WHO IS THE HOLDER OF THE TREATMENT?
The Data Controller (hereinafter “Owner”) is Castellan Maria & C. Spa – Via Vittorio Veneto, 65 – 30027 San Donà di Piave (VE)
DATA PROTECTION OFFICER
The data controller has not appointed a DPO pursuant to Article 38, however you have the possibility to contact the privacy office for all matters relating to the processing of your personal data and the exercise of the rights provided by the GDPR to the following data contact:
privacy@castellanmariaspa.com
WHAT IS THE LEGAL BASIS OF THE PROCESSING?
The legal basis for the processing of your personal data is:
• Obligations and contractual obligations.
• Legal obligations.
FOR WHAT PURPOSES WILL YOUR DATA BE PROCESSED?
Your personal data will be processed for the purposes of managing the service and fulfilling legal obligations:
1. Execution of the supply contract or supply order.
2. Invoicing of amounts due and any additional services.
3. Fulfillment of regulatory obligations including accounting, administrative and tax obligations.
4. Management of any complaints and disputes.
5. Fraud prevention and management of delays or missed payments.
6. Protection and possible recovery of credit, directly or through third parties (agencies / credit recovery companies, law firms) to whom the data necessary for these purposes will be communicated.
7. Credit transfer to authorized companies.
8. Conservation and use of accounting data relating to the punctuality of payments for reward policies and to refuse future contractual relationships.
9. Reporting and quality control and certification.
The provision of your data is necessary for the achievement of the purposes referred to in point a).
Your failure, partial or incorrect conferment could result in the inability to activate and provide the requested service or to follow up on the supply contract.
WHICH SUBJECTS MAY YOUR PERSONAL DATA BE COMMUNICATED TO?
Your personal data will be processed exclusively by persons authorized to process and by persons designated as Data Processors in compliance with the GDPR in order to correctly carry out all the processing activities necessary to pursue the purposes referred to in this Notice. Your Personal Data may be disclosed to Public Bodies or the Judicial Authority, where required by law or to prevent or suppress the commission of a crime and in any case to:
• who is the legitimate recipient of communications required by law or regulations (such as, for example, Offices and Public Authorities);
• who is the recipient of communications necessary in fulfillment of the obligations deriving from the supply and from the signed contract;
• third-party companies specialized in the management of commercial and credit-related information (such as, for example, call centers, data processing centers, banks, etc.);
• companies and / or collaborators for the management of administrative services which are used to fulfill one’s legal or contractual obligations;
• other subjects (businesses, companies, individuals) who collaborate with the data controller in the context of the services and supplies that the same offers.
Minors
It is not envisaged that Personal data of minors under the age of 16 will be processed, without the prior authorization of the holder of parental responsibility.
HOW LONG WILL YOUR PERSONAL DATA BE PROCESSED?
Your personal data will be kept for the period necessary to pursue the purposes related to point a) above. In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, i.e. until the termination of the contractual relationship between you and the Data Controller, without prejudice to a further retention period that may be imposed by law.
The data relating to the spontaneous delivery of curricula will be kept for no more than two years from the date of receipt.
Your data will be kept for a further period in relation to the purposes of disputes and any disputes.
HOW CAN YOU REVOKE THE GIVEN CONSENT?
You have the right to revoke your consent given to the Data Controller at any time totally and / or partially without prejudice to the lawfulness of the processing based on the consent given before the revocation.
To withdraw your consent, you can contact the Data Controller at the addresses published in this statement.
WHERE WILL YOUR DATA BE PROCESSED?
Your Personal Data will be processed by the Data Controller within the Italian territory. If for technical and / or operational reasons it is necessary to make use of subjects located outside the European Union, we inform you as of now that these subjects will be appointed as Data Processors pursuant to and for the purposes of the article 28 of the GDPR and the transfer of your Personal Data to these subjects, limited to the performance of specific processing activities, will be governed by a specific appointment contract in accordance with the guarantees and safeguards provided by the GDPR.
All the necessary precautions will be taken in order to guarantee the total protection of your Personal Data, basing this transfer on the evaluation of appropriate guarantees including, by way of example, the adequacy decisions of the recipient third countries expressed by the European Commission; adequate guarantees expressed by the third party recipient pursuant to Article 46 of the GDPR.
In any case, you can request more details from the Data Controller if your Personal Data have been processed outside the European Union by requesting evidence of the specific guarantees adopted.
WHAT ARE YOUR RIGHTS?
We remind you that you can exercise your rights under the GDPR and in particular obtain:
• confirmation that the processing of personal data concerning you is in progress and obtain access to the data and the following information (purposes of the processing, categories of personal data, recipients and / or categories of recipients to whom the data are states and / or will be communicated, retention period);
• the rectification of inaccurate personal data concerning you and / or the integration of incomplete personal data, also by providing an additional declaration;
• the cancellation of personal data, in the cases provided for by the GDPR;
• the limitation to the processing in the cases provided for by the current Privacy Law;
• the portability of data concerning you, if feasible and relevant to the service provided;
• opposition to the processing at any time, for reasons related to your particular situation, to the processing of personal data concerning you in full compliance with the current privacy legislation.
You can exercise your rights by contacting the e-mail address privacy@castellanmariaspa.com; attaching a copy of the identity document.
In any case, you will always have the right to lodge a complaint with the competent supervisory authority (Guarantor for the Protection of Personal Data), pursuant to art. 77 GDPR, if you believe that the processing of your data is contrary to the current Privacy Law.
