Pursuant to articles 13 and 14 of Regulation (EU) 2016/679
Teoresi S.p.A., in accordance with the applicable legislation, undertakes to process Your personal data in accordance with the principles of lawfulness, fairness, transparency, pertinence and minimisation established by Article 5 of EU Regulation 2016/679 “on the protection of natural persons with regard to the processing of personal data („GDPR“).
Teoresi S.p.A. invites You to read the following privacy notice drawn up pursuant to Articles 13 and 14 GDPR. This privacy notice is addressed to the users who browse the Teoresi Group’s website and Teoresi’s social media (“Data Subjects”). The Website is owned, managed and maintained by TEORESI and its branches, with the purpose of providing information and communications regarding TEORESI Group, its products or services offered.
Our Website contains some plug-ins that redirect the visitors to other websites and socials (YouTube, Vimeo, Facebook, Linkedin, Instagram). Plug-ins are software components that enable customization and facilitate website browsing.
However, we have no control on the access and management of other websites/social media other than that in which we promote our business.
1. DATA CONTROLLER
The Data Controller treatment of Your data is Teoresi S.p.A., with registered office in Turin, Via Perugia, 24 – 10152 – P.IVA 03037960014.
The contact details of the Data Controller are: Tel. 011.2408000; e-mail: firstname.lastname@example.org; PEC: email@example.com
2. DATA PROTECTION OFFICER
Teoresi appointed a Data Protection Officer provided for by the GDPR („Data Protection Officer“ or „DPO“), entrusted by law with monitoring the compliance with the Regulation, as well as tackling requests from data subjects within the context of the legitimate exercise of the rights recognized by the Regulation, and acting as a reference point towards the Privacy Authority.
For all issues related to the processing of Your personal Data and/or to the exercise of Your rights listed under point 9 of this notice, You may contact the DPO at the following email address: firstname.lastname@example.org
3. CATEGORIES OF PROCESSED DATA AND LEGAL BASIS FOR PROCESSING
The processing will concern the following Data:
· common identification data (first Name, last Name),
· contact data (phone number, e-mail address),
· IP address,
· data related to Your interactions with our contact points.
The legal basis for this data processing is the legitimate interest.
4. PURPOSE OF THE PROCESSING
The Data You provide will be used for the following purposes:
· management of requests
5. NATURE OF DATA PROVISION
In case a request is sent through the “contact us” section of the website, thus You put in touch with us by filling in the dedicated form, the provision of Your personal data is necessary for the proper and successful management of Your requests. This is the reason why those fields are marked as mandatory.
6. PROCESSING METHODS
Data will be processed and collected through paper-based instruments, computer and telematic media, also by entering them into databases, archives, platforms, suitable to ensure the security and confidentiality of the Data, in accordance with the provisions of art. 32) of the European Privacy Regulation UE/2016/679 (GDPR).
Your Data will be processed only by personnel expressly authorized by the Data Controller. The decision-making process will not be automated.
7. DATA RECIPIENTS
Your Personal Data may be shared by the Company with the following subjects:
· our collaborators, employees in charge of data processing, as part of their duties,
· any other subject who shall be informed on the basis of an express legal provision.
· other Group Companies: the Personal Data You provide may be transferred to companies belonging to Teoresi Group and/or to third-party companies located in the European Union (EU) and outside of the European Economic Area (EEA).
Transfers of personal data to Teoresi Group Companies and/or third parties located outside the EU/EEA are carried out in accordance with Chapter V of the Gdpr. In particular, they are based on the Standard Contractual Clauses (SCC) approved by the European Commission. To obtain a copy of these SCC please contact the Data Controller at the addresses listed in point 1 of this Policy.
8. DATA RETENTION PERIOD
Please note that, in accordance with the principles of lawfulness, purpose limitation and data minimisation, Your Data will be kept for the time necessary to achieve the purposes effectively pursued, pursuant to Art. 5 of the GDPR.
In this case the retention period will not exceed 1 year, without prejudice to the right to expressly request the cancellation of the already collected data.
9. RIGHTS OF DATA SUBJECT
As a data subject, You may exercise the rights provided for by Art. 15 et seq. GDPR against Teoresi. In particular, You may obtain:
· access to Your personal Data and all other information set out in Article 15 GDPR;
· the rectification of Data if they are inaccurate and/or their integration if they are incomplete (Art. 16 GDPR);
· the erasure (so-called „right to be forgotten“), anonymization or blocking of Data processed in breach of the law, including Data whose storage is not necessary in relation to the purposes for which the data was collected or subsequently processed, except for that information which must be mandatorily stored by the Data Controller unless there is a legitimate reason prevailing over the one of the Data subject to continue the processing activity (art.17 GDPR);
· Processing limitation of Your personal Data if one of the cases referred to under Article 18 GDP occurs.
According to what is prescribed by the GDPR, You also have the right:
· to object the processing of Your Data, unless the processing is necessary for the performance of public interest tasks (art. 21 GDPR);
· to withdraw consent. Such withdrawal, however, does not affect the lawfulness of the processing activities carried out before (Art. 7(3) and Art. 13(2)(c) GDPR;
· to lodge a complaint to the Guarantor for the Protection of Personal Data, pursuant to art. 77 GDPR, whether You consider that Your Data Processing infringes the legislation in force.
To exercise Your rights under Article 15 et seq. GDPR You may send a communication to email@example.com. Your request will be processed by the Data Controller within 28 days.