This text explains our policy on the processing of personal data collected through our contact systems including services on this site: gervasoni.com
We inform customers / suppliers (interested in the processing) and their contact persons (hereinafter “interested”, ex Art.4, c.1 of the GDPR)) that the professional relationships established with the undersigned Owner may involve the processing of personal data, in compliance with the following general principles:
OBJECT OF THE TREATMENT
The Data Controller processes personal identification data of the customer / supplier (for example, name, surname, company name, personal / fiscal data, address, telephone, e-mail, bank and payment details) and of its operational contact persons (name surname and data contact information) acquired and used in the provision of services provided by the Data Controller.
PURPOSE AND LEGAL BASIS OF TREATMENT
Data are processed for:
Failure to provide the aforementioned data will make it impossible to establish the relationship with the Owner. The aforementioned purposes represent, pursuant to Article 6, commi b, c, f, suitable legal bases for the lawfulness of the processing. If it is intended to carry out treatments for different purposes, a specific consent will be required from the interested parties.
METHOD OF TREATMENT
The processing of personal data is carried out by means of the operations indicated in Art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are subjected to both paper and electronic and / or automated processing. The Data Controller will process personal data for the time necessary to fulfill the purposes for which it was collected and related legal obligations.
SCOPE OF THE TREATMENT
The data are processed by internal subjects regularly authorized and instructed pursuant to Article 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications on any external subjects operating as managers or independent data controllers (consultants, technicians, banks, transporters, etc.). We also inform you that personal data may be the subject of intercompany communication between Group companies. The data are not subject to diffusion or transfer to non-EU countries. If it becomes necessary, in the context of tenders / contracts or in the performance of regulatory obligations (eg joint liability, anti-corruption, anti-mafia, anti-money laundering, etc.) acquire personal data of their employees from customers / suppliers, it is agreed between the parties that the undersigned company will be entitled to the processing as external manager (Art.28 GDPR) or authorized subject (Art.29 GDPR). As part of this report, the undersigned company undertakes to process such data in compliance with the compliance requirements established by the GDPR, guaranteeing any communication to other parties exclusively within the scope of specific legal obligations.
RIGHTS OF THE INTERESTED PARTY (GDPR articles 15-22)
At any time, the interested party can exercise the right to: