Dear customer,
GALLI SPA, owner of processing of personal data (Data Controller), having headquarters in Via Cararola 59 – 27029 Vigevano (PV), Tax Code and VAT Number 00595810185, phone +39 0381 42423, email: info@gallispa.it, hereby inform you that, according to Article 13 of EU Regulation 2016/679 (hereinafter “Regulation”), the personal data you provide to this company will be processed in compliance with European and national personal data protection laws. The processing of your personal data will be based on principles of fairness, lawfulness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, confidentiality and accountability, safeguarding your privacy and rights.
- Purposes and legal bases of the processing
The personal data collected will be processed exclusively for the following purposes:
- Course of commercial activities and supply of goods or services;
- Fulfillment of pre-contractual, contractual, legal, and administrative-accounting obligations;
- Defence of rights or interests in judicial proceedings, managing of contentious, contractual non-fulfillment, injunctions, transactions, debt recovery, credit protection, arbitrations;
- Sending of commercial communications via newsletters, for this purpose free and informed consent is given through the website link https://www.gallispa.com;
- Publication of photos and videos for marketing purposes.
For above indicated purposes the applicable legal bases of processing, pursuant to Article 6(1) of EU Regulation 2016/679, are the following: Letter A – Consent; Letter B – contract performance or pre-contractual measures; Letter C – processing necessary to comply with legal obligations to which it is subject the owner of treatment; Letter F – legitimate interest pursued by the Data Controller.
- Nature of data conferment
The processing of personal data is mandatory for the purposes mentioned above; failure to provide, or incorrect or partial provision of data may result in the impossibility, in whole or in part, to establish or manage the relationship between Data Controller and Data Subject.
- Processing method of data
Data may be processed in automated (through electronic means) and paper forms by personnel specifically authorized from owner to processing or, where applicable, by third parties appointed as external processors of processing pursuant to Article 28 of the Regulation. The Data Controller commits to adopt appropriate security measures suitable to protect data against loss, abuse or alteration of personal data in compliance with the law, to the Data Protection Authority’s guidelines, and to Article 32 of the Regulation.
- Scope of communication and data transfer
Personal data will be processed by identified persons specifically authorized by the Data Controller, such as employees or collaborators. Gathered data may also be processed by third parties used by the Owner for supply of services intended to pursue the above indicated purposes (e.g., accounting and fiscal consultants, software providers of management and accounting software, consultants, credit institutions). These parties will process data according to Owner’s instructions and only for the purposes specified in the present notice. No personal data will be disseminated or transferred outside the EU.
- Data preservation
All data will be kept for the time necessary to fulfill the specified purposes or anyway for a period of time not exceeding the one necessary to obtain the purposes for which data have been gathered and for the fulfillment of contractual and pre-contractual obligation or by law duties to which the Owner is obliged to. Other criteria used to determine the period of preservation may be referred to specific rules which regulate the activities of the Owner (e.g., 5/10 years according to fiscal rules as far as the processing of administrative-accounting data are concerned). In case of legal disputes, data will be retained for the duration of controversy and until the expiration of terms of feasibility of appeal actions. Afterwards, data specified in the present notice will be destroyed or anonymized in accordance with technical procedures of cancellation and backup.
- Involved party rights
You may exercise the rights laid down in Articles 15-22 of GDPR 2016/679, including:
- Request and obtain cancellation, anonymization, or blocking of data processed unlawfully;
- Request and obtain data updating, correction, or integration;
- Request and obtain confirmation that such operations have been communicated to recipients;
- Oppose for legitimate reasons to data processing or to automated decision-making (including profiling);
- Request and obtain restriction of processing or data portability by another owner;
- Request and obtain compensation for material or non-material damages.
To exercise your rights foreseen by law or for further clarity, you may contact the updated list of responsible of Data Controller writing at: info@gallispa.it or by registered mail to GALLI SPA, Via Cararola 59 – 27029 Vigevano (PV).
You also have the right to apply for a complaint with the Data Protection Authority. You may download the necessary complaint forms going to www.garanteprivacy.it/home/modulistica-e-servizi-online.
The Data Controller
GALLI SPA