Information sheet pursuant to Art. 13 General Data Protection Regulation EU 2016/679 – GDPR – Information on the processing of personal data obtained from the interested party to Legislative Decree No. 196/2003, as amended by the Legislative Decree 101/2018, and Art. 13 of the General Data Protection Regulation EU 2016/679
Parotex srl, with registered office in Via Massari Marzoli, 17 – 21052 Busto Arsizio (VA), Tax Code and VAT Number 02572280127 (hereinafter referred to as the “Data Controller”), as Data Controller, informs you pursuant to Legislative Decree 196/03 as amended by the Legislative Decree 101/2018 (hereinafter referred to as the “Privacy Code ”), and to Art. 13 of the General Data Protection Regulation EU 2016/679 (hereinafter referred to as the “GDPR”) that your data will be processed in the manner below and for the following purposes.
In accordance with the General Data Protection Regulation (EU) 2016/679, we are providing herewith the necessary Information relating to the processing of the personal data provided.
THE DATA CONTROLLER
Pursuant to Articles 4 and 24 of the GDPR, the data controller is Parotex srl, in the person of Its pro-tempore legal representative.
The controller’s email contact Is firstname.lastname@example.org
THE DATA PROTECTION OFFICER (DPO) has not been nominated under the articles 37 – 39 of Reg. EU 2016/679.
PURPOSE AND LEGAL BASIS OF THE PROCESSING
The personal data will be processed in accordance with the conditions on legality pursuant to Article 6 of Reg. (EU) 2016/679 for the following purposes:
1. Parotex services:
2. for newsletters and promotions, market research or other sampling research and direct sales or purchases, surveying the level of satisfaction, to receive informational, promotional, commercial and advertising material and material related to events and initiatives on products, services, offers and promotions. The data will be included in the corporate Databases.
Data processing in accordance with the aforementioned purpose is carried out pursuant to Article 6(1 ), letters b), c) and f) for execution of a contract, to fulfill a legal obligation or for legitimate interest of the Data Controller; taking into account the reasonable expectations held by the interested party at the time or within the scope of the collection of personal data, when the interested party may reasonably expect such data to be processed for that purpose.
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA
The personal data supplied will be sent to recipients, who will process the data as data processors (Article 28 of GDPR) and/or as natural persons acting under the authority of the Data Controller and Data processor (Article 29 of GDPR), for the purposes listed in point 1. More specifically, the data may be sent to companies contracted to Parotex, to associated and/or subsidiary companies within the European Union and non-EU countries, in compliance with applicable regulations, also through managing companies. Data may be communicated to third parties falling under the following categories:
– sales/distribution network in the territory;
– parties that provide services for managing the computer system used by Parotex and the telecommunication networks (including email, CRM Data Base management, APP providers, call centers, etc.);
– third parties to support sale and purchases and administrative-accounting activities;
– offices or companies within the scope of assistance and consulting services;
– the relevant authorities for compliance with legislative requirements and/or directives issued by public bodies, on request.
Parties belonging to the categories above operate as Data Processors or independently as Data Controllers. The list of Data Processors is constantly updated and available at Parotex by writing to email@example.com.
TRANSFER OF DATA AND GUARANTEES
To manage its activities, Parotex will be able to use server and cloud platforms provided by third parties located in EU and Extra EU states, countries that might not benefit from an EU Commission’s adequacy decision, therefore the transfer will take place on the basis of contractual clauses such as those approved by the Commission or by virtue of other suitable mechanisms for data transfer required by applicable regulations. For information on guarantees concerning data transfer outside the EU, please write to firstname.lastname@example.org.
DATA RETENTION PERIOD
The data will be processed electronically or manually, with procedures and tools able to guarantee maximum security and confidentiality, by persons specifically authorized to do so. In accordance with the provisions of Article 5(1 ) letter e) of GDPR, the personal data collected will be kept in a form that allows the identification of interested parties for a period no longer than that required to fulfil the purpose for which the personal data is collected. The retention of the personal data supplied depends on the purpose of processing:
RIGHTS OF DATA SUBJECTS
You may assert your rights as provided for by GDPR, by contacting the Data Controller, by sending an email to email@example.com or by writing to the Data Controller’s premises indicated above. You are entitled to ask the Data Controller for access to your personal data at any time (Art. 15), to correct it (Art. 16) or to delete it (Art. 17), or to limit the processing thereof (Art. 18) or to object to the processing thereof based on a legitimate interest (Art. 21). Finally, you are entitled to data portability (Art. 20).
Right to revoke. Where processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of the processing that was based on the consent before it was revoked.
To object to processing or to exercise any other rights, you can write to firstname.lastname@example.org.
You are entitled to submit a claim to supervisory authority: Garante per la protezione dei dati
There is no automated decision-making process.
The transfer of data for the purposes stated under point 1 above is optional, but necessary. The refusal to supply the necessary data regarding point 1 makes it impossible the execution of the contract and to use the services of the Data Controller. The transfer and consent to processing for the purposes under point B) and/or C) is optional. Any refusal to provide consent for the purposes detailed under point 2 above, does not result in any negative consequence regarding the purposes referred to in point 1.
CHANGES TO THE PRIVACY INFORMATION NOTICE
The Data Controller reserves the right to change, update, supplement or remove parts of the present Privacy Information Notice at its sole discretion at any time. The Data Subject must check periodically for any changes. To facilitate such checking, the Information Notice the below shows the date of updating of the Information Notice.