Information on the processing of personal data (pursuant to Art.14 GDPR)
IDRAL SPA a socio unico, with registered office in via ISEI 8/10, 28010 GARGALLO (NO), Italy, VAT number 00124610031, with its role as personal data Controller, informs the data subjects that personal data shall be processed according to the data protection principles established in the UE Regulation 2016/679 (GDPR).
The purposes of the processing of collected data
Personal data of the data subject are collected to enable the Controller to provide Services and/or fulfil contractual obligations.
Therefore, the purposes of data processing are the following:
- allow the use of potentially required Services;
- process a contact request;
- fulfil legal obligations related to commercial relationships;
- fulfil tax and accounting obligations;
- marketing (statistical analyses and market researches);
- assessment of the customer satisfaction regarding the products.
Should the data subject not allow the data processing, he or she will not be able to use the required service.
Only upon specific and clear consent, personal data are used for the following additional purposes:
- send Newsletter via email regarding commercial promotions and updates, presentations of new products and technical solutions, invites to events and trade fairs in which the Controller participates.
Methods of processing
The Controller shall take any suitable measure aimed at preventing non-authorised access, disclosure, alteration or destruction of personal data. Processing is carried out through computer and/or online and/or paper tools, and the organizational methods are strictly related to the purposes.
Legal basis
Data collection is mandatory according to that required by legal and contractual obligations and, therefore, refusing to provide such data, totally or partially, may impede the supply of the requested services.
The company processes optional user data according to the consent, namely with the explicit approval of this privacy policy and depending on the methods and purposes described below.
Data source
The Controller may acquire personal data coming from the users’ registration for the following platforms:
http://www.archiportale.com/ and any other showcase (EDILPORTALE, Archiproducts etc.)
that may process data independently in their role as independent controllers for the purposes included in their own information document.
Categories of addresses
Furthermore, the following categories of authorised people and/or external processors that are identified in writing and who have been given specific written instructions about data processing, may become aware of the data while such data are processed:
- authorised employees
- external designated processors who carry out outsourcing activities on behalf of the Controller (hosting providers, IT companies, communication agencies)
The updated list of the authorised employees and the external processors can be required at any time from the Controller.
Data transmission
The Controller is entitled to transmit data for the purposes described above without explicit consent of the data subject to oversight bodies, judicial authorities, as well as to any other subject whenever such transmission is legally required in order to achieve the abovementioned purposes.
Your data will not be disseminated.
Storage duration
Data are processed and stored for the period necessary for the purposes the data initially were collected:
- Mandatory data for contractual and accounting purposes are stored for the time necessary to handle the commercial and accounting relationship;
- Data of those who do not buy or use products/services, despite having had a previous contact with any representative of the company, will immediately be erased or processed anonymously, unless the storage is otherwise justified, and provided the data subjects have duly given their informed consent regarding a subsequent commercial promotion or market research activity. The storage duration of data is: 10 years after termination of the relationship
Rights of the data subject
Pursuant to the European Regulation 2016/679 (GDPR) and to the national legislation, the data subject can exercise the following rights within the limits and in accordance with the regulation in force:
- ask for the confirmation of the existence of personal data relating to him or her (access rights);
- be aware of their source;
- receive comprehensible communication of it;
- receive information regarding the logics, the methods and the purposes of the processing;
- request the update, rectification, integration, erasure, anonymous transformation, blocking of data processed illegally, including data that are no longer necessary to achieve the purposes they had been collected for;
- in the case of processing based on consent, the right to receive personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used and machine-readable format;
- the right to lodge a complaint with a supervisory authority.
Procedure for the exercise of rights
You can exercise your rights at any time sending:
- a registered letter to IDRAL SPA a socio unico, Via Isei 8/10,28010 GARGALLO (NO), Italia;
- an e-mail to privacy@idral.it
Controller
The Controller is IDRAL SPA a socio unico, with registered office in via ISEI 8/10, 28010 GARGALLO (NO), Italy.
Amendments of this Information document
This information document may be subject to amendments. It is therefore recommended to check this document on a regular basis and to refer to its latest version.
