Dear Data subject/User/Supplier,
In order to comply with current regulations on protection of personal data introduced by Regulation (EU) 2016/679 (“GDPR”), Advantex S.r.l. (“ADVANTEX”) provides you with some information about the processing of your personal data in your capacity as data subject (the “Data Subject“).
The Controller is ADVANTEX, represented by the legal representative, with registered office in Corbetta (20011), Italy, via XXV Aprile 5 and operating headquarters in Magenta (21013), Italy, via Rosolino Pilo 51.
The data processor can be contacted by ordinary mail at the registered office of ADVANTEX or by email at the following address: firstname.lastname@example.org.
Processing of personal data
Processing of personal data means any operation or set of operations, whether or not by automated means and performed on personal data, such as, for example, collection, recording, storage, retrieval, consultation, restriction, erasure or destruction.
ADVANTEX acquires or already holds some data concerning the data subject, such as, by way of example but not limited to, biographical data, banking and financial data.
Use of personal data and purpose of the processing
ADVANTEX collects personal data relating to the Data Subject (the “Data”) at the Data Subject or at other parties belonging to the ADVANTEX commercial organization, and other parties which carry out activities supporting the ADVANTEX business.
ADVANTEX performs the processing of the Data lawfully for the following purposes:
– in general, the management of typical business activities, consisting of wholesale trade in electronic (hardware and software) and IT equipment, as well as for the production of television, film and multimedia programmes;
– organizing the offer of products and services to the Data Subject;
– payment of services;
– fulfilment of obligations under the contract.
In order to fulfil legal obligations, the processing of Data is carried out by ADVANTEX for the following purposes:
– managing disputes in and out-of-court;
– compliance with the legal obligations imposed by Italian and EC regulations, in particular with regard to money laundering, taxation and accounting.
With regard to the abovementioned processing, the provision of Data is mandatory, and the consent of the Data Subject is not required. Any refusal to supply them in full or in part may make it impossible for ADVANTEX to perform the contract or to carry out all the obligations correctly.
Special categories of Data
ADVANTEX does not need to process data belonging to special categories (“Sensitive Data”), such as those which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life or sexual orientation.
Method of processing
The data are processed by duly appointed staff in premises whose access is under constant control. The persons appointed to do the processing may become acquainted with the Data of the Data Subject exclusively for the purposes mentioned above
Processing of all personal data will be carried out both on paper and with the use of computers and electronic networks in compliance with the provisions of the law for the purposes listed above. ADVANTEX is equipped with appropriate technical, IT, organisational, logistical and procedural security measures in order to guarantee appropriate standards of Data protection.
The Data are used with methods and procedures required to supply the services, products and information requested by the Data Subject, also via the use of fax, telephone (including mobile phone), email or other remote communication methods, as well as via forms and questionnaires.
Recipients and transfer of Data
Some Data may be communicated, for the abovementioned purposes, to suppliers of professional services and to companies appointed as processors which, on behalf of ADVANTEX, perform accounting and tax management activities, as well as to third-party companies for the fulfilment of contractual obligations, to banking institutions for the management of payments resulting from the implementation of the contract, to businesses for credit protection and to organizations whose right to access the data is recognized by the provisions of the law.
Rights of the Data Subject
Pursuant to the GDPR and Italian regulations on the protection of Data, the Data Subject has the right:
- to ask the Controller access to the Data concerning him/her and to provide him/her with information about the processing carried out on the same;
- to rectification of the Data or their erasure in the cases referred to in the GDPR and depending on the other retention obligations of the Controller;
- to withdraw any consent which may have been given;
- to restriction of the processing in the cases referred to in the GDPR;
- to Data portability, that is the right to receive the Data concerning him/her in a structured, commonly used and machine-readable format, and the right to transmit the Data to another controller without hindrance from the controller to which they have been provided, if the processing is based on consent, a contract or is performed by automated means;
- not to be subject to a decision based solely on automated processing which produces legal effects concerning him/her or similarly significantly affects him/her.
Any rectification or erasure or restriction of processing carried out at the request of the data subject – unless this proves impossible or involves a disproportionate effort – will be communicated by the Controller to each of the recipients to whom the Data have been transmitted. The Controller may inform the Data Subject of such recipients should the data subject request it. The Data Subject can make such requests by sending a communication to ADVANTEX for the attention of the Controller, including by email to the following address: email@example.com.
ADVANTEX will provide a response to the Data Subject’s requests if they comply with applicable legislation and are within the time limits provided for by law. In order to guarantee the protection of the Data, it may be necessary to verify the Data Subject’s identity.
The Data Subject also has the right to lodge a complaint to the Italian Data Protection Authority (“Garante”) if he/she considers that his/her rights have not been observed, following the procedures and instructions published on the official website of the Authority at www.garanteprivacy.it.
Data Subject’s right to object
In addition to the rights described above and according to the same procedures for exercising them, the Data Subject has the right to object, at any time, to the processing of Data concerning him/her if the processing is carried out for the purpose of pursuing the legitimate interests of the Controller, by presenting an objection to the Controller. The Controller shall no longer process the Data unless it can demonstrate legitimate grounds for the processing which override the rights of the data subject or for the establishment, exercise or defence of legal claims.
Storage of data
- the period required to manage the contractual relationship;
- regulatory requirements with which ADVANTEX must comply;
- any proceedings in which the involvement of ADVANTEX is required (for example, in the event of litigation or investigation by the authority).