Informative notice for customers and suppliers, including potential ones, and other contacts for business communications
articles 13-14 of EU Regulation 2016/679
In accordance with the General Data Protection Regulation for natural persons outlined in Article 13 of Legislative Decree no. 196 of 30.6.2003 and Articles 13-14 of EU Regulation no. 2016/679, the undersigned company: LAMM Srl, a sole proprietorship with registered office in Via G. Verdi, 19/21, 43017, San Secondo Parmense (Parma), Italy, hereby informs you, in its capacity as Data Controller, that your data will be processed via the following methods and for the following purposes:
1. Scope of processing
Personal data held by the undersigned organisation is gathered directly from the parties concerned, which is freely and directly provided by them, and via third parties (e.g. internet, public registers, etc.).
This information includes personal data, contact information, bank details, other contacts, telephone numbers, postal addresses and email. Data subjects shall be considered third parties identified and identifiable as assignees with the undersigned or with potential contractual counterparties, such as, for example, customers, suppliers, partners, public administrations, associations, etc., with whom there are interests and/or business relationships with the undersigned.
2. Processing purposes
For standard activities carried out, personal data is processed for the purposes of communication between the undersigned organisation, including its staff, and the data subject.
Your personal data is processed without Your express consent (Article 24, paragraph a), b) and c) of the Privacy Code and Article 6, paragraph b) and e) of the GDPR) for the following Service Purposes
a) purposes closely related to fulfilling and implementing required services (GDPR Articles 6(b) e 9(a)), in particular for the management of customers and suppliers (including potential ones) carried out by entering into company databases, for the purposes of evading regulatory and contractual obligations, internal work organisation, statistics and other information related to the performance of the undersigned organisation’s economic activity, e.g. obligations related to civil law, tax, accounting, remuneration, social security, insurance, etc. This includes the distribution of newsletters and communications related to the activity of the contract for the provision of the required services;
b) purposes linked to obligations required by law and by provisions issued by legally empowered authorities (GDPR Article 6, paragraph c) and Article 9, paragraphs b), g) and h)).
3. Consequences of refusing to provide data
Providing data collected from the data subject is optional but essential for processing the data for the purposes outlined in paragraphs a) and b). In the event where a data subject does not provide essential data, the exchange of communications between the undersigned organisation’s staff and the data subject will not be possible. For any data that is not essential, provision is optional.
In the absence of consent or incomplete or incorrect provision of certain data, including sensitive data, the requirements may be so incomplete as to lead to potential prejudice, penalties or loss of benefits. This is due to the fact that it is impossible to guarantee that data processing is adequate in fulfilling the obligations for which it is carried out, and due to the fact that the results may not comply with obligations imposed by the law. To this end, the undersigned organisation is exonerated from any and all liability for any sanctions or punitive measures.
4. Means of processing and security
Data processing refers to the gathering, recording, organising, retention, processing, modifying, erasing and destroying of data, or a combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data is carried out in paper form and by means of manual, computerised and telematic tools, including automated ones, suitable for storing and managing the data itself, using logic closely related to said purposes with the ultimate aim of ensuring security and confidentiality; personal data will therefore be processed in compliance with the methods outlined in Article 5 of EU Regulation 2016/679, which provides, inter alia, that the data be processed lawfully and correctly. The law states, among other things, that data must be processed lawfully and fairly, collected and recorded for specific, explicit and legitimate purposes, accurate, and, where necessary, updated, relevant, complete and not excessive with respect to processing purposes, in compliance with fundamental rights and freedoms, as well as the dignity of the data subject with particular reference to confidentiality and personal identity, through protective and security measures. The undersigned organisation has prepared and will continue to improve its secure access system and data storage. There are no automated decision-making processes (e.g. profiling).
5. Transfers outside the EU
Data will be processed mainly in Italy and within the EU, but may also be processed in countries outside of the EU and EEA if considered useful in fulfilling objectives pursued with respect to guarantees provided to data subjects.
6. Data retention period
Generally speaking, personal data will be stored for as long as it is necessary to process it: data will be retained for the entire duration of the contractual agreement and, after it expires, until it is no longer legally required, provided that the agreement itself is not renewed.
7. Categories of recipients
Data (only essential) is disclosed:
to authorised personnel and data processors, both within the undersigned’s organisation and outside of it, who carry out specific tasks and operations (internal sales network or agent networks, companies in charge of market research, commercial partners, third parties appointed by the company to fulfil, in whole or in part, the obligations assumed under the contract, banks and credit companies in general, risk centres and/or companies that manage commercial information services, business associations and the like).
in certain circumstances and to certain parties when required by law
Data will not be shared unless otherwise mandated by the law. Furthermore, without the prior general consent of the data subject to disclose information to third parties, it will only be possible to provide services that do not require such disclosures. Where necessary, special prompt consent will be requested and parties that receive data will use it as independent data controllers.
8. Rights of the data subject
At any time you may: exercise Your rights (accessing, correcting, deleting, limiting and transferring data, objecting to its use and being free from automated decision-making processes) via the data controller, pursuant to Articles 15 to 22 of the GDPR (below); make a complaint to the Guarantor (www.garanteprivacy.it); revoke any consent provided, if the processing of data is dependent on consent, taking into account that revoking consent does not affect the lawfulness of data processing based on consent provided before revocation.
9. Means of exercising your rights
At any time, you may exercise your rights by sending an email to firstname.lastname@example.org.
The data controller is LAMM Srl, a sole proprietorship.
The registered office is located in Via Verdi 19/21 – 43017 San Secondo Parmense (Parma) – Italy
Contact details: telephone +39 0521 877511 – e-mail email@example.com.
A comprehensive list of data controllers is available upon request.