INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA FOR CUSTOMERS AND SUPPLIERS

pursuant to Regulation EU 2016/679 on the protection of personal data Information notice pursuant to articles 13-14 of Reg. EU (Chapter III Rights of the data subject)

Company, B.A.G. S.p.A., with registered office in Via dell’Industria 11 – postcode 63815 – Monte San Pietrangeli (FM), Tax ID and VAT Reg. No 01485570442; Data Controller ENRICO BRACALENTE (hereinafter, the “Data Controller” in his capacity as legal representative of the company), in his capacity as Data Controller, hereby informs you pursuant to art. 13 of EU Regulation no. 2016/679 (hereinafter “GDPR”) that your data will be processed using the following methods and for the following purposes:

1. Purpose of the Processing

The Data Controller processes personal data including:

  • Name
  • Surname
  • Company name
  • Address
  • Telephone
  • E-mail
  • Bank and payment details
  • VAT Reg. No.
  • All the profiling data requested in the consent form for the processing of the personal data.

(Hereinafter referred to as “personal data” or “data”) provided by you during the conclusion of contracts for the services provided by the Data Controller.

2. Purposes of the processing

Your personal data is processed:

A) Without your express consent (art. 6 letters b) and e) of the GDPR, for the following Purposes of Service:

  • To establish contracts for the services of the Data Controller (production and sale of products under the NeroGiardini brand) also via the b2b.nerogiardini.com platform;
  • To fulfil the pre-contractual, contractual and fiscal requirements deriving from relations with you;
  • To fulfil requirements relating to any laws, regulations, European Community law or any orders from the authorities (for example relating to anti-money laundering);
  • Exercising the rights of the Data Controller, for example the right to defence before the courts;

B) Only with your specific and express consent (article 130 of the Privacy Code and art. 7 of the GDPR), for the following Marketing purposes:

  • To send you e-mails, post and/or text messages and/or contact you by telephone or using newsletters, commercial communications (e.g. on the opening of new stores) and/or advertising material about the products and services offered by the Data Controller and customer satisfaction surveys on the quality of services;
  • To send you e-mails, post and/or text messages and/or contact you by telephone with commercial and/or promotional communication concerning the products of the brands “NeroGiardini” or others (for example, business partners, insurance companies, other companies in the Card Protection Plan Group);
  • To send you press releases relating to our company and/or information on news relating to our company;
  • Performing profiling activities using the data provided by you.

If the website is accessed using your social profile (e.g. Facebook, Twitter, Youtube, Instagram, LinkedIn, Pinterest), where foreseen, your personal data will be collected by the Data Controller from third parties, i.e. from the manager of the social network used to access the website. In this case you will be able to view this Information Note in the Privacy section of each Website.

With the express, free and unambiguous consent of the data subject pursuant to article 6, paragraph 1 point a) of Regulation 2016/679, in addition to the above data the Data Controller may request other Personal Data, including but not limited to data on your tastes, preferences, habits, needs and consumer choices, for the above-mentioned marketing purposes.

Please note that if you are already one of our customers, we may send you commercial communications relating to products and services offered by the Data Controller similar to those you have already used, unless you refuse to provide your consent (art. 17 of Regulation 2016/679).

Navigation on the Data Controller’s websites involves the use of cookies. For specifications on the cookies, please refer to the Cookies Policy: https://nerogiardini.it/cookie-policy.

3. Methods of processing

Your personal data is processed for the operations indicated in art. 4 para. 2 of the GDPR, which are: collection, recording, organisation, storage, alteration, selection, processing, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure of data. Your personal data may be processed in hard copy or using automated electronic means.

The Data Controller will process your personal data for the time required to fulfil the purposes referred to in art. 2 A and 2 B of this information notice: 10 years for fiscal and marketing purposes from the start of the end of the relationship for the purposes indicated in point 2A).

