Regulation (EU) 2016/679 (the European General Data Protection Regulation, hereinafter also “GDPR”) establishes the obligation to inform data subjects of certain fundamental provisions (specified in Articles 13 and 14) regarding processing of their personal data. BINI S.r.l. fulfils this obligation by informing you that:
DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is “Bini S.r.l”,
Via Porrettana Nord, 33 – 40043 Marzabotto (BO) – Italy
Tel. +39 051-932836
A BINI S.r.l. has not designated a data protection officer per exemptions set forth in GDPR Art. 37.
PURPOSES AND LEGALITY OF PROCESSING
The purposes of personal data processing are dual and regard:
- the fulfilment of the precontractual and contractual relationship between the parties (GDPR, Art. 6, Par. 1, Letter “b”);
- compliance with all legal obligations relating to said relationship and incumbent upon the Data Controller (GDPR, Art. 6, Par. 1, Letter “c”);
Said purposes may also regard the legitimate interests of the Data Controller (GDPR, Art. 6, Par. 1, Letter “f”).
PROCESSING METHOD AND NATURE OF PROVISION OF PERSONAL DATA
Your personal data will be processed by printed and electronic means. Provision of personal data is optional, however, BINI S.r.l. will not be able to fulfil the above contractual and legal obligations if personal data is not provided. If you choose not to provide your personal data, the contractual relationship with BINI S.r.l. cannot be fulfilled.
CATEGORIES OF PERSONAL DATA RECIPIENTS
Your personal data may be communicated to:
1) BINI S.r.l. personnel authorised to process said data;
2) Partner companies and professionals in technical and operational activities;
3) Companies and professional studios supporting managerial, administrative, and legal activities;
4) Companies and consultants providing technical IT and organisational services;
5) Banks and insurance companies performing services inherent to the above purposes;
6) Judicial or administrative authorities as necessary for legal compliance.
These data recipients act as External Data Processors (GDPR, Art. 28).
PUBLICATION OF PERSONAL DATA
Your personal data will not be publicised. By “publicised” we mean made known in any way to indeterminate subjects.
Your personal data will be stored for the length of time necessary to fulfil contractual obligations and for 10 years after the last transaction to which you are party, without prejudice to legal obligations that may require an extension of this storage period.
DATA SUBJECT RIGHTS
You have the rights provided in GDPR Articles 15–22, summarised below:
- right to access your personal data and related information, the rectification of inaccurate data, or the completion of incomplete data;
- right to request erasure of your personal data (if any of the grounds listed in Art. 17, Paragraph 1 applies) or restriction of the use of your personal data (Art. 18);
- right to object to the processing of your personal data and to revoke consent at any time (limited to cases where the processing is based on expressed consent for one or more specific purposes).
- right to lodge a complaint with a regulatory authority (in Italy, the Autorità Garante for the protection of personal data – www.garanteprivacy.it).
You may exercise the above rights by contacting the Data Controller directly via the contacts indicated above.