In compliance with the obligations laid down in EU Regulation 2016/679 on the protection of personal data (GDPR), we hereby inform you that the company Messaggerie del Garda S.p.a. with registered office at via Montebianco 17 20060 Truccazzano (MI) (hereinafter the “Company”) will process your personal data that you or other persons have supplied or will supply to us. The processing of personal data will be undertaken in compliance with the laws in force and the conditions set out below.
1. Purpose of the data processing
The processing of personal data will be to achieve only the following purposes:
- for the requirements preliminary to the execution and performance of sales contracts and for the protection of the receivable positions arising from those contracts;
- to comply with any obligation provided for by current legislation or regulations in force, especially as concerns tax law;
- for operational, management and accounting requirements;
- to log Company website accesses and the use of the services provided by such a website;
- for the requirements relevant to the monitoring of customer relations performance and/or related risks and to improve those relations;
- for strategic and operational sales and marketing purposes.
2. Data processing procedures
Processing the information may comprise, apart from their collection, their recording, preservation, amendment, communication, deletion, distribution, etc., which shall be undertaken both on paper and using electronic computer and telecommunications equipment, according to appropriate procedures and with suitable tools that will ensure security and confidentiality of the data, in compliance with the provisions of the GDPR. In particular, we have adopted the technical, IT, organisational, logistical and procedural security measures required by the type of data processed so as to guarantee an adequate level of protection. In addition, the methods applied will guarantee that access to the data shall be permitted only to those persons assigned to the processing by our Company.
3. Data provision:
Provision of the information is:
- Obligatory to achieve the purposes connected to the obligations provided for by law or other binding regulations;
- Necessary for the proper initiation and pursuit of the relationship begun with you. Any refusal to supply the data referred to above, even though legitimate, could compromise the regular performance of the relationship with our Company. In particular, it could make it impossible for us to fill your orders and carry out the services requested as well as invoicing those items.
- Optional for sending marketing material.
4. Communication and distribution of the data
Communication of the personal data collected for the purposes referred to in Point 1 outside may only occur when:
- communication is obligatory to ensure compliance with the law or other binding regulations;
- communication is obligatory to ensure the proper initiation and pursuit of the business relationship begun with you.
The personal data collected, to achieve the aims indicated above, may be communicated, as concerns their specific competence, to public and private subjects and/or natural and/or legal persons having aims concerning the commercial and/or management of IT and/or payment systems, including external subjects who perform specific assignments on behalf of our Company.
In particular, the data may be communicated to the following categories of subjects: sales networks, banks and companies specialised in payment management, law offices and advisory agencies, subjects assigned to the audit of our company’s financial statements, public authorities or administrations to fulfil legal requirements, Italian and foreign vendors, finance and shipping companies, third parties assigned to the quality control of logistical-commercial flows, and other companies in our Group.
The data may be disclosed, but only in aggregate and anonymous form for statistical purposes and only with the prior expression of specific consent.
5. Information to candidates
Although our website has no content in any section not viewable by minors, we would like to point out that in filling out the forms on the various pages, no personal data must be entered by minors without the prior consent of parents or guardians. We encourage all parents and guardians to educate children about the use of their personal information on the Internet in a safe and responsible manner. We undertake not to store or knowingly use any personal data that minors may enter in the forms for any purpose, including disclosure to third parties.
7. Transfer of the data abroad
Within the limits strictly necessary for the execution of the contractual relationship with you, your personal data may be disclosed to third parties (such as suppliers) located abroad, within or outside the European Union that ensure adequate security standards in the protection of data recognised by the EU and declared in data transfer contracts entered into with the standard clauses designed by the EU.
8. Storage of data
The data will be stored in a complete manner throughout the period of performance of the contract. Subsequently they will be kept for a period of ten years in order to comply with legal obligations including the obligations under art. 2214 of the Italian Civil Code. Any further storage of data or part of the data may be arranged to assert or defend one’s own rights in any possible venue and in particular before judicial courts.
The data processed for sending material relating to marketing activities will be retained for the period of execution of the contract.
