Information on the processing of personal data
Manifattura Falomo Srl, with registered office in Via Feletti no. 21, Morsano al Tagliamento (PN), email firstname.lastname@example.org, in its capacity as Data Controller (hereinafter “Data Controller”), issues this information notice to the Data Subject in accordance with the European and Italian regulations on the protection of personal data.
Legal basis and purpose of the processing
The Data Controller processes the personal data for the following purposes:
- to response to requests made through this form: in this case, consent is not required because the processing is necessary to manage these requests;
- to use the data subject’s email address to send the questionnaire to be completed at the end of the request (e.g. to know if the data subject went to the recommended retailer, if the retailer was professional, if a Manifattura Falomo product was purchased, etc.), and commercial communications containing information on products or services, as well as promotions or invitations to events in which the Data Controller will participate. For this purpose, express consent is required;
- to send to the identified retailer the data communicated through the form, so that they can directly contact the Data Subject: for this purpose, express consent is required, separate from that referred to in the previous point.
Data retention period
The Data Controller intends to process the data for the time necessary to pursue the aforementioned purposes. With specific regard to the sending of commercial communications described in point 2), it should be noted that the personal data will be kept for 24 months from the granting of the consent, unless withdrawn beforehand.
Nature of data provision and consequences of refusal to provide data
The provision of data for the purposes referred to in point 1) is necessary and therefore any refusal to provide said data in whole or in part may make it impossible for the Data Controller to pursue the aforementioned purposes. The provision of data for further purposes is optional: failing this, the Data Controller will not be able to carry out the corresponding activities, but will still be entitled to pursue the purposes referred to in point 1).
Categories of recipients
The Data Controller will not disseminate the data, but may communicate them to people within the Company who have been authorised to process them on account of their duties, as well as to professionals or service companies and Public and Private Bodies, also following inspections and audits.
Should these recipients process data on behalf of the Data Controller, they will be appointed as Data Processors with an appropriate contract or legal document.
Transfer of data to a third country and/or international organisation
As a rule, personal data will not be transferred to any third countries outside the European Union or to international organisations. To pursue the purpose referred to in point 2), the Data Controller uses a platform located in Australia. However, it should be noted that the supplier has been bound by contractual clauses, which the European Commission has deemed to guarantee adequate protection measures.
Rights of Data Subjects
Data Subjects shall have the right to request the Data Controller to access their personal data and to rectify any inaccuracies, to erase them or limit their processing if the conditions are met, to object to their processing for legitimate interests pursued by the Data Controller, as well as obtain the portability of personal data only if they have been processed by automated means based on consent or on a contract. The Data Subject also has the right to withdraw the consent given for the required processing purposes, without this affecting the lawfulness of the processing carried out until the moment of withdrawal.
Data Subjects can exercise their rights by completing the form available here and sending it to the Data Controller at the email address: email@example.com. The Data Subject also has the right to lodge a complaint with the competent Supervisory Authority, i.e. the Italian Data Protection Authority (www.garanteprivacy.it).