PRIVACY NOTICE FOR THE PROCESSING OF PERSONAL DATA (ART. 13 AND 14 GDPR EU REGULATION 2016/679) (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018)
OFFICINE MALAGUTI SRL, with registered office in Sant'Agata Bolognese (BO), Via XXI Aprile, 1945, No. 60 - VAT number 03520240379 - (hereinafter, the "Controller"), as the data controller, pursuant to art. 13 EU Regulation No. 2016/679 (hereinafter, "GDPR") as well as the amendments introduced by Legislative Decree 30.6.2003 No. 196 as updated by Legislative Decree 101/2018 (hereinafter, the "Privacy Code"),
Whereas Definitions and legal references Personal Data (or Data): any information that, directly or indirectly, even in connection with any other information, including a personal identification number, makes a natural person identified or identifiable. Usage Data: information collected, including: IP addresses or domain names of the computers used by the User connecting to the Website, URI (Uniform Resource Identifier) addresses, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (e.g., the time spent on each page) and details regarding the path followed within the Application, with particular reference to the sequence of pages consulted, the parameters related to the operating system, and the User's computer environment. Data collected in any form and manner by the Controller, both in paper and digital format, Data Subject: The natural person to whom the Personal Data refers. Data Processor (or Processor): The natural person, legal entity, public administration, and any other entity that processes personal data on behalf of the Controller, as outlined in this privacy policy. Data Controller (or Controller): The natural person or legal entity, public authority, service, or other body that, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures related to the operation and use of this Website. The Data Controller, unless otherwise specified, is the owner of this Website. Service: The service provided by the Controller for which this Information is granted, consent is requested, and data is processed. This Website, as defined in the relevant terms (if present) on this site/application. European Union (or EU): Unless otherwise specified, any reference to the European Union in this document is intended to include all current member states of the European Union and the European Economic Area. Legal references: This privacy notice is drawn up on the basis of multiple legislative systems, based on the national legal system and, in particular, the Code, including articles 13 and 14 of Regulation (EU) 2016/679. That being said, the Controller OFFICINE MALAGUTI SRL informs you that your data will be processed in the following ways and for the following purposes.
Subject of Processing The Controller processes personal data, identifiers (e.g., name, surname, company name, address, telephone, email address, banking and payment references, hereinafter, "personal data" or "data") communicated by you on the occasion of requests for information, access, and registration to the Officine Malaguti newsletter, or for the conclusion of contracts for services provided by the Controller.Purpose of Processing Your personal data are processed: a. Without your express consent (art. 6 letters b. and e. GDPR), for the following Service Purposes: concluding contracts for the services of the Controller; fulfilling pre-contractual, contractual, and tax obligations arising from relationships with you; fulfilling obligations required by law, regulations, EU legislation, or an order of the Authority (such as in the field of anti-money laundering); exercising the rights of the Controller, such as the right to defense in court; b. Only with your specific and separate consent (art. 7 GDPR), for Marketing Purposes such as, for example, sending you via email, mail and/or SMS and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Controller and assessing the satisfaction level with the quality of services; sending you via email, mail and/or SMS and/or telephone contacts commercial and/or promotional communications. Please note that if you are already our customer, we may send you commercial communications related to services and products of the Controller similar to those you have already used, unless you expressly dissent (art.130 c.4 Privacy Code).
