The company Falegnameria Adriatica s.r.l. with headquarters in Stella di Monsampolo del Tronto (AP), Contrada San Mauro n. 5, Tax Code. and VAT number 00979710449 (hereinafter, “Data Controller”), as data controller, informs you pursuant to art. 13 EU Regulation no. 679/2016 (hereinafter, “GDPR”) and Legislative Decree 06/30/2003 n. 196, as amended by Legislative Decree 10/08/2018 and subsequent amendments. (hereinafter, “Privacy Code”) that your data will be processed in the following ways and for the following purposes:

1. Object of the Processing

The Data Controller processes personal, identifying data (for example, name, surname, company name, address, telephone, e-mail, bank and payment details) – (hereinafter, “personal data” or also “data“) communicated by you on the occasion of the conclusion of contracts for the purchase of goods and services produced by the Owner.

2. Purpose of the processing

Your personal data is processed:

without your express consent (art. 6 letter b), c) and f) GDPR and as established in the Privacy Code), given that this is “common” type data, and for the following Service Purposes:

a) conclude contracts for the goods and services provided by the Owner

b) fulfill pre-contractual, contractual and tax obligations deriving from existing relationships with you

c) fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as for example in the field of anti-money laundering);

d) exercise the rights of the Owner, for example the right of defense in court.

3. Treatment methods

The processing of personal data is carried out by means of the operations indicated in the art. 4 no. 2) GDPR and in the Privacy Code and precisely: collection, recording, organisation, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data is subjected to both paper and electronic and/or automated processing. All data processing carried out by the Data Controller takes place in compliance with the methods set out in the articles. 6 and 32 of the GDPR and through the adoption of the appropriate security measures envisaged.

4. Data retention period

The data processed by the Data Controller, without prejudice to legal obligations (for example the retention period of tax and accounting documents, set at 10 years), are kept until an express request for cancellation by the interested party and in any case periodically verified, including with automatic procedures, in order to guarantee its updating and effective compliance with the purposes of the processing. If the purpose for which they were acquired no longer exists (see art. 2), the data are deleted, unless otherwise expressly requested by the interested party.

5. Data access

Personal data may be made accessible for the purposes referred to in the art. 2:

6. Data communication

Without the need for express consent (art. 6 letter b), c) and f) GDPR and as established in the Privacy Code), the Data Controller may communicate his personal data to supervisory bodies, judicial authorities, credit institutions, to insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law for the fulfillment of the aforementioned purposes. These subjects will process the data in their capacity as independent data controllers.

The personal data provided will not be disclosed.

7. Data transfer outside the EU

Personal data is stored on servers located at the Data Controller’s operational headquarters, as indicated above, or on cloud servers, in any case within the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

8. Nature of the provision of data

The provision of data for the purposes referred to in art. 2 is mandatory. In their absence, if we are our customer, we will not be able to guarantee the supply of goods and services covered by the existing contract with you, nor fulfill our legal obligations.

9. Rights of the interested party

In your capacity as an interested party, you have the rights referred to in the art. 15 GDPR and precisely the rights of:

1. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in an intelligible form;

2. obtain indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, managers and representative designated pursuant to art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representatives in the territory of the State, managers or agents;

3. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this requirement is proves impossible or involves a manifestly disproportionate use of means compared to the protected right;

4object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and/or by traditional marketing methods by telephone and/or paper mail. Please note that the interested party’s right of opposition, set out in the previous point b), for direct marketing purposes using automated methods, extends to traditional ones and that in any case the possibility for the interested party to exercise the right of opposition also remains only partially. Therefore, the interested party can decide to receive only communications via traditional methods or only automated communications or neither of the two types of communication.

5. Where applicable, you also have the rights referred to in the articles. 16-21 GDPR (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right of opposition), as well as the right to complain to the Guarantor Authority for the protection of personal data, based in Rome, Piazza di Monte Citorio n. 121, www.garanteprivacy.it, email: garante@gpdp.it.

10. Methods of exercising rights

You can exercise your rights at any time by sending:

11. Owner, manager and appointees

The Data Controller is the company Falegnameria Adriatica s.r.l., with headquarters as indicated in the header of this letter. The updated list of data controllers and persons in charge of processing is kept at the operational headquarters of the Data Controller