Privacy policy
INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA
(ART. 13 REG. EU 2016/679)
Pursuant to EU Regulation No. 2016/679 (hereinafter GDPR) and the relevant national legislation, this information notice is provided to inform you about our policy on the processing of your personal data in the context of your relationship with our Company. To ensure the best consultation of the important information contained in the document, you will find a general section below, followed by specific sections dedicated to individual relationships with the data subjects.
General section
DATA CONTROLLER
The data controller for each processing is STALAM S.p.A., located at Via dell’Olmo n. 7, Nove (VI) – Tax Code and VAT No. 02083930244.
RIGHTS OF THE DATA SUBJECT
As a data subject, you have the right to obtain from the Data Controller, by sending a request via email to the legal mail address stalamspa@pec.it or by registered mail with return receipt to the postal address:
- (art. 15) Access to your personal data, information relating to them, and any copy of the personal data undergoing processing;
- (art. 16) Rectification of inaccurate data or completion of incomplete data;
- (art. 17) Erasure of personal data concerning you;
- (art. 18) Restriction of the processing of your personal data;
- (art. 20) Your personal data in a structured, commonly used, and machine-readable format, also for the purpose of transmitting such data to another data controller.
You also have the right:
- (art. 21) To object at any time to the processing for reasons related to your particular situation;
- (art 7, para 3) To withdraw your consent at any time, if the processing is based on it; this right can also be exercised with the specific tools indicated in the individual sections.
Finally, you may lodge a complaint with the Data Protection Authority – www.garanteprivacy.it – if you believe that the processing violates EU Regulation 2016/679, without prejudice to any other administrative or judicial remedy.
MODES OF PERSONAL DATA PROCESSING
The processing can be carried out using both paper and electronic and/or telematic tools, with organizational methods and logics strictly related to the purposes indicated, in full compliance with the principles of protection provided by the GDPR.
- Sales services
CATEGORY OF DATA AND PURPOSE OF PROCESSING
The processing concerns your common personal data – personal and contact details – and is aimed at:
- Fulfilling the obligations arising from the purchase contract, which may, in particular, include after-sales assistance.
- Managing legal, tax, and fiscal aspects of the purchase contract.
- Managing the archiving and preservation of data, information, communications, including electronic ones, and documents related to the purchase contract.
LEGAL BASIS OF PROCESSING
The legal basis for the processing, as indicated in points a), b), c), is regulated by art. 6 para 1 lett. B, C GDPR:
- Fulfillment of the contract;
- Fulfillment of a legal obligation to which the data controller is subject.
COMMUNICATION OF DATA
Your personal data may be communicated to:
- Tax consultants, accountants, or other professionals who provide services to the Company for the purposes mentioned above;
- Banks, insurance companies, carriers, or other service companies that provide services for the purposes mentioned above; Moreover, the following subjects may become aware of your data stored in our systems:
- Providers of electronic communication services and IT and telematic services for archiving, processing, and managing data;
- Providers of IT system maintenance services.
DATA RETENTION PERIOD
The data are retained for the duration of the commercial relationship and subsequently for the time in which the Data Controller is subject to retention obligations for fiscal or other purposes, as provided by law or regulation, and in any case for the time necessary for legal protection.
DATA PROVISION AND REFUSAL
The provision of common personal data for purposes a)-b)-c) is a legal obligation and a necessary requirement for the conclusion and execution of the contract. In the absence of such data, it will not be possible to manage the commercial relationship with the Company.
- Relationships with suppliers of goods and services
CATEGORY OF DATA AND PURPOSE OF PROCESSING
The processing concerns your common personal data – personal and contact details – and is aimed at:
- Fulfilling the obligations arising from the supply contract;
- Managing legal, tax, and fiscal aspects of the supply contract;
- Managing the archiving and preservation of data, information, communications, including electronic ones, and documents related to the supply contract.
LEGAL BASIS OF PROCESSING
The legal basis for the processing, as indicated in points a), b), c), is regulated by art. 6 para 1 lett. B, C:
- Fulfillment of the contract;
- Fulfillment of a legal obligation to which the data controller is subject.
COMMUNICATION OF DATA
Your personal data may be communicated to:
- Tax consultants, accountants, or other professionals who provide services to the Company for the purposes mentioned above;
- Banks, insurance companies, carriers, or other service companies that provide services for the purposes mentioned above; Moreover, the following subjects may become aware of your data stored in our systems:
- Providers of electronic communication services and IT and telematic services for archiving, processing, and managing data;
- Providers of IT system maintenance services.
DATA PROVISION AND REFUSAL
The provision of common personal data for purposes a)-b)-c) is a legal obligation and a necessary requirement for the conclusion and execution of the contract. In the absence of such data, it will not be possible to manage the supply contract with the Company.
DATA RETENTION PERIOD
The data are retained for the duration of the supply contract and subsequently for the time in which the Data Controller is subject to retention obligations for fiscal or other purposes, as provided by law or regulation, and in any case for the time necessary for legal protection.
3. Whistleblowing
CATEGORY OF DATA AND PURPOSE OF PROCESSING
The processing concerns your common personal data – personal and contact details – and is aimed at:
- Fulfilling legal obligations related to the management of whistleblowing reports;
- Managing the archiving and preservation of data, information, communications, including electronic ones, and documents related to the report. The processing may also concern your special categories of data, if provided by you in the context of the report.
LEGAL BASIS OF PROCESSING
The legal basis for the processing, as indicated in points a) and b), is regulated by art. 6 para 1 lett. c of the GDPR: “the processing is necessary for compliance with a legal obligation to which the data controller is subject.” The processing of any special categories of data provided by you is authorized pursuant to art. 9 para 2 lett. g): “necessary for reasons of substantial public interest on the basis of Union or Member State law.”
DATA PROVISION AND REFUSAL
The provision of common personal data for purposes a)-b) is a necessary requirement for the management of the report. In the absence of such data, it will not be possible to manage the report.
COMMUNICATION OF DATA
Your personal data will be communicated to the Report Manager, External Data Processor, who is bound to confidentiality by the specific assignment received for his/her role as Internal Report Manager.
DATA RETENTION PERIOD
To ensure the management and traceability of reports and related activities, data and related documentation will be retained for a maximum period of 5 years from the receipt of the report.