PRIVACY POLICY, REFERENCE ARTICLES No. 13 D.LGS. 196/03 and N. 13 REG. EU No. 679/2016 GDPR 196/03 and N. 13 EU No. 679/2016 GDPR
To guarantee correct information in the light of the provisions of the new EU Regulation no. 679/2016 on privacy (hereinafter "GDPR"), ASTA-CAR SRL Tax and VAT number 01270710401, with registered office in BERTINORO, VIALE 2 AUGUST 670 (chapter 47032), in the person of the legal representative pro tempore, as the data controller (hereinafter the "Data Controller"), hereby makes the updated information available, reminding you of the way in which your personal data are processed.
- Subject of Processing
The Data Controller processes personal identification data (merely by way of example: name, surname, address, telephone number, email address, bank details, etc., hereinafter "Data") which you have freely communicated during the relationship of supply and/or provision of the service based on the activity carried out by the Data Controller.
- Purposes of processing
Your Data are processed lawfully and correctly for the purposes described below.
- To allow the Data Controller to carry out the activities prior to the stipulation of the Contract and the execution of contractual obligations, including the fulfilment of administrative and accounting duties (including, for example, invoicing, historical archiving, credit recovery - also implemented by factoring, credit insurance, assignment of credit, etc.), by fulfilling Your request for supply and/or service to proceed with the completion of all activities requested by You in compliance with the law. To allow the Data Controller to manage the treasury activities relating to the contractual relationship (with the related processing - in accordance with the law - of the bank details and/or other payment data, including any identification details of credit cards or disbursement cards), based on the terms and conditions of the Contract and/or other specific contractual conditions agreed upon. To allow the Data Controller to prepare measures aimed at protecting against credit risk, including activities aimed at identifying the Customer and his financial reliability. To allow the Data Controller to fulfil legal, accounting, fiscal, administrative and contractual obligations related to the supply and provision of the services requested, as well as the proper management of relationships with authorities, control bodies and third-party public bodies for purposes related to particular requests, the fulfilment of legal obligations or other procedures;
- on the basis of the consent you have already given (pursuant to art. 23 and 130 of Legislative Decree no. 196/2003 today art. 7 GDPR), to allow the Data Controller to carry out research and analysis aimed at detecting the degree of customer satisfaction with the quality and type of services rendered and products offered, and to put in place initiatives related to the improvement of services provided.
- To allow the Data Controller to carry out the activities prior to the stipulation of the Contract and the execution of contractual obligations, including the fulfilment of administrative and accounting duties (including, for example, invoicing, historical archiving, credit recovery - also implemented by factoring, credit insurance, assignment of credit, etc.), by fulfilling Your request for supply and/or service to proceed with the completion of all activities requested by You in compliance with the law. To allow the Data Controller to manage the treasury activities relating to the contractual relationship (with the related processing - in accordance with the law - of the bank details and/or other payment data, including any identification details of credit cards or disbursement cards), based on the terms and conditions of the Contract and/or other specific contractual conditions agreed upon. To allow the Data Controller to prepare measures aimed at protecting against credit risk, including activities aimed at identifying the Customer and his financial reliability. To allow the Data Controller to fulfil legal, accounting, fiscal, administrative and contractual obligations related to the supply and provision of the services requested, as well as the proper management of relationships with authorities, control bodies and third-party public bodies for purposes related to particular requests, the fulfilment of legal obligations or other procedures;
- Processing methods
The processing of Your Data is carried out by means of the operations indicated in art. 4 Legislative Decree no. 196/2003 as well as art. 4 no 2) of the GDPR, namely: collection, registration, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, deletion and destruction of Data.
Your Data are processed both on paper and electronically and/or by automated means.
The Data acquired will be processed, in full compliance with the law, as well as with the principles of lawfulness, fairness, transparency, non-excess and protection of Your confidentiality and of Your rights.
The processing of data of minors is not envisaged.
- Duration of Data retention:
the Data Controller retains the Data in compliance with local laws and internal company policies and procedures for the time necessary to fulfil the aforementioned purposes and to satisfy its legitimate business interests, legal obligations or to establish, exercise or defend legal rights. Once the data retention requirement has been exhausted for said purposes, the Data will be eliminated in a secure manner.
- Legal basis of processing
The processing of the aforementioned Data is necessary for the execution of your contractual relationship with the Data Controller, and is based on your signature of the Contract. The processing of Data for marketing purposes is permitted in relation to the free circulation of data as provided for by the GDPR, and can take the form of activities aimed at satisfying the legitimate business interests of the Data Controller, including any commercial development activities (for example marketing, customer satisfaction, etc.) carried out by the latter. The Data Controller processes the aforementioned Data only as a result of the express consent you may have provided at the time of the conclusion of the Contract, with reference to each (or more specific) purposes.
In the event that, as part of the contractual relationship and the types of services requested, certain specific purposes of the processing are established by the Customer, ASTA-CAR SRLis appointed by the Customer as the Data Processor for these purposes only.
- Communication, dissemination and access to Data
Your Data may be made accessible for the purposes described above:- to employees and associates of the Data Controller in Italy and abroad, in their capacity as internal data processors and/or subresponsible parties/persons responsible for processing and/or system administrators;
- to other Companies controlled by and/or connected to ASTA-CAR in Italy and abroad and to the employees thereof (for example for administrative and accounting purposes);
- other companies or other entities (merely by way of non-exhaustive example, banks, financial intermediaries, credit insurance institutions, professional firms, consultants etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external processors, including suppliers and designees, to perform ancillary services or those which are instrumental to the purposes mentioned above, with which the Data Controller should conclude appropriate agreements.
