Privacy Policy
Information on the processing of personal data provided pursuant to and for the purposes of the articles. 12, 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
Dear Customer,
please carefully read the following information, provided in accordance with the provisions of EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data, as well as on the free circulation of such data and which repeals Directive 95/46/EC (GDPR).
Definitions
“Personal data”: Any information concerning an identified or identifiable natural person (Article 4, paragraph 1, point 1 of EU Regulation 2016/679);
“Data Controller”: natural or legal person, public authority, service or other body that, individually or along with others, determines the purposes and means of processing personal data (Article 4, paragraph 1, point 7 of EU Regulation 2016/679); “Data Processor”: natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller (Article 4, paragraph 1, point 8 of EU Regulation 2016/679);
“Recipient”: natural or legal person, public authority, service or other body that receives notification of personal data (Article 4, paragraph 1, point 9 of EU Regulation 2016/679).
Principles applicable to the processing of personal data
Pursuant to and for the purposes of Article 5 of the aforementioned Regulation, the personal data provided by the Data Subject is:
(a) processed in a lawful, fair and transparent manner;
b) collected for specific, explicit and legitimate purposes;
(c) adequate, relevant and limited to that which is strictly necessary with regard to the purposes for which it is processed;
(d) accurate and, if necessary, updated;
e) kept in such a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
f) processed in such a way as to ensure adequate security.
Data of the Data Controller
The data controller is QUALITYBED S.R.L., with registered office in Capurso (BA), Via ex S.S.
100, KM 11,200 SN Z.I. – postcode 70010, e-mail address: amministrazione@qualitybed.it,
(PEC) certified e-mail: qualitybed@pec.it
Type of personal data processed
The personal data provided by the data subject is the following:
Identification (name and surname, place and date of birth, municipality and place of residence, tax code, shipping address);
- Contact details (telephone number, e-mail address, pec certified e-mail address)
- Banking details (payment terms: cheque and/or bank transfer).
- Purpose of processing – Legal basis
1) Management of activities related to the conclusion and execution of the contract.
Legal basis: the processing is necessary for the execution of a contract of which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the interested party (Article 6, paragraph 1, letter b), GDPR);
2) Fulfilment of administrative, accounting and tax obligations. Legal basis: the processing is necessary to fulfil a legal obligation of which the data controller is subject (Article 6, paragraph 1, letter c), GDPR).
3) Management of activities relating to the assessment and/or exercise and/or defence of a right of the data controller. Legal basis: the processing is necessary for the pursuit of the legitimate interest of the data controller or third parties which is substantiated by the protection of an infringed right. (Article 6, paragraph 1, letter f), GDPR)
Data processors appointed and instructed pursuant to and for the purposes of Article 28 of EU Regulation 2016/679
The personal data provided by the data subject may be processed, on behalf of the Data Controller, for exclusive technical, functional and organisational reasons, strictly related to the purposes set out above, by the following persons designated as data processors pursuant to and for the effects
of Article 28 of EU Regulation 2016/679:
- Accountant appointed by the data controller for the management of activities
relating to external bookkeeping;
- Providers of installation, assistance and maintenance services for IT and
electronic systems;
-
Hosting provider in charge of providing the hosting services.
The Data Subject may ask the Data Controller for the constantly updated list of data processors.
Recipients and/or categories of recipients of personal data
The personal data provided by the data subject may be disclosed to the following natural or legal persons and public authorities who may be qualified, on a case-by-case basis, also as independent data controllers:
- Credit institutions authorised for commercial transactions;
- Transport companies appointed for the shipment and delivery of the products purchased
by the data subject;
Public bodies and/or Authorities and/or Judicial Authorities for inspection and/or
checking and/or supervision activities or for the fulfilment of legal obligations.
Data storage period
The personal data provided by the Data Subject for the conclusion and execution of the contract is kept by the Data Controller in a form that allows the identification of the Data Subject for a period of time not exceeding the achievement of the purposes for which it is processed; always and in any case for a period of time not exceeding 10 years from the termination of the legal effects of the contract (art. 2220 of the Italian Civil Code Storage of accounting records; art. 2946 of the Italian Civil Code Ordinary prescription). After these terms, the data is either destroyed or anonymised.
Nature of provision and refusal
The provision of the data needed for the conclusion and execution of the contract is necessary; the refusal to provide the data and/or the complete opposition to its processing, makes it impossible to carry out any legal relationship between the Parties.
