Link copiato negli appunti
CUSTOMER PRIVACY POLICY
GESCO Società Cooperativa Agricola, with offices in Cesena (FC), Loc. San Vittore, Via del Rio, n. 400, Tax Code and Vat no. 02522130406, as Data Controller, informs you pursuant to Art. 13 EU Regulation no. 2016/679 - GDPR - that your data will be processed in the following manner and for the following purposes.
1. Purpose of processing
a) The Data Controller processes personal data, i.e. 'identifying' data - for example: name, surname, tax code, address, telephone, email, etc. necessary for performing the contract. The Data Controller will process your identification data, without your express consent, to proceed with all the activities necessary to perform the contract between you and the Data Controller (registration, billing, etc.) or to fulfil legal obligations. Failure to provide the personal data referred to above will make it impossible to pursue the contractual relationship.
b) The Data Controller may use the email address you provide when purchasing a product or service to send communications concerning products/services similar to those purchased. You may nevertheless oppose this processing, which does not require your consent (see Art. 130 c. 4 Italian Legislative Decree no. 196/2003), at any time using the contacts referred to in Article 6 below.
c) Your data may also be processed for monitoring and reporting activities, and for planning and verifying production activities. This processing finds its legal basis in the pursuit of the legitimate interest of the Data Controller.
2. Methods of processing and storage
The processing of personal data is carried out through the operations stated in Art. 4 no. 2) GDPR, and are precisely: collection, recording, storage, consultation, use, communication, deletion and destruction.
Personal data is subjected to both paper and electronic processing.
The Data Controller will process your personal data for the activities necessary to perform the contract - article 1, letter a) - or to fulfil a legal obligation - Art. 6 c.1 letter c), for the term of 10 years from its conclusion; for the activities referred to in letters b) and c), the data will be kept until the achievement of the purposes stated therein. After this period, your personal data will no longer be used for the aforementioned purposes.
The Processing will be based on principles of accuracy, lawfulness and transparency, and will be implemented with the aid of tools and procedures that avoid the risk of loss, unauthorised access, or illicit use and dissemination.
3. Access to data and recipients
Personal data may be made accessible for the purposes referred to in Article 1:
- to employees and contractors of the Data Controller, in their capacity as subjects authorised to process;
- to third-party companies or other subjects - for example: professional studios, consultants, etc. - who carry out outsourced activities on behalf of the Data Controller in their capacity as Data Processors.
4. Data Transfer
Personal data may be stored in paper archives at the Company's headquarters (FC), Loc. San Vittore and on servers located within the European Union.
In any case, it is understood that the Data Controller, if necessary, will also may move the servers and archives outside the EU. In this case, the Data Controller ensures from now on that transferring data outside the EU will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses envisaged by the European Commission.
5. Rights of the Data Subject
In relation to the processing of personal data, you have the right:
- to be informed about: data and headquarters of the Data Controller; the purposes and methods of processing; data and headquarters of the Data Processor;
- to obtain, through the Data Controller or Data Processor, without delay:
1) the confirmation of the existence of a processing of personal data concerning you and the communication in an intelligible form of the same data and their origin, as well as the purposes on which the processing is based;
2) the deletion of personal data concerning you, when: i) the same are no longer necessary for the purposes for which they were collected, ii) the consent has been revoked and there is no other legal basis for the processing, iii) the data have been processed in violation of the law, iv) the Data Subject has opposed the processing and there is no overriding legitimate reason to proceed with the processing v) the Data Controller is subject to the legal obligation to cancel personal data;
3) updating, rectification or, if interested, integration of data;
4) certification to the effect that the operations as per 2) and 3) above have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort to the protected right;
- to oppose, for reasons related to your particular situation, to the processing of personal data concerning you, pursuant to Art. 6, paragraph 1, letters e) or f);
- to complain to a supervisory authority;
- to receive in a structured and machine-readable format the personal data concerning them, and to transmit such data to another Data Controller without hindrance from the Data Controller to whom it originally provided them. In exercising their rights regarding data portability, the Data Subject has the right to obtain the direct transmission of personal data from one Data Controller to another, if technically feasible;
- not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or which may significantly affect his person in a similar way.
The Controller shall provide a copy of the personal data being processed; if the Data Subject requests further copies, the Data Controller may charge a fee based on the administrative costs actually incurred.
6. Methods of exercising rights
You may exercise the above rights at any time by sending to the attention of the Data Controller:
- a registered letter to GESCO Società Cooperativa Agricola, with offices in Cesena (FC), Loc. San Vittore, Via del Rio, no. 400; - an email to the address privacy@amadori.it or to the CEM mailbox gescoconsorziosca@pec.amadori.it.
7. Data Controller and Data Processor
The Data Processor is GESCO Società Cooperativa Agricola, with offices in Cesena (FC), Loc. San Vittore, Via del Rio, n. 400. The updated list of data processors is kept at the registered office of the Data Controller.
8. Data Protection Officer
The Data Controller has appointed as Data Protection Officer Emanuela Arduini, who can be contacted at the following email address: dpo.gesco@amadori.it.
Date of Last Update: 8/04/2022 (Version1.0)