Dear Customer/Supplier, in order to establish and execute the contractual relationships, COIMINOX SRL may need to process your personal data, acquired even verbally, either directly or through third parties. Therefore, in accordance with the provisions of Articles 13 and 14 of the EU Regulation n. 679/2016 and the Italian Privacy legislation we provide you the following information:
Your personal data are processed:
A) without your express consent Art. 6 lett. b), e) GDPR), for the following purposes:
- execution of assigned tasks;
- fulfillment of pre-contractual, contractual and fiscal obligations arising from existing relationship;
- compliance with obligations under law;
- exercise of the Data Controller s rights , e.g. the right of defence in court;
B) only with your specific and separate consent (Art. 7 GDPR), for the following purposes: - Marketing: use of the personal data you provided for COIMINOX SRL’s own promotional purposes (e.g. market research, promotional , advertising
or informational initiatives, direct offers of products or services of the company, invitations to events through e.g. e-mail, newsletter, mail, sms,
telephone contacts, etc).
Please note that if you are already our customer, we may send you commercial communications regarding services and products similar to those you
have already used, unless you disagree.
The processing of your personal data is carried out by means of the operations indicated in Art. 4 no. 2) both in paper and electronic and/or automated form. The Data Controller processes personal data for the time necessary to fulfill the above purposes in compliance with Privacy and current regulations. Invoices, accounting documents and data related to services performed are kept for 10 years in accordance with the law (including fiscal obligations).
Your data may be made accessible for the purposes referred to Art. 2.A) e 2.B):
- to employees and collaborators of the Data Controller authorized to process data, in order to perform the activities subject to contract.
- to external data processors, who provide outsourced services on behalf of the Data Controller (e.g. professional firms, consultants, communication
agencies, etc).
Without the need of your express consent, the Data Controller, may disclose your data for purposes outlined in Article 2.A) to institutions, administrative/judicial authorities, in compliance with contractual and legal obligations. These entities will process the data as independent data controllers. Your data will not be disseminated in any way.
Personal data are stored on servers located within the European Union. However, it is understood that the Data Controller, should it become necessary, will be entitled to transfer the servers outside the EU as well. In this case the Data Controller hereby ensures that the transfer of data outside the EU will be carried out in accordance with the applicable legal provisions and that an adequate level of protection of personal data will be guaranteed based on an adequacy decision, on standard clauses defined by the European Commission or Binding Corporate Rules.
The provision of data for the purpose of Art. 2.A) is mandatory. In the absence of such data we will not be able to provide the services mentioned in Article 2.A). On the other hand, the provision of data for the purposes of Article 2.B) is optional. You may therefore decide not to provide any data or to subsequently deny further processing of data already provided: in this case, you will not be able to receive, for example, newsletters, commercial communications, and advertising material related to the Services offered by the Data Controller. However you will still continue to be entitled to the Services mentioned in 2.A).
As a data subject, you have the rights set forth in Article 15 GDPR, namely the rights to:
i. Obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in an
intelligible form;
ii. Obtain the indication of a) the origin of personal data b) the purposes and methods of processing c) the logic applied in case of processing carried
out with the aid of electronic tools d) the identification details of the Data Controller, processors and the designated representative pursuant to Art.
3, paragraph 1, GDPR e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them
as appointed representative(s) in the State territory, processors, or person in charge of processing;
iii.
Obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or
blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or
subsequently processed; c) certification that the operations as per letters a) and b) have been notified, including their content, to those to whom the
data were communicated or disseminated , unless this requirement proves impossible or involves a manifestly disproportionate effort compared with
the right being protected;
iv. Object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the
collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out
market research or commercial communication, using automated calling systems without the intervention of an operator by e-mail and/or through
traditional marketing methods such as telephone call and/or mail. Please note that the data subject’s right, as outlined at point b), for direct marketing
purposes through automated methods, also applies to traditional ones and that, in any case, the possibility for the data subject to retain the right to
object even only partially. Therefore the data subject may choose to receive communications only by traditional methods or only automated
communications or not to receive any communications at all. Where applicable, you also have the right set out in Articles -21 GDPR (right to
rectification, right to be cancelled, right to restriction of processing, right to data portability, right to object) as well as the right to complain to the
Data Protection Authority.
You may at any time exercise your rights by sending:
- a registered letter with return receipt to: COIMINOX SRL P.Iva: 00986510709, as Data Controller, with headquarters at Via Giorgio Perlasca, no.
33/35 CAP 86025 Ripalimosani, Italy
- An e-mail to the certified address (valid only for Italy) PEC: coiminox@pec.it
- An e-mail to the address (for foreigner data subjects) e-mail: info@coiminox.com by specifying in the subject line “Privacy Policy:
rectification/cancellation”
This Policy may be subject to changes, Should substantial changes be made to the use of the data communicated by the Data Controller, the latter will notify the data subject by the pubblication of a notice as prominently as possible on its relevant pages or through alternative similar means.
