Privacy Policy

Pursuant to the General Data Protection Regulation (EU Regulation 2016/679)

Dear user, according to the law indicated, our treatments will be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights. According to article 13 of the GDPR 2016/679, therefore, we provide you with the following information:

TREATMENT TO WHICH THE INFORMATION IS REFERENCED:
Fulfillment of contractual obligations and fiscal, accounting and administrative management - Treatment of data for the evasion of orders, request information and product requests and subsequent tax, accounting and administrative requirements.
These are the categories concerned:

These are the target categories:
  • Consultants and freelancers in individual or associated form, Companies and companies, Banks and credit institutions, Institutional bodies, Associate and registered members, Suppliers.

These are the fields covered:
  • Registered Customer Data - Fiscal Code, Surname, Name, Name, Email, Address, VAT Number, Telephone numbers
  • Ecommerce Customer Data - Surname, Name, Bank Data, Name, Email, Postal address, Telephone numbers

The data is processed in these ways:

  • Electronics and paper


THE TREATMENT FOLLOWS THE FOLLOWING POLICY CRITERIA:

Fulfillment of contractual obligations, legal obligations to which the owner is subject, the interested party has given consent to the processing.
For the following reasons:
The fulfillment of the pre-contractual or contractual obligations relating to requests for information and purchase orders of the customer requires the aforementioned information for the correct stipulation and performance of the tasks assigned as well as the fulfillment of tax and accounting obligations.


We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the F.lli Sommacal S.r.l.. The use of the Internet pages of the F.lli Sommacal S.r.l. is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the F.lli Sommacal S.r.l.. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, the F.lli Sommacal S.r.l. has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

1. Definitions
The data protection declaration of the F.lli Sommacal S.r.l. is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
ARTICLE 8 (DATA CONCERNING MINORS):
In the treatment of "fulfillment of contractual obligations and fiscal, accounting and administrative management", data on minors are not processed.
ARTICLE 9 (HEALTH, BIOMETRIC AND JUDICIAL DATA):
In the treatment of "fulfillment of contractual obligations and fiscal, accounting and administrative management", no health, biometric or judicial data are processed.
DURATION OF TREATMENT:
The processing "Fulfillment of contractual obligations and fiscal, accounting and administrative management" has an indefinite duration: The Fratelli Sommacal Srl company declares the "fulfillment of contractual obligations" treatment with an indefinite date as it will continue to keep it alive in order to continue its activity. The Data Controller and the Data processor will supervise to ensure that data subjects can be guaranteed that, once the purposes of this processing are reached, the data will be deleted.
Profiling:
The processing does not involve automated or profiling processes.
Data transfer of this treatment:
Data is not transferred to countries outside the EU
2. Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

  • F.lli Sommacal
  • Via Ferramosche 134
  • 37053 Asparetto di Cerea, Verona
  • Italy
  • Phone: (+39) 0442 83255
  • Email:info@sommacal.com
  • Website: https://en.sommacal.com
EXTERNAL DATA PROCESSORS INVOLVED IN THIS TREATMENT:
WEBXALL DI ANGELO PALMA
IT services company and website development
FISCAL CODE / VAT NUMBER: DE260690338
DATA PROCESSOR:
Paola Sommacal (info@sommacal.com)


Rights of interested parties

You have the right at any time to obtain confirmation of the existence or otherwise of your data and to know its content and origin, verify its accuracy or request its integration, updating or rectification. You also have the right to request cancellation, transformation into anonymous form or blocking of data processed in violation of the law, and to oppose in any case, for legitimate reasons, to their treatment. Requests should be addressed to the Data Controller Fratelli Sommacal Srl at the office in via Ferramosche, 37053 Asparetto di Cerea (VR) or at the email address sommacal@tin.it

You have the right to complain to the privacy authority if the owner does not respond to your requests. The GDPR EU Regulation 2016/679 recognizes the following specific rights for the data subject (http://www.garanteprivacy.it/web/guest/home/autorita):

  • Right of access (art. 15);
  • Right of rectification (Article 16);
  • Right to cancellation (right to be forgotten) (art. 17);
  • Right to limitation of treatment (art. 18);
  • Right to receive notification in the event of rectification or deletion of data or limitation of processing (Article 19);
  • Right to data portability (art. 20);
  • Right of opposition (art. 21);
  • Law relating to automated decision-making, including profiling (art. 22).
            

You may at any time lodge a complaint with the supervisory authority to the Privacy Guarantor via registered A / R addressed to: Guarantor for the protection of personal data, Piazza Venezia 11, 00186, Rome. Or via certified e-mail (pec) addressed to: protocollo@pec.gpdp.it

            

Contact us in case of doubts or questions

Last update date: 07.05.2019