit.
2.4 The ability to process data that could reveal racial or ethnic origin, religious or philosophical beliefs, political opinions and membership of a trade union, data relative to health, sex life and sexual orientation, genetic and/or biometric data, as well as data relative to any criminal conviction or crime, attributed to you, to your company’s legal person and/or to the personnel who work for you company is typically excluded.
3. METHODS USED TO PROCESS PERSONAL DATA
3.1 Processing is done by operations performed with or without the use of electronic tools and may consist of one or more of the following activities on the data that you provide: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, restriction, communication, erasure or destruction. Processing is carried out by the Processor and by those parties expressly authorised and appointed by the Controller who have successfully completed specific training courses and periodic refresher courses on privacy regulations.
3.2 All the operators appointed by our company who have access to computerised data are identifiable and equipped with personal access credentials; access to data is permitted only for those purposes tied to the operator’s role and only for the time strictly necessary to fulfil the purpose or purposes for which the data is processed.
4.CATEGORIES OF RECIPIENTS
4.1 The personal identifying data attributable to you, to your company’s legal person and/or to the personnel who work for your company, as specified above under paragraph 1.1.1, is typically processed by our personnel who have been duly appointed in relation to the purposes described above under paragraphs 1.1 and 1.2.
4.2 The personal data attributable to you and to your company’s legal person may be sent to the following categories of recipients: public administrations, credit institutes, control or supervisory bodies and, in general, any external party (for example, professionals, companies or bodies operating in various roles such as administration, security, data processing, certification and consulting in general) who collaborates with our company in relation to the purposes described above under paragraphs 1.1.2 and 1.1.3. These communications are done within the limits established by law and regulations.
4.3 In relation to certain contractual obligations or requests made by you, the personal data attributable to you, to your company’s legal person and/or to the personnel who work for your company, as specified above under paragraph 1.1.1, may be sent to other companies, businesses and professionals within the context of work assignments or sub-contracted or sub-supplier appointments. These communications are done within the limits established by law and regulations.
4.4 In no other case will the personal data attributable to you, to your company’s legal person and/or to the personnel who work for your company, as specified above under paragraph 1.1.1, be divulged to third parties or indeterminate parties, not even for the purpose of a simple consultation.
5. DATA TRANSFER
5.1 The Controller does not intend to transfer the personal data attributable to you, to your company’s legal person and/or to the personnel who work for your company, as specified above under paragraph 1.1.1, to third countries or to international organisations.
5.2 In the event that storage or data processing services are used through remote servers or, more generally, through web services such as, for example, “cloud storage” services, the service providers will be selected from those who provide appropriate guarantees, as set forth by article 46 of Regulation (EU) no. 2016/679.
6. STORAGE PERIOD
6.1 The personal data attributable to you, to your company’s legal person and/or to the personnel who work for your company, as specified above under paragraph 1.1, will be stored for the time needed to fulfil the purpose or purposes for which the data was collected.
6.2 At the end of this period, in compliance with the principle of necessity, this data will only be processed for the time needed to fulfil any legal obligations regarding administrative and tax matters.
7. THE DATA SUBJECT’S RIGHTS
7.1 The data subject, understood to be you, your company’s legal person and/or a person who works on behalf of your company, has the right to request access to the personal data that concerns him/her, to receive the personal data provided to the Controller and to have it sent to another Controller without hindrance (so-called data portability), to have the personal data updated, to restrict the processing of it, to object to the processing of it, to rectify the data and to erase that data processed in breach of the regulation in force.
7.2 The data subject also has the right to lodge a complaint with a Supervisory Authority and in Italy this is the Italian Data Protection Authority (Autorità Garante per la Protezione dei dati personali) (more information is available here: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524).
7.3Data subjects may exercise their rights by making a simple request, in any form whatsoever, to the Processor, together with a verification of their identity in order to verify the legitimacy of their request.