Oltremare SpA, located at Fano (Italy) Via della Pineta 23 (hereinafter referred to as “Company”), V.A.T. number 02545940419, according to the Article 13 of Law Decree dated on June 30, 2003, number 196 (henceforth referred to as “Privacy Code”) and in accordance with the provisions of Article 13 of Regulation (UE) 2016/679 (hereafter, “Regulation”), provides the following information concerning the handling of personal data collected from its Customers/Suppliers (from here on referred to as the “Concerned party”), in its capacity as Data Controller.
Categories and types of handled data
The data handled by the Company may include common data (e.g. name, surname, business name, address, phone number, e-mail address, bank accounts and methods of payment – hereafter, “Data”) collected for the purpose of concluding a contract with the Concerned party and/or in the context of implementation and/or signing of it. It can also happen the handling of a third party’s Data reported by the Concerned party to the Company.From this assumption, the Concerned party will be an autonomous Data Controller and shall assume the resultant obligations and legal responsibilities and shall hold harmless The Company from any dispute, pretension and/or claim for damage from data handling which should arrive to the Company from concerned third parties.
Purpose of data processing
The Data are stored, collected and processed in the context of the pursuit of Company’s activity, in accordance with current privacy regulation and without the need for specific approval of the Concerned party:
- for preliminary requirements prior to the stipulation of agreements and for the fulfilment of obligations and implementation of the projected operations;
- for the fulfilment of obligations and requirements (administrative, tax, accounting, legal etc.) pursuant to current law.
Methods of the data processing
The data may be processed by means of manual, automated, computer and electronic tools suited to managing, storing and transmitting data, and in any case to ensuring the security and confidentiality of the same data.
The Data subject to processing shall be:
- processed in a lawful and correct manner;
- collected and recorded for specified, explicit and legitimate purposes and used in other processing operations always compatible with such purposes;
- accurate and, if necessary, updated;
- relevant, complete and not exceeding in relation to the purposes for which the data has been collected and then processed;
- preserved to allow the identification of the Concerned party for a period not greater than that necessary for the purposes for which data were collected or subsequently processed.
Possible communication and diffusion of Data
For the purposes set out above, the Data may be communicated to employees and collaborators of the Data Controller, in their capacity as internal data processors and/or people appointed to process data or to third parties (bank and insurance institutions, service providers) strictly needed to pursue the Company’s activities, either for fiscal, administrative, accounting, contractual reasons or for requirements protected by the current legislature, in accordance with the provisions of the Regulation.Finally, the Data can be shared with authorities, entities and/or subjects to which the Data disclosure is required by laws and regulations or as instructed by authorities. These authorities, entities and/or subjects will operate as autonomous Data Controllers. The Data will not be diffused.
The Data of the Concerned party are stored on a servers located within the European Union.
Storage period of the Data
The Data will be stored on paper and/or IT support not longer than is needed for the purposes for which they were collected, respecting the principles of limitation of the retention period and minimisation as referred to in Regulation.
The Data will be kept to fulfil the legislative obligations and pursue the above-mentioned purposes, adhering to the principles of indispensability, not excessive and pertinence.The Company may keep some Data after the conclusion of the contractual relationship in order to fulfil legislative obligations and/or post-contractual obligations according to the law prescriptions (10 years); subsequently, when the said reasons for data processing no longer exist, the Data will be deleted, destroyed or simply stored in anonymous form.
Rights of the Concerned party
At any time, the Concerned party may exercise, in accordance with the art. 7 of Legislative Decree 196/2003 and with articles from 15 to 22 of Regulation (UE) 2016/679, the following rights:
- a) to seek confirmation of the existence or not of its personal Data; b) to obtain information about the purposes of the Data treatment, the categories of the Data, the recipients or categories of recipients to whom the personal Data have been or will be disclosed and, if possible, the period of retention; c) to obtain the correction and cancellation of the Data; d) to restrict the processing of the Data; e) to obtain the Data portability, that is, receive them from a Data Controller, in a structured, commonly used format and readable from an automatic device, and transmit them to another Data Controller, without restrictions; f) to object to the processing of Data at any time and also in case of Data treatment for direct marketing purpose; g) to object to an automated decision process related to individuals, including the profiling; h) to ask the Data Controller the access to the Data and the modification or cancellation of the them, or restriction of Data processing concerning him or her, or to oppose to the Data processing, in addition to the right to data portability; i) to withdraw its consent at any time without prejudicing the lawfulness of the Data processing based on consent before its withdrawal; j) to lodge a complaint to a supervisory authority.
Procedures for exercising the right
The Concerned party may at any time exercises its rights sending a notice by email to firstname.lastname@example.org or by mail using the following address Oltremare SpA – via della Pineta 23 – 61032 Fano PU.
Data Controller, Data Processor and Data Appointed
The Data controller of such Data is CEO Marco Nava. The complete and regularly updated list of data processors and/or the persons in charge of the Data processing may be requested sending an email to the Data Controller to the following address email@example.com or by post to the address Oltremare SpA – via della Pineta 23 – 61032 Fano PU.