Privacy Policy

 

INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA

 

Dear Customer,

this information is provided pursuant to and for the purposes of art. 13 of Regulation (EU) 2016/679 (hereinafter, "GDPR"), relating to the protection of individuals with regard to the processing of personal data.

 

Purpose and Legal Basis of the Processing

The personal data provided by you directly (essential data and contact information) will be processed for the following purposes:

-        to fulfil the obligations of a contract or to respond, before and after the completion of said contract, to your specific requests;

-        to complete and comply with legal, administrative, accounting, civil, fiscal, regulatory and normative (EU and non-EU) obligations;

-        to manage potential litigation;

-        with your consent, to process the personal data (e-mail addresses, phone number, postal address) to send commercial communications that contains information on products or services, as well as promotions or invitations to events it will attend.

 

Data Retention Period

For Marketing Purposes, your personal data will be processed for twenty-four months from the last communication: the data subject may withdraw the consent or however oppose the processing at any time.

To process the request for a quote you made, your personal data will be kept for 60 days from the date of the request, after which they will be deleted.

For the other aforementioned purposes, your personal data will be processed even after the fulfilment of the contract in order to carry out all the obligations connected to or deriving from it, for the term established by the law(s) in place at the time, and according to the limitation period of the rights arising from the contract itself.

 

Methods Used to Provide Data and Consequences of Refusal

Providing your personal data is optional for Marketing Purposes: the data subject may decide not to provide any data or subsequently to deny the possibility of processing the data already provided: in this case, the Data Controller will not be able to carry out the corresponding activities. For that reason, it is your faculty to give consent to the sending of the communications indicated above only with traditional methods or only with automated methods: even the possible revocation, therefore, may concern only one or some of them.[1]

For all other purposes listed above, data provision is necessary for all that is required due to legal and contractual obligations. Therefore, your refusal to provide said data, entirely or in part, may make it impossible for the Company to fulfil the contract or to correctly carry out all related obligations.

 

Categories of Recipients

Exclusively for the purposes listed above, all collected and processed personal data may be sent to in-house employees authorized to process data as required by their respective roles, as well as to the following third parties:

-        sales agents that manage relationships on behalf of the Data Controller;

-        companies or other third parties that work as outsourcers;

-        credit institutions and banks;

-        credit insurance companies;

-        credit recovery companies, commercial data companies, consultants;

-        lawyers and legal counsel;

-        public and private bodies, also following inspections and audits.

When required to process data on our behalf, the aforementioned recipients will be designated as data processors, with a special contract or other legal document.

 

Transfer of Data to Other Countries or International Organisations

Data Controller will not transfer personal data to non-European countries nor towards international organizations.

 

Rights of Data Subjects

Data subject has the right (articles. 15 -22 of the GDPR) to ask to Data Controller: to be able to access personal data, to correct any inaccuracies in it, to delete it or restrict its processing if the required conditions are met, to object to its processing on the grounds of legitimate interests pursued by the Data Controller, and to obtain the portability of the data personally provided only if it is subject to automated processing based on consent or contract.

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Data subject may also lodge a complaint with the competent supervisory authority, the Italian Data Protection Authority (www.garanteprivacy.it).

 

Data controller

Data controller of your personal data is Irinox S.p.A, which can be contacted by sending a specific written request to Irinox S.p.A. based in via Caduti nei Lager, 1 - Conegliano (TV) or by writing to the email address privacy@irinox.com.

 

Data protection officer

For Irinox S.p.A. the DPO is UNINDUSTRIA SERVIZI & FORMAZIONE TREVISO PORDENONE S.C.R.L. contactable at the following dpo@irinox.com.