Location and method of processing
The processing of the personal data provided takes place at the registered office of the Data Controller, on paper, computer and electronic support and it is also carried out by subjects authorised to process it, who are constantly instructed on current Community and national legislation on the safeguarding and protection of personal data (Article 29 GDPR). Specific security measures are implemented to prevent the loss of data, illicit or incorrect use and unauthorized access. GDPR). Specifiche misure di sicurezza organizzative, fisiche e tecniche sono osservate per prevenire la perdita dei dati, usi illeciti o non corretti e accessi non autorizzati.
Rights of data subjects – complaint to the supervisory authority
Pursuant to and for the purposes of Articles 13, paragraph 2, and 15 to 21 of EU Regulation 2016/679, you may exercise the following rights:
- Right to obtain access to the personal data provided and information relating to it (art. 15 GDPR);
- Right to rectification of inaccurate data or the integration of incomplete data (art. 16 GDPR);
- Right to deletion of personal data concerning you (upon the occurrence of one of the conditions indicated in art. 17, paragraph 1, EU Regulation 2016/679 and in
compliance with the exceptions provided for in paragraph 3 of the same article);
- Right to limit the processing of personal data provided (in the event of one
of the hypotheses indicated in Article 18, paragraph 1, GDPR);
- Right to data portability or the right to receive personal data concerning you in a structured and
machine-readable format (the so-called right to personal data
portability pursuant to art. 20 GDPR);
- Right to lodge a complaint with the Garantor for the protection of personal data,
following the procedures and indications published on the www.garanteprivacy.it website (art.77
GDPR);
- Right to bring actions before the competent jurisdictional authorities (art.79
GDPR).
The Data Subject has the right to object to the processing of personal data provided in the event of special situations concerning him/her (Article 21 of the GDPR).
The Data Subject also has the right to revoke, at any time, any consent given for specific purposes (Article 7 of the GDPR).
How to exercise your rights
You can exercise your rights at any time by sending:
- A registered letter with receipt notification to QUALITYBED S.R.L., registered office;
- E-mail and/or PEC certified e-mail notification to the addresses indicated above.
Automated decision-making processes
For the pursuit of the purposes of the processing described above, no decision is made based solely on automated processing which produces legal effects that concern the data subject or that significantly affect you in a similar manner.
Transfer to a third country
The Data Controller does not transfer personal data to third countries or international organisations. However, the Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of EU Regulation 2016/679.
Dear supplier,
please carefully read the following information, provided in accordance with the provisions of EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data, as well as on the free circulation of such data and which repeals Directive 95/46/EC.
Definitions
“Personal data”: Any information concerning an identified or identifiable natural person (Article 4, paragraph 1, point 1 of EU Regulation 2016/679);
“Data Controller”: natural or legal person, public authority, service or other body that, individually or along with others, determines the purposes and means of processing personal data (Article 4, paragraph 1, point 7 of EU Regulation 2016/679);
“Data processor”: natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller (Article 4, paragraph 1, point 8 of EU Regulation 2016/679);
“Recipient”: natural or legal person, public authority, service or other body that receives notification of personal data (Article 4, paragraph 1, point 9 of EU Regulation 2016/679).
Principles applicable to the processing of personal data
Pursuant to and for the purposes of Article 5 of the aforementioned Regulation, the personal data provided by the Data Subject is:
a) processed in a lawful, fair and transparent manner;
b) collected for specific, explicit and legitimate purposes;
c) adequate, relevant and limited to that which is strictly necessary with regard to the purposes for which it is
processed;
d) accurate and, if necessary, updated;
e) kept in such a form that allows the identification of the data subjects for a period of
time not exceeding the achievement of the purposes for which it is processed;
f) processed in such a way as to ensure adequate security.
Data of the Data Controller
The data controller is QUALITYBED S.R.L., with registered office in Capurso (BA), Via ex S.S. 100, KM 11,200 SN Z.I. – postcode 70010, e-mail address: amministrazione@qualitybed.it, (PEC) certified e-mail address: qualitybed@pec.it.
Type of personal data processed
The personal data provided by the data subject is the following:
- Identification (name and surname, place and date of birth, municipality and place of residence, tax code, shipping address);
- Contact details (telephone number, e-mail address, pec certified e-mail address)
- Banking details (current account number, IBAN codes).