-
Processing Methods The processing of your personal data is carried out using the operations specified in art. 4 no.2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data is subject to both paper and electronic and/or automated processing. The Controller will process personal data for the time necessary to fulfill the purposes mentioned above and, in any case, for no more than 10 years after the termination of the relationship for Service Purposes and for no more than 2 years from the data collection for Marketing Purposes. For purposes related to active labor policy, personnel management, selection and search for new candidates, data may be processed for a maximum duration linked to the end of the employment relationship and/or ongoing selection. Data Access Your data may be made accessible for the purposes of art. 2.A) and 2.B) to employees and collaborators of the Controller, in their capacity as internal authorized personnel and/or system administrators; to third-party companies or other subjects (e.g., credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc...) that carry out outsourcing activities on behalf of the Controller, in their capacity as external data processors. Data Communication a. Without the need for explicit consent (art. 6 letters b. and c. GDPR), the Controller may communicate your data for the purposes previously indicated to Supervisory Bodies, Judicial Authorities, insurance companies for the provision of insurance services, consultants and professionals (Lawyers, Accountants, labor consultant, etc...), as well as to those subjects to whom the communication is mandatory by law for the fulfillment of said purposes. These subjects will process the data in their capacity as Processors under art. 28 GDPR of the processing. Your data will not be disclosed to third parties other than those previously indicated, except in cases where this is necessary by law and/or at the request of the Authority, and in any case, after informing the data subjects. b. Only with your specific and separate consent (art. 7 GDPR), the Controller may communicate your data to third-party companies and/or subsidiaries and/or controlled or controlling companies of the Controller (as defined under art. 2359 c.c.) for Marketing Purposes. For example, but not exclusively, to send you via email, mail and/or SMS and/or telephone contacts, newsletters, commercial communications and/or paper advertising material, on products or services offered by the Controller and/or for the assessment of satisfaction, on the quality of services; as well as to send you via email, mail and/or SMS and/or propose for telephone contact commercial and/or promotional communications. Data Transfer Personal data is stored on servers located in Italy and in any case within the European Union. It is understood, in any case, that the Controller, if necessary, has the right to move the servers outside the EU. In this case, the Controller ensures in advance that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the conclusion of the standard contractual clauses provided by the European Commission and possible communication to data subjects. Nature of data provision and consequences of refusal to respond The provision of data for the purposes of art. 2.A) is mandatory. In their absence, we will not be able to guarantee you the Services of art. 2.A). The provision of data for the purposes of art. 2.B) is optional. You can decide not to provide any data or to deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications and advertising material related to the Services offered by the Controller. However, you will still have the right to the Services of art. 2.A) and the Controller may send you communications related to services similar to those previously contracted and/or requested by you. Rights of the Data Subject In your capacity as a data subject, you have the rights set out in art. 15 GDPR, namely the following rights.
-
Obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
-
Obtain the indication: a) of the origin of personal data; b) of the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the data controller, the processors, and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as a designated representative in the territory of the State, data processors or persons in charge;
-
Obtain: a) the updating, rectification or, when interested, integration of data; b) the deletion, transformation into anonymous form, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data has been communicated or disseminated, except in the case where such fulfillment proves impossible or involves a manifestly disproportionate use of means compared to the protected right;
-
Object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for the performance of market research or commercial communication, using automated calling systems without the intervention of an operator, by email and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the data subject's right to object, as outlined in the previous point b), for direct marketing purposes using automated means also extends to traditional methods and that, in any case, the data subject retains the right to object only in part. Therefore, the data subject may decide to receive only communications via traditional methods or only automated communications or neither of the two types of communication.
-
At any time, you may exercise, in accordance with articles 15 to 22 of EU Regulation No. 2016/679, the following rights: a. request confirmation of the existence or not of personal data concerning you; b. obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data has been or will be communicated and, where possible, the retention period; c. obtain the rectification and deletion of data; d. obtain the limitation of processing; e. obtain data portability, i.e., receive them from a data controller, in a structured, commonly used, and machine-readable format, and transmit them to another data controller without hindrance; f. object to processing at any time, even in the case of processing for direct marketing purposes; g. object to an automated decision-making process relating to individuals, including profiling; h. ask the data controller for access to personal data and rectification or deletion of the same or limitation of processing concerning him or her or to oppose their processing, in addition to the right to data portability; i. revoke consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation; j. lodge a complaint with a supervisory authority. Information of the Data Subject and contact details We also inform you below of the contact details to which you may refer for the exercise of your aforementioned rights, or for any necessary information. The Data Controller is OFFICINE MALAGUTI SRL with registered office in Sant'Agata Bolognese (BO), Via XXI Aprile, 1945, No. 60. You may contact the Data Controller, to assert your rights, as provided for by art. 7 of the Code (and related articles) and by Chapter III of the Regulation, by sending an email to the address: marketing@malagutisrl.com. The Controller has not appointed a Data Protection Officer (DPO).
Your Privacy Form has been submitted successfully. Thank you for your cooperation!
I declare that I have received today from the Data Controller the information pursuant to Articles 13 and 14 of the European Regulation 2016/679 and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 for the processing of personal data, and in light of it,
After submission, please wait for 9 seconds for the signature to load and the confirmation message to appear below before closing the page