CETA S.p.A., VAT number 03172560165, with registered office in Bergamo, Via Grumello n. 47/49 (hereinafter referred to as “Data Controller”), in its role as data controller, pursuant to article 13 of Italian Legislative Decree of 30.06.2003 n. 196 (hereinafter referred to as “Privacy Code”) and article 13 of Regulation (EU) n. 2016/679 (hereinafter referred to as “GDPR”), hereby informs you that your Personal Data (as defined below) will be processed with the methods and for the purposes described below.
The Data Controller will process your identification data communicated by you (for example name, surname, company name, address, telephone number, email, bank details and payment details – hereinafter referred to as “Personal Data” or also “Data”).
Your Personal Data will be processed, in respect of the principles specified in articles 5 and 6 of the Regulation, for the following Purposes of Service:
A) to conclude contracts for services provided by the Data Controller; to fulfil pre-contractual, contractual and tax obligations deriving from relationships with you; to fulfil obligations set out by law, regulations, European rules or orders from the Authorities (such as with regards to anti-money laundering measures); to exercise the rights of the Data Controller, for example the right to legal defence;
B) only with your specific and clear consent, revocable (articles 23 and 130 of the Privacy Code and Article 7, GDPR) for the following Marketing Purposes:
to send you, via email, post and/or SMS and/or telephone, newsletters, commercial communications and/or advertising materials regarding products or services offered by the Data Controller, and to carry out customer satisfaction surveys regarding the quality of services; to send you, via email, post and/or SMS and/or telephone, commercial and/or promotional communications from third parties.
The collection and use of information by these third parties are governed by their respective privacy policies which we recommend you view.
Your Data may be accessed, for the purposes specified in article 2:
- by the Data Controller’s employees and contract workers, in their role as persons authorised to process data and/or internal data processors and/or system administrators;
- by third-party companies or other entities (e.g. credit institutions, professional firms, consultants, insurance companies for provision of insurance services, etc.) which perform outsourcing activities on behalf of the Data Controller, in their role as external data processors.
The processing of your Personal Data is carried out via the operations indicated in article 4 of the Privacy Code and article 4 n. 2, GDPR and, in detail, via the creation of personal data records on electronic supports with all processing necessary for the aforementioned purposes.
Processing will be carried out with both automatic and telematic instruments with organisational and processing logic that is strictly correlated to the purposes themselves and in any case in such a manner as to guarantee the security, integrity and confidentiality of said data in compliance with the physical and logical organisational measures provided for by current regulations.
The Data Controller will process the Personal Data for the time necessary to fulfil the purposes indicated above and in any case for no longer than 10 years from the termination of the relationship for Purposes of Service and for no longer than 2 years from the collection of Data for Marketing Purposes.
The Data will be disclosed to other entities exclusively for accounting, welfare, tax and legal purposes as well as for Marketing Purposes, but will not be transferred to third parties.
The Data may be disclosed to persons in charge of data processing during the carrying out of their duties.
The Personal Data held by CETA S.p.A. are collected directly by its administrative office and are provided directly with your voluntary consent.
The provision of the Data is obligatory in order to be able to correctly comply with legal obligations, and more precisely to respect civil, welfare and tax regulations.
As Data Subject, you have the rights referred to in article 7 of the Privacy Code and article 15 of the GDPR and, specifically, the right:
Where applicable, the Data Subject also has the rights specified in Articles 16-21, GDPR (the right to rectification, the right to be forgotten, the right to restriction of processing, the right to data portability, the right to object) as well as the right to lodge a complaint with the Data Protection Authority pursuant to Articles 77-82, GDPR.
The Data Subject may, at any time, exercise their rights by sending:
- a registered letter with acknowledgement of receipt to:
Via Grumello n. 47/49
- a certified email to the address CETASPA@LEGALMAIL.IT
The Data Controller is CETA S.p.A., with registered office in Bergamo, Via Grumello n. 47/49.
The internal Data Processor and/or person in charge of data processing is Mr. Dario Donà.