Purpose of processing – Legal basis
1) 1) Management of the activities related to the conclusion and execution of the contract concerning the provision of services or the purchase of instrumental and functional goods to the business activity of the data controller.
Legal basis: the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the interested party (Article 6, paragraph 1, letter b), GDPR).
2) Fulfilment of administrative, accounting and tax obligations.
Legal basis: the processing is necessary to fulfil a legal obligation of which the data controller is subject (Article 6, paragraph 1, letter c), GDPR).
Legal basis: the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the interested party (Article 6, paragraph 1, letter b), GDPR).
3) In the event of a dispute, the processing is necessary for the pursuit of the legitimate interest of the Data Controller that is substantiated in the protection and/or defence of its rights (Article 6, paragraph 1, letter f), GDPR).
Data recipients
The personal data provided may be processed, on behalf of the Data Controller, for exclusive technical, functional and organisational reasons, strictly related to the purposes set out above and, in particular, by the following categories of subjects:
- Professionals and/or companies in charge of processing with regard to external bookkeeping;
- Providers of installation, assistance and maintenance services for IT and electronic systems:
- Consultants on safety in the workplace needed to carry out the assignment.
Personal data may be disclosed to the subjects indicated below who may also process such data as independent data controllers:
- Public authorities and administrations for the fulfilment of legal obligations;
- Subjects entitled to access the data by virtue of provisions of law, regulations, community regulations, Judge’s orders; Banks, financial institutions or other subjects required to fulfil the contractual obligations taken on.
- Banks, financial institutions or other parties to fulfil the contractual obligations assumed.
Data storage period
The personal data provided by the Data Subject for the conclusion and execution of the contract is kept by the Data Controller in a form that allows the identification of the Data Subject for a period of time not exceeding the achievement of the purposes for which it is processed; always and in any case for a period of time not exceeding 10 years from the termination of the legal effects of the contract (art. 2220 of the Italian Civil Code Storage of accounting records; art. 2946 of the Italian Civil Code Ordinary prescription). After these terms, the data is destroyed or anonymised.
Nature of provision and refusal
The provision of the data needed for the conclusion and execution of the contract is necessary; the refusal to provide the data and/or the complete opposition to its processing, makes it impossible to carry out any legal relationship between the Parties.
Location and processing methods
The processing of the personal data provided takes place at the registered office of the Data Controller, on paper, computer and electronic support and it is also carried out by subjects authorised to process it, who are constantly instructed on current Community and national legislation on the safeguarding and protection of personal data (Article 29 GDPR). Specific security measures are implemented to prevent the loss of data, illicit or incorrect use and unauthorized access.
Rights of data subjects – complaint to the supervisory authority
Pursuant to and for the purposes of Articles 13, paragraph 2, and 15 to 21 of EU Regulation 2016/679, you may exercise the following rights:
- Right to obtain access to the personal data provided and information relating to it (art. 15 GDPR);
- Right to rectification of inaccurate data or the integration of incomplete data (art. 16 GDPR);
- Right to obtain deletion of personal data concerning you (should any of the conditions indicated in article 17, paragraph 1 of the GDPR occur and in compliance with the exceptions provided in paragraph 3 of the same article);
- Right to limit the processing of the personal data provided (in the event of one of the cases indicated in Article 18, paragraph 1, GDPR);
- Right to data portability or the right to receive personal data concerning you in a structured format eligible by automatic devices (the so-called right to personal data portability pursuant to Article 20 GDPR);
- Right to lodge a complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the www.garanteprivacy.it website (art.77 GDPR);
- Right to bring actions before the competent jurisdictional authorities (art.79 GDPR).
The Data Subject has the right to object to the processing of personal data provided in the event of special situations concerning him/her (Article 21 of the GDPR).
The Data Subject also has the right to revoke, at any time, any consent given for specific purposes (Article 7 of the GDPR).
How to exercise your rights
You can exercise your rights at any time by sending:
– A registered letter with receipt notification to QUALITYBED S.R.L., registered office;
– An e-mail notification to the address indicated above.
Automated decision-making processes
For the pursuit of the purposes of the processing described above, no decision is made based solely on the automated processing which produces legal effects that concern the data subject or that significantly affect you in a similar manner.
Transfer to a third country
The Data Controller does not transfer personal data to third countries or international organisations. However, the Data Controller reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of EU Regulation 2016/679.