Policy pursuant to Article 13 of EU Regulation No. 679/2016 on data protection.
In relation to your position, as of today, as client/supplier (hereinafter referred to as the data subject) of the undersigned company, pursuant to and for the purposes of EU Regulation No. 679/2016, the Data Controller is required to communicate to the data subject, upon the data being obtained, the information necessary to ensure correct and transparent processing.
In this regard, we inform you of the following:
- The Data Controller is Almaverde Bio Italia S.r.l. – Consortium Company, with registered office in Viale della Cooperazione 400 – 47522, Pievesestina in Cesena (FC).
Furthermore, Company staff employed in the administrative/commercial/marketing/personnel offices may be appointed as data processors, having been suitably trained and informed of the arrangements in EU Regulation No. 679/2016.
- The processing of data concerning your person is aimed at:
a) fulfilling the business relationship which you intend to enter into. Your data is collected in order to proceed with customer and supplier accounting; internal statistical processing; the fulfilment of tasks required by civil and tax laws, by regulations or by Community legislation, and managing the protocol, to pursue a legitimate interest of the Data Controller, within the limits and under the conditions set out in Article 6(f) of Regulation (EU) No. 679/2016;
b) profiling purposes aimed at managing commercial, promotional, advertising and/or general marketing operations.
The authorisation to process your data for the purpose described under a) is mandatory, in the absence of which it will not be possible to fulfil the business relationship.
The provision of data for the purpose indicated under b) is, on the contrary, optional. It is within your power to not authorise the processing of your personal data for the purposes stated here. In view of the above, the legal basis of the processing lies in your Consent.
The Controller shall take appropriate security measures to prevent access to or unauthorised dissemination, alteration or destruction of the processed personal data.
The processing of your personal data will take place using paper, IT and online tools, following criteria strictly linked to the aforementioned purposes and, in any event, using methods suitable for ensuring security and confidentiality in accordance with the provisions set out in Article 32 of the GDPR.
- The data processing methods are carried out using IT and manual means, and in observance of all precautionary measures guaranteeing security and confidentiality.
- The data is subjected to disclosure in aggregate, anonymous form and for statistical purposes.
- The personal data will be retained (retention period) with the undersigned company throughout the course of the business relationship, until its potential termination and, in any event, no later than 10 years following the termination of this relationship. The data that is collected for profiling and marketing purposes will be retained for 5 years from the date of its collection. After this retention period, the data will be destroyed or made anonymous.
- The data in question may be disclosed to the groups and individuals listed below: sales network, law firms, debt collection companies, individuals in charge of auditing our company’s financial statements, Public Authorities, Administrations or Entities for the purposes of fulfilling legal obligations, credit and financial Institutions, third parties responsible for providing IT, archiving or prize competition management services; or to the Joint Data Controllers: all the companies of the Apofruit Group that are signatories of the Co-ownership Agreement. It may then be stored in databases (either internal or managed through outsourcing) relating to the mandatory obligations for the purposes of food safety and traceability (EU Regulation No. 178/2002).
As the data subject, EU Regulation No. 679/2016 grants you the following rights:
- right of access – Article 15, GDPR: right to obtain confirmation of whether or not your personal data is being processed and, in this case, to obtain access to your personal data, including a copy of thereof;
- right to rectification – Article 16, GDPR: right to have, without undue delay, inaccurate personal data concerning you rectified, and/or to have incomplete personal data completed;
- right to erasure (right to be forgotten) – Article 17, GDPR: right to have, without undue delay, personal data erased, in accordance with the terms set out in EU Regulation No. 679/2016;
- right to restrict processing – Article 18, GDPR: right to restrict the processing, when the Data Subject disputes the accuracy of personal data; when the processing is unlawful and the Data Subject opposes the erasure of personal data and instead requests that its use is restricted;
- when the personal data is necessary for the Data Subject to ascertain, exercise or defend a right in judicial proceedings, even if the Data Controller no longer requires the data for processing purposes;
- when the Data Subject has opposed the processing, as indicated below, pending the verification of the possible prevalence of legitimate reasons on the part of the Data Controller over those of the Data Subject.
- right to data portability – Article 20, GDPR: right to receive from the Data Controller, in a format that is structured, commonly used and machine-readable, your personal data, and the right to transfer it to another Data Controller without hindrance, if the processing is based on consent and carried out with automated tools. Furthermore, the right to ensure that your personal data is transferred directly from the Data Controller to another Data Controller, where this is technically feasible;
- right to object – Article 21, GDPR: right to object, at any time, to the processing of your personal data based on the condition of the legality of the legitimate interest, including profiling, unless there are legitimate reasons for the Data Controller to continue the processing which take precedence over the interests, rights and freedoms of the Data Subject, or for the purpose of ascertaining, exercising or defending a right in judicial proceedings; to withdraw previously given consent; to lodge a complaint with the Data Protection Authority, Piazza di Montecitorio No. 121, 00186, Rome (RM).
You may exercise the aforementioned rights by sending a request addressed to the undersigned Company, in its capacity as the Data Controller, also through a Representative, or by sending a specific notice to the following address firstname.lastname@example.org .
For the attention of
Almaverde Bio Italia S.r.l. – Consortium Company
◻ I consent to processing
in order to establish a business relationship
◻ I consent to processing
for profiling purposes aimed at managing commercial, promotional, advertising and/or general marketing operations.