Privacy Policy

CETA S.p.A., VAT number 03172560165, with registered office in Bergamo, Via Grumello n. 47/49 (hereinafter referred to as “Data Controller”), in its role as data controller, pursuant to article 13 of Italian Legislative Decree of 30.06.2003 n. 196 (hereinafter referred to as “Privacy Code”) and article 13 of Regulation (EU) n. 2016/679 (hereinafter referred to as “GDPR”), hereby informs you that your Personal Data (as defined below) will be processed with the methods and for the purposes described below.

1. Data to be processed

The Data Controller will process your identification data communicated by you (for example name, surname, company name, address, telephone number, email, bank details and payment details – hereinafter referred to as “Personal Data” or also “Data”).

2. Purposes of data processing

Your Personal Data will be processed, in respect of the principles specified in articles 5 and 6 of the Regulation, for the following Purposes of Service:
A) to conclude contracts for services provided by the Data Controller; to fulfil pre-contractual, contractual and tax obligations deriving from relationships with you; to fulfil obligations set out by law, regulations, European rules or orders from the Authorities (such as with regards to anti-money laundering measures); to exercise the rights of the Data Controller, for example the right to legal defence;
B) only with your specific and clear consent, revocable (articles 23 and 130 of the Privacy Code and Article 7, GDPR) for the following Marketing Purposes:
to send you, via email, post and/or SMS and/or telephone, newsletters, commercial communications and/or advertising materials regarding products or services offered by the Data Controller, and to carry out customer satisfaction surveys regarding the quality of services; to send you, via email, post and/or SMS and/or telephone, commercial and/or promotional communications from third parties.

The collection and use of information by these third parties are governed by their respective privacy policies which we recommend you view.

3. Cookies

With regards to cookies and similar tools used by the website, please refer to the Cookie Policy

4. Access to Data

Your Data may be accessed, for the purposes specified in article 2:
- by the Data Controller’s employees and contract workers, in their role as persons authorised to process data and/or internal data processors and/or system administrators;
- by third-party companies or other entities (e.g. credit institutions, professional firms, consultants, insurance companies for provision of insurance services, etc.) which perform outsourcing activities on behalf of the Data Controller, in their role as external data processors.

5. Methods of processing

The processing of your Personal Data is carried out via the operations indicated in article 4 of the Privacy Code and article 4 n. 2, GDPR and, in detail, via the creation of personal data records on electronic supports with all processing necessary for the aforementioned purposes.
Processing will be carried out with both automatic and telematic instruments with organisational and processing logic that is strictly correlated to the purposes themselves and in any case in such a manner as to guarantee the security, integrity and confidentiality of said data in compliance with the physical and logical organisational measures provided for by current regulations.
The Data Controller will process the Personal Data for the time necessary to fulfil the purposes indicated above and in any case for no longer than 10 years from the termination of the relationship for Purposes of Service and for no longer than 2 years from the collection of Data for Marketing Purposes.

6. Disclosure of Data

The Data will be disclosed to other entities exclusively for accounting, welfare, tax and legal purposes as well as for Marketing Purposes, but will not be transferred to third parties.
The Data may be disclosed to persons in charge of data processing during the carrying out of their duties.

7. Transfer of Data

The Personal Data held by CETA S.p.A. are collected directly by its administrative office and are provided directly with your voluntary consent.

8. Nature of the provision of Data and consequences of refusing to provide them

The provision of the Data is obligatory in order to be able to correctly comply with legal obligations, and more precisely to respect civil, welfare and tax regulations.

9. Rights of the Data Subject

As Data Subject, you have the rights referred to in article 7 of the Privacy Code and article 15 of the GDPR and, specifically, the right:

• to obtain confirmation as to whether or not Personal Data concerning you exist, regardless of their having already been recorded, and communication of these Data in intelligible form;
• to obtain information regarding: a) the origin of the Personal Data; b) the purposes and methods of processing; c) the logic applied to the processing, if the latter is carried out with the use of electronic means; d) the identification details of the data controller, data processors and designated representatives pursuant to article 5, paragraph 2 of the Privacy Code and article 3, paragraph 1, GDPR; e) the entities or categories of entity to whom or which the Personal Data may be communicated and who or which may have knowledge of said Data in their capacity as designated representative(s) in the State territory, data processor(s) or person(s) in charge of the processing;
• to obtain: a) the updating, rectification or, when necessary, the integration of the Data; b) the erasure, the transformation in anonymous form or the blocking of Data processed in violation of the law, including Data for which conservation is unnecessary with regards to the purposes for which they have been collected or subsequently processed; c) confirmation that the operations referred to in letters a) and b) have been brought to the attention, including with regard to their content, of those to whom Data have been communicated or disclosed, except in cases where it is impossible to fulfil this obligation or where the obligation leads to the use of resources manifestly disproportionate to the right protected;
• to either totally or partially oppose: a) for legitimate reasons, the processing of Personal Data which concern you, even if pertinent to the purpose of collection; b) the processing of Personal Data which concern you for the sending of advertising or direct sales materials or for the carrying out of market research or communications of a commercial nature, through the use of automated calling systems without the intervention of an operator, via email and/or traditional marketing methods via telephone and/or standard post. It is highlighted that the right to object of the Data Subject indicated in point b) above, for purposes of direct marketing through the use of automated systems, is also valid for traditional modalities and in any case the Data subject has the right to state their partial or total opposition. Therefore, a Data Subject may decide to receive communications solely through traditional methods or rather solely through automated communications or neither of the two types of communication.

Where applicable, the Data Subject also has the rights specified in Articles 16-21, GDPR (the right to rectification, the right to be forgotten, the right to restriction of processing, the right to data portability, the right to object) as well as the right to lodge a complaint with the Data Protection Authority pursuant to Articles 77-82, GDPR.

10. Methods of exercising rights

The Data Subject may, at any time, exercise their rights by sending:
- a registered letter with acknowledgement of receipt to:
Ceta S.p.A.
Bergamo,
Via Grumello n. 47/49
or
- a certified email to the address CETASPA@LEGALMAIL.IT

11. Data Controller, Data Processor and Persons authorised to process Personal Data

The Data Controller is CETA S.p.A., with registered office in Bergamo, Via Grumello n. 47/49.
The internal Data Processor and/or person in charge of data processing is Mr. Dario Donà.