INFORMATION ON THE PROCESSING OF PERSONAL DATA.
Italian Personal Data Protection Code, Legislative Decree no. 196 of 30 June 2003 in accordance with article 13 of the Regulation EU 2016/679 – GDPR

This privacy policy is provided pursuant to art. 13 of the Legislative Decree no.196 of 30 June 2003 in accordance with art.13 of the European General Data Protection Regulation 2016/679  (hereinafter, GDPR)  and addresses to customers as natural persons and to natural persons in charge to operate in the name and on behalf of customers as legal persons.

  1. Data Controller and contacts

The Data Controller for data supplied by customers as natural persons and by natural persons in charge to operate in the name and on behalf of customers as legal persons (hereinafter “Data Subject”) is  OFFICINE ORTIGA SRL, registered office in San Donà di Piave (Venice), via Trezza no.25, Fiscal Code and VAT number 00321530271.

  1. Kind of processed data / Subject matter

This policy shall apply to the personal data provided by the Data Subject in the following situations:

  • visits or phone calls to our registered office;
  • all the enquiries, e-mail requests included;
  • conclusion and execution of contracts;
  • information on transaction/invoicing.
  1. Processing data’s purpose

Personal data provided by natural persons are processed by the Data Controller for the purpose of:

  • obtaining data and pre-contractual information;
  • managing and controlling risks and preventing potential fraud and delinquency;
  • performing all the process for the execution of orders and others requests;
  • preventing and managing potential disputes, start proceedings when needed;
  • managing accounting and tax obligations.

Moreover, personal data are processed by the Data Controller and the tax consultant with the aim to:

  • fulfil requirements concerning administrative, accounting, statutory and fiscal operation
  • draw up and present civil/fiscal statements and documents required by law, regulations and Community rules.

Personal data, when provided by natural persons in charge to operate in the name and on behalf of customers as legal persons, are processed  for the purpose of:

  • forwarding operational communications through different media (telephone, mobile, text message, e-mail, fax or mail)
  • making requests or processing received requests
  • sharing information finalised to the fulfilment of the contractual relationship, both in the pre-contractual and post contractual phases
  • fulfilling the operations needed to process orders and other requests.
  1. Processing rules

 All processing operations made by the Data Controller, carried out with or without the use of electronic or automated means, are in compliance with the principles of the General Data Protection Regulation explained below:

  • Lawfulness: OFFICINE ORTIGA SRL shall process personal data in compliance with the Data Subject’s rights and the limits of his/her content, and with what is set out in this policy and in signed contracts;;
  • Minimisation: Data Controller shall minimise the use of personal data, in such a way as to use data only when their processing is necessary;
  • Safeguard: Data Controller shall ensure the application of security measures in order to protect the data collected and the Data Subject’s rights;
  • Correctness: Data Controller shall facilitate the exercise of the data subject’s right to verify and update his/her data and the possibility to modify them;
  • Transparency: Data Controller shall take the appropriate measures to give the Data Subject all the information referred to the processing of his/her data facilitating the exercise of rights;
  • Limitation: Data Controller shall collect data for specified, explicit and legitimate purposes as explained above, and shall keep them no longer then necessary for the purposes for which they have been collected;
  • Exactitude: Data Controller shall take the appropriate measures to promptly update, cancel or rectify incorrect data in relation to the purposes for which they have been processed;
  • Integrity and privacy: Data Controller shall adopt the best data management practices in order to ensure the data easiest usability through the website, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Personal Data will be retained only for the period required to the purposes they have been collected and processed for and, in any event, for no more than ten years from the termination of the contract  and for no more than two years when collected for marketing purposes.

Thereafter, personal data will be destroyed.

  1. Data recipients

Personal data collected by the Data Controller will not be disclosed to third parties but, however, could be communicated to employees of the Data Controller and to some external subjects that collaborate with the Data Controller. Personal Data could be communicated if strictly necessary to subject those supply goods or services on commission from the Data Controller in order to process orders or other requests on behalf of the Data Controller. Moreover, personal data could be communicated to subjects entitled to access them in accordance with law, regulation and Community rules.

In particular, in relation to their roles and tasks, some employees can process personal data within their competence and in accordance with the instructions given by the Data Controller and in full compliance with the GDPR.

  1. Data Transfer

Data Controller does not transfer personal data to third countries or to international organisations. However, Data Controller reserves the possibility to store them in the cloud. In this case, suppliers are selected among subjects or companies able to provide adequate guarantees, as required by art. 46 of GDPR.

Personal Data collected from OFFICINE ORTIGA SRL are stored on server.

  1. Data Retention

Data Controller keeps and processes personal data for the time needed to fulfil the indicated purposes. Subsequently, personal data will be stored, and no more processed, for the period specified by the current civil and fiscal regulations.

  1. Refusal to provide data

Customers, as natural persons, can not refuse to provide the Data Controller with their personal data necessary to comply with laws and regulations that rule commercial transactions and taxation. The provision of additional personal data may be necessary to improve the quality and efficiency of the transaction.

Therefore, the refusal to provide the data required by law will prevent the fulfilment of orders; while the provision of additional data may compromise all or part of the processing of other requests and the quality and efficiency of the transaction.

Persons in charge to operate in the name and on behalf of customers as legal persons can refuse to provide their personal data.

Personal data provision is necessary to correctly manage the commercial relationship. Therefore, a refuse may compromise all or part of the commercial relationship.

The provision of data for marketing purposes is optional. When the Data Subject does not accept the processing of his/her data for marketing purposes, OFFICINE ORTIGA SRL can not send advertising material and any communication about its services.

  1. Automated decision-making processes

Data Controller does not process data on the basis of automated decision-making processes, both for data of natural persons and for data of natural persons in charge to operate in the name and on behalf of customers as legal persons.

  1. Data Subject’s Rights

Data Subject is entitled to exercise the rights provided for by the GDPR, in particular art.9, Right to lodge a complaint; art. 15, Right to access Personal Data; art. 16, Right to have Personal Data rectified; art. 17, Right to request cancellation and destruction of data; art. 18, Right to restrict the processing;  art. 20, Right to data portability; art. 21, Right to object.

Data Subject can exercise his/her rights by sending a written notice to the addresses indicated above, specifying what is claimed and enclosing a photocopy of the ID card in order to attest its legitimacy.

  1. Consent revocation

With reference to art. 6 of GDPR, the data subject shall have the right to withdraw his or her consent at any time. However, the subject matter of this policy is lawful and permitted even in the absence of explicit consent when necessary to the execution of the contract in which data subject is involved (services supplying) or to the execution of his/her requests.

  1. Right to lodge a Complaint

Data subject has the right to lodge a complaint to the supervisory authority of the Member State of his or her habitual residence.

  1. Exercising Data Subject Rights Procedure

In order to exercise one or more of the rights above mentioned, when it is not possible to do it directly through the website, data subject should send a specific communication to the e-mail address info@ortiga.it