9. Rights of the data subject (articles 15 to 22 of EU Regulation no. 2016/679)
- Access (art. 15 of EU Regulation no. 2016/679);
- Rectification (article 16 of EU Regulation no. 2016/679);
- Erasure (art. 17 EU Regulation no. 2016/679);
- Limitation (art. 18 of EU Regulation no. 2016/679);
- Portability, understood as the right to obtain from the data controller the data in a structured format which is commonly used and readable by an automatic device to transmit them to another data controller without hindrance (art. 20 of EU Regulation no. 2016/679);
- Opposition to the treatment (art. 21 of EU Regulation no. 2016/679);
- Withdrawal of consent to processing, without prejudice to the lawfulness of processing based on consent acquired before the withdrawal (article 7(3) of the EU Regulation no. 2016/679);
- Lodge a complaint to the Data Protection Authority (art. 51 EU Regulation no. 2016/679). More explicitly :
1. The data subject is entitled to obtainconfirmation as to whether or not data relating to him or her are held, even if they have not yet been recorded, and the transfer of the same in an intelligible form.
2. The data subject is entitled to obtainthe following information:
a. the source of the personal data; b. the purposes and methods of processing; c. the logic applied in the event of processing with the help of electronic instruments; d. the identification data concerning the data controller, data processors and the representative designated as per article 5, paragraph 2; e. the entities or categories of entities to whom the personal data may be communicated and who may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3. The data subject is entitled to obtain:
a. updating, rectification or, where interested therein, integration of the data; b. erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose storage is unnecessary for the purposes for which they have been collected or subsequently processed; c. certification to the effect that the operations as per letters a) and b) have been notified, also as regards their content, to the entities to whom the data were communicated or disseminated, unless this requirement proves impossible or involves the use of means or instruments that are disproportionate compared to the safeguarded right; d. data portability.
4.The data subject is entitled to oppose, in whole or in part:
a. for legitimate reasons, to the processing of personal data, even if pertinent to the purpose of collection; b. to the processing of personal data for purposes of sending advertising materials or direct selling or for carrying out market research or commercial communication.
5.The data subject has the right to be informed within 72 hoursin case of theft of his or her personal data or accidental loss of them.
The above-mentioned rights may be exercised either directly or through a representative, by writing to MESSAGGERIE DEL GARDA S.p.A Via Carpenedolo, 90 46043 Castiglione d/s (MN), calling the telephone number +39 0376 94201 or sending an email to firstname.lastname@example.org . MESSAGGERIE DEL GARDA S.p.A. guarantees the effective exercise of these rights, meaning that in the event of inertia by the Company, the person concerned has the right to report to the Data Protection Authority (www.garanteprivacy.it) the personal data processing considered as non-compliant.
10. Data Controller – Officer – List of Officers and appointed managers
We confirm that the Data Controller responsible for data processing is the undersigned Company, in the person of the pro tempore legal representative Mario Beschi, with headquarters in Via Montebianco 17 20060 Truccazzano (MI).
The Data Controller is not obliged to appoint the DPO but has designated an officer in charge of the processing of the data that concern you, for this purpose domiciled at the Company’s headquarters. The officer in charge is Rebecca Beschi and can be contacted by e-mail: email@example.com. A LIST OF DATA PROTECTION OFFICERS AND APPOINTED PERSONS IN CHARGE OF THE PROCESSING OF PERSONAL DATA IS AVAILABLE FOR THE PARTIES CONCERNED AT THE HEADQUARTERS OF THE COMPANY.
11. Consent to the processing of personal data
We would like to underline that your consent to the processing of your personal data as set out above is optional. If you refuse consent, our Company will not be able to process your personal details, but will only be able to use them to comply with the law or other regulations in force, and with the consequences set out in Point 3 above.
As you may know, the DPGR provides that processing your personal data be undertaken with the consent of the person involved, except in those cases specifically indicated by the the law. Therefore, please fill out the electronic forms requesting your consent as verification that you have received the information in this Privacy Code brief and that you expressly consent to the processing of your personal data.