The Data Controller also reserves the right to share personal data with some third parties, including: IT providers for system development purposes and technical assistance; auditors and consultants to ascertain compliance with external and internal requirements; legal entities, law enforcement agencies and litigants in compliance with legal requirements for disclosure or claims; any successors or business partners of the Data Controller or of a company of the Data Controlle's group in the event of sale, transfer or other extraordinary transactions; police forces, armed forces and other public administrations, for the fulfilment of obligations under the law, regulations or community legislation.
In the event that said subjects are established in non-EU Countries, the Data Controller ensures that the transfer of non-EU Data will take place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission.
- Data Transfer
Data are stored on servers located within the European Union. Data are stored on servers located within the European Union. In any case, it is understood that the Data Controller, should it be necessary, will also transfer the Data to other non-EU areas; in this case, the Data Controller hereby ensures that the transfer of non-EU Data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission. The Data Controller will apply all the necessary protections to the aforementioned transfers pursuant to the current legislation on privacy.
- Nature of the provision of Data and consequences of the non-disclosure of Data
The provision of Data for the purposes referred to in art. 2A. is obligatory. In their absence we cannot guarantee the provision of the services covered by the Contract as per art. 2A. However, the provision of Data for the purposes referred to in Article 2B is optional. In the event that You have given consent for these purposes, you may decide to revoke it: in this case, you will not receive commercial communications and advertising material related to the services offered by the Data Controller.
- Rights of the data subject
In Your capacity as a data subject, You have the rights pursuant to art. 7 of Legislative Decree no. 196/2003 as well as to arts. 13, paragraph 2, letter b), c) and d) 15, 16, 17, 18, 19 and 21 GDPR and precisely the rights to:
- obtain confirmation of the existence of Data concerning You, even if not yet recorded, and their communication in intelligible form;
- obtain information about: a) the origin of the Data; b) the purposes and methods of processing; c) the logic applied in case of processing with electronic instruments; d) the identity of the Data Controller, the Data Protection Officer, data processors and the designated representative pursuant to art. 5.2, Legislative Decree no. 196/2003 as well as art. 3, paragraph 1, GDPR; e) subjects or categories of subjects to whom Data may be communicated or who can learn about them as appointed representative in the territory of the State and as data processors;
- obtain : a) the updating, rectification or, where interested therein, integration of the Data; b) the cancellation, anonymisation or blocking of personal data processed unlawfully, including data whose retention is unnecessary for the purposes for which the personal information was collected or subsequently processed; c) certification that the operations in letters a) and b) have been made known, also as regards their contents, to those to whom the data were communicated or disseminated, unless this requirement proves impossible or involves the use of means which are manifestly disproportionate to the protected right;
- object, in whole or in part: a) for legitimate reasons to the processing of the Data concerning You, pertinent to the purpose of collection; b) the processing of Data concerning You for the purpose of sending advertising materials or direct marketing or for carrying out market research or commercial communication, through the use of automated calling systems without human intervention through e-mail and/or through traditional marketing arrangements by phone and/or mail. Please note that, with regard to direct marketing through automated methods, the data subject's right to object, as set out in point b) above, is extended to traditional methods, and that the data subject is able to exercise their right to object, even partially. Therefore, the data subject may decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication;
- where applicable, he also has the rights referred to in arts. 16 - 21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority;
- revoke any consent given at any time.
- How to exercise your rights
You may at any time exercise your rights or make a request by sending: a registered letter to ASTA-CAR SRL with headquarters in BERTINORO VIALE 2 AGOSTO 670 (chapter 47032), or an email address: info@astacar.it
- How to exercise your rights
The Data Controller is the company ASTA-CAR SRL Tax and VAT number 01270710401, in the person of the legal representative pro tempore, with legal and operational headquarters in BERTINORO VIALE 2 AGOSTO 670 (ZIP code 47032) The Data Protection Officer can be contacted at the following e-mail address: info@astacar.itInformation concerning the categories of Data Processors is available at the registered office of the Data Controller and can be requested from the address: info@astacar.it
- Appointment External Data Processor in the case of the purposes of the treatment defined by the Customer
With reference to and limited to the data processed by ASTA-CAR SRL for processing purposes defined by the Customer in the cases provided for by the last paragraph of the previous point 5, pursuant to art. 28 GDPR, with the signing of this Contract, the Customer, as "Data Controller" of the data processing, names ASTA-CAR SRL as "Data Processor" (hereinafter, the "Data Processor"), without prejudice to the possibility for ASTA -CAR SRL to appoint any sub-managers.
Cookie
A "cookie" is a small text file created on the user's computer when he accesses a particular site, with the purpose of storing and transporting information. Cookies are sent from a web server (which is the computer on which the visited website is running) to the user's browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the user's computer; they are then re-sent to the website at the time of subsequent visits.
During navigation, the user may also receive cookies from different sites on his terminal (so-called "third party" cookies), set directly by the managers of said websites and used for the purposes and in the manner defined by them.
Cookie of the owner
The site www.astacar.it uses only technical cookies, with respect to which, pursuant to art. 122 of the privacy code and the Provision of the Guarantor of 8 May 2014, no consent is required from the interested party.
Third party cookies
Some third-party cookies are installed through the website www.astacar.it.
The individual third-party cookies are reported in detail, as well as the links through which the user can receive more information and request the deactivation of cookies.
Google Analytics
The Site uses Google Analytics. This is a web analysis service provided by Google Inc. ("Google") which uses cookies that are stored on the user's computer to allow statistical analysis in aggregate form regarding the use of the website visited.
The data generated by Google Analytics are stored by Google as indicated in the information available at the following link https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
To consult the privacy policy of the company Google Inc., independent data controller of the Google Analytics service, please refer to the website http://www.google.com/intl/en/analytics/privacyoverview.html