PRIVACY POLICY


INFORMATION ON THE PROCESSING OF PERSONAL DATA

Pursuant to art. 13 Legislative Decree 30.6.2003 n. 196 (hereinafter, "Privacy Code" ) and art. 13 EU Regulation no. 2016/679 (hereinafter, "GDPR" ) and in relation to the data provided by the Customer or acquired by the Data Controller during the contractual or pre-contractual relationship, we inform the Customer that his data will be processed in the manner and for the following purposes:


1. DATA CONTROLLER

The data controller is DIMA SRL, with registered office in Noale (VE), via Alcide De Gasperi, 18, CF and VAT number 04032870273, with which you have entered into and / or can enter into a service contract (hereinafter the "Owner"). The Data Controller can be reached through the contacts indicated on the website www.dima-ve.com , as well as at the address e-mail of the Data Protection Officer info@dima-ve.com .


2. PURPOSE OF THE PROCESSING

The Data Controller processes personal data (hereinafter, "personal data" or also "data" ) communicated by the Customer:

a. without the need to obtain your express consent , for the following purposes:

  • pre-contractual due diligence activities;
  • formulation of offers and other activities aimed at establishing the contractual relationship for the provision of the services of the Owner;
  • fulfill the pre-contractual, contractual and tax obligations deriving from ongoing relationships with you;
  • fulfill the obligations established by law or by an order of the competent Authority;
  • fulfill the obligations established by the DIMA SRL Certification Bodies (audio and video footage of the courses for maintaining certifications);
  • exercise the rights of the Data Controller, for example the right to defense in court;
b. only with your specific consent , for the following promotional purposes:
  • send them by e-mail, post and / or sms and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Owner and detection of the degree of satisfaction with the quality of the services.

3. PROCESSING METHODS

Personal data are processed by the Data Controller in compliance with the principles of lawfulness, correctness and transparency.

The processing of your personal data is carried out by means of the following operations: collection, registration, organization, structuring, storage, consultation, adaptation or modification, use, dissemination, communication, extraction, comparison, interconnection, limitation, cancellation and destruction of data. Your personal data are subjected to both paper and electronic processing.

The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case no later than 15 years from the termination of the contractual relationship and no later than 2 years from the collection of data for marketing purposes.

After 10 years from the termination of the contractual relationship, access to data will be limited to function managers.

If the Data Controller has documented the need to keep the data for a period longer than 15 years (for example in the event that the cancellation could compromise his legitimate right of defense or, in general, for the protection of his company assets), the further storage may take place by limiting access to data only to the head of the legal function, to guarantee the legitimate exercise of the right of defense of the Data Controller.



4. RECIPIENTS OF THE DATA

Your data may be made accessible for the purposes referred to in art. 2.a and 2.b to the following recipients:

  • to companies associated or controlled by DIMA SRL, in Italy and abroad, to the extent that this is necessary to carry out the processing, in compliance with the binding corporate rules adopted by DIMA SRL;
  • to companies or other third parties (credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, statutory auditing companies, supervisory institutions, etc.) who carry out outsourcing activities on behalf of of the Owner;
  • to public subjects, for the fulfillment of legal obligations.
Without the need for your express consent, the Data Controller may communicate your data for the purposes referred to in art. 2.a to supervisory bodies (such as ANAC), judicial authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law for the accomplishment of said purposes.

5. DATA TRANSFER

Personal data are stored on servers located within the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the servers also outside the EU. In this case, the Data Controller ensures as of now that the transfer of non-EU data will take place in compliance with the applicable legal provisions, also through the provision of standard contractual clauses provided by the European Commission and the adoption of binding corporate rules for intra-group transfers


6. THE CONSENT

The provision of data and the related processing for the purposes referred to in art. 2.a is necessary to guarantee the services of the Data Controller requested by you and to execute the contract and any pre-contractual obligations. Any refusal will result in the inability by the Data Controller to perform the services covered by the contract.

The provision of data for the purposes referred to in art. 2.b is, however, optional . You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: any refusal to consent to the processing will have the sole consequence of the impossibility of receiving newsletters, commercial communications and advertising material relating to the services offered by the owner. However, you will continue to be entitled to the services referred to in art. 2a.

7. DATA SUBJECT'S RIGHTS

As an interested party, you have the right to:

  • obtain confirmation of the existence or not of processing of personal data concerning you, as well as obtain a copy of the aforementioned data;
  • obtain information: a) on the origin of the personal data; b) the purposes and methods of treatment; c) the logic applied in case of treatment carried out with the aid of electronic instruments; d) the identity of the owner, manager and data protection officer; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents;
  • obtain: a) updating, correction or integration of data; b) cancellation, transformation into anonymous form or blocking of data processed in violation of the law; c) the attestation that the operations referred to in letters a) and b) have been notified, also with regard to their content, of those to whom the data have been communicated or disseminated, unless this proves impossible or involves an effort disproportionate; d) obtain from the Data Controller in a structured, commonly used and intelligible format the personal data concerning him and, where technically feasible, obtain the direct transmission of the aforementioned data from one owner to another;
  • to oppose a) the processing of your personal data, even if pertinent to the purpose of the collection; b) to the processing of your personal data for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator through and -mail and / or through traditional marketing methods by telephone and / or paper mail. The right of opposition can be exercised even only partially, thus allowing the interested party to choose to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
  • Therefore, in your capacity as an interested party you have the rights referred to in art. 7 of the Privacy Code and articles 15 - 21 of EU Reg. / 679/2016, as well as the right to lodge a complaint with the competent Authority pursuant to art. 77 GDPR.

8. HOW TO EXERCISE RIGHTS AND COMMUNICATIONS

The Data Controller has appointed a Data Protection Officer, to whom you can contact for all questions relating to the processing of your personal data and the exercise of the related rights.
Therefore, you can contact the Data Protection Officer at any time in the following ways:

  • by sending a registered letter with return receipt to DIMA SRL, via Alcide De Gasperi, 18 - 30033 Noale (VE), to the attention of the Data Protection Officer, or
  • by sending an email to info@dima-ve.com .
  • Please note that you have the right to withdraw your consent at any time by writing to info@dima-ve.com . < / li>

For the full text of EU Regulation 2016/679 it is possible to consult the website of the Privacy Guarantor:
http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/6264597

Version 0 of 10/01/2020