Relating to the processing of your data for the purposes listed in point 2, lett. B) of this Information Notice, the Data Controller may legally process your personal data until you notify the withdrawal of your consent to one or all purposes for which you have been requested, in one of the methods indicated in this Information Notice. If you withdraw your consent, the Data Controller shall cease processing your personal data for such purposes.

4. Access to data

Your data may be made accessible for the purposes listed in art. 2.A) and 2.B):

  • To service providers and other parties appointed by use who may have access to the data for the indicated purposes, provided they maintain the professional secrecy granted. These are companies working in the field of banking services, IT services, logistics, printing services, telecommunications, collection, consulting, sales and marketing.
  • To employees and collaborators of the Data Controller, in their capacity as Representatives and/or Internal Data Processors and/or systems administrators;
  • To third companies and other parties (for example credit institutes, professional firms, consultants, insurance companies for the provision of insurance services, etc.) outsourced to perform activities on behalf of the Data Controller, in their capacity as external data processors.

5. Data communication

Without the need for express consent (art. 6 lett. b) and c) GDPR), the Data Controller may disclose your data for the purposes listed in art. 2.A) to Supervisory Bodies (such as IVASS), Judicial Authorities, insurance companies for the provision of insurance services, as well as to those parties to whom disclosure is mandatory by law for the performance of such purposes. These parties will process your data in their capacity as independent data processors.

Your data will not be disclosed otherwise.

6. Data transfer

Your personal data is kept on servers located in Monte San Pietrangeli – Via dell’Industria 11, in Rome and in Gunzenhausen (Germany) in the European Union. It is in any case understood that the Data Controller, if necessary in future, will also have the faculty to move the servers outside of the EU. In this case, the Data Controller hereby ensures that the data will be transferred outside the EU in conformity with the applicable laws in force, concluding standard contractual clauses laid down by the European Commission.

7. Nature of data provision and consequences of your refusal to respond

The provision of data for the purposes listed in art. 2.A) is mandatory. If you do not provide your data we will not be able to guarantee the provision of the services listed in art. 2.A). The provision of data for the purposes listed in art. 2.B) is on the other hand optional. You may therefore decide not to provide some data or subsequently deny the possibility to process data already provided: in this case, you will not be able to receive the services listed in art. 2B). You will in any case continue to have the right to the services listed in art. 2.A).

8. Rights of the data subject

All data subjects have the following rights:

  • The right of access pursuant to article 15 of the GDPR;
  • The right to rectification pursuant to article 16 of the GDPR;
  • The right to erasure pursuant to article 17 of the GDPR;
  • The right to restriction of processing pursuant to article 18 of the GDPR;
  • The right to object pursuant to article 21 of the GDPR;
  • Where applicable, rights in relation to the decision-making process and automated profiling;
  • Where applicable, the right to data portability pursuant to article 20 of the GDPR;
  • Where applicable, the right to lodge a complaint with a supervisory authority competent for data privacy (article 77 of the GDPR).

You may withdraw your consent to the processing of your personal data at any time. This applies also to the withdrawal of any consent declarations made prior to the entry into force of the GDPR, i.e. before 25 May 2018. Please note that withdrawal is valid only for future processing and has no effect on any processing prior to the date of withdrawal.

9. Methods of exercising your rights

At any time you may exercise your rights by sending:

    • A registered letter with advice of receipt to the Company: B.A.G. S.p.A., with registered office in Via dell’Industria 11 – postcode 63815 – Monte San Pietrangeli (FM), Tax ID and VAT Reg. No 01485570442; or a PEC (Certified E-mail) to: privacy@pec.nerogiardini.it

10. Data Controller, Processor and Representatives

The Data Controller is B.A.G. S.p.A. with registered office in Via dell’Industria 11. – 63815 Monte San Pietrangeli (FM), represented by the legal representative Enrico Bracalente. The updated list of data processors and processing representatives is kept at the registered office of the Data Controller. The Data Protection Officer is: NEW SYSTEM srl located in Via Brodolini 58/B – 63837 Falerone, e-mail: info@new-system.it