In accordance with and for the purposes of Article 13 of the new General Data Protection Regulation (GDPR 2016/679), we hereby wish to inform the Client (the interested party) of the following:

The Data Controller is Mazalli S.p.a. (the Company), with head offices in Milan at no. 10, Piazza Santo Stefano, in the person of the pro-tempore legal representative Mr Fabrizio Cantoni. The Client may communicate with the Controller via email [email protected] for the purposes of exercising rights.

Data of a personal nature freely provided by Clients and Suppliers to the Company for activities conducted by virtue of the relevant contractual stipulations shall be handled in a lawful manner, in keeping with proper practices, and in accordance with the Regulations for:
•    Contractual purposes associated with and necessary for establishing relations with clients and suppliers including, by way of example, acquiring information before entering into a contract;
•    Purposes linked to the obligations stipulated by accounting and/or tax law, by EU regulations and law, and by provisions passed by Authorities entitled to do so by the law or by supervisory and/or control bodies. The provision of the above data is essential in order for the Controller to fulfil the appointment awarded to it. In the event of refusal to supply the requested data, the Controller shall be prevented from carrying out the contractually stipulated services on grounds attributable to the Client concerned.
•    Promotional purposes, using traditional or electronic means; the provision of the above data (e-mail address) is optional and for the processing of such data, for the purposes outlined above, consent of the interested party will be collected.
 

The processed data (which may be of both a common and identifying nature) is up-to-date, complete, pertinent and not disproportionate to the above mentioned processing purposes.
Said data shall be processed with the necessary security and confidentiality, by gathering the data of the interested party and recording and storing said data for predetermined, explicit and legitimate purposes. Said data shall be processed using both paper instruments and electronic means.

The personal data shall be processed by Mazalli S.p.a. in its capacity as Data Controller, and by the employees and co-workers who are authorised to conduct the processing. The data may be communicated to public organisations receiving the communications/declarations involved in the contractual relationship. It may also be communicated to the relevant inspection bodies, where requested for inspections and audits to verify that all obligations have been duly fulfilled.
The data involved in this privacy statement may be communicated to professionals and/or co-workers of the controller to fulfil the appointment made, and for the same purposes. The data in question shall not, however, be distributed beyond the limits specified herein unless the interested party should provide written authorisation to do so.

Mazalli S.p.a., in its capacity as Data Controller, may transfer the data involved herewith to a third-party country (outside the European Community) or to an international organisation solely and exclusively for the purposes of fulfilling the appointment awarded to it, as stipulated in the exception under Article 49, paragraph 1 lett. “b” of Regulation 679/2016. It should be noted that the external backup is also carried out by an Italian company, and accordingly is also kept in compliance with the privacy regulation in question, using servers located within the EU or in countries with which an adequacy decision is in force, as per Article 45, paragraph 1 of the G.D.P.R.
No automatic decision-making processes are used.

Lastly, the interested party is hereby informed that the Controller has adopted security measures to protect the data against the risk of loss, abuse or alteration.

The data involved in this privacy statement shall be kept:
For 10 years following the termination of the contractual relationship for all processing legally governed by the contract.

The interested party:
is entitled to ask the Data Controller to confirm or otherwise its possession of personal data concerning him/her, even if it has yet to be registered, and to have it communicated in intelligible form and verified. The interested party can also ask for the data to be updated or integrated, rectified or cancelled, or to have the data transformed into anonymous form, or to block data treated in breach of regulations. In addition, the interested party may request limitations on the processing of data concerning him/her, or oppose its handling, as well as possessing the right to data portability and the right to obtain details of the origin of the personal data, its purpose and the processing method adopted, as well as the logic applied where data processing is carried out using electronic instruments
may also oppose the processing of data concerning him/her whether wholly or in part
is entitled to revoke consent at any time, without detriment of any kind to the lawfulness of processing conducted by virtue of consent provided prior to the revocation, and the right to submit complaints to the supervisory authorities.