Privacy

Privacy

Isa Industria Serigrafica e Affini S.p.A., with registered office in 21042 Caronno Pertusella (VA) – Via E. Toti n.454, – VAT No. 00338960123 (hereinafter “Data Controller”), as the data controller, hereby informs you—pursuant to Art. 13 of Legislative Decree 196/2003 (hereinafter “Privacy Code”) and Art. 13 of EU Regulation no. 2016/679 (hereinafter “GDPR”)—that your data will be processed in the following manner and for the following purposes:

1. SUBJECT OF THE PROCESSING

For the establishment and management of ongoing relationships with you, the Data Controller processes your personal, identifying, contact, and fiscal data (e.g., name, surname, company name, address, telephone, email, bank and payment details, etc.).

2. PURPOSES OF PROCESSING AND LEGAL BASIS

Your personal data are processed:

a. Without your express consent (Art. 24 Privacy Code and Art. 6 GDPR) for the following service purposes:

• To conclude contracts for the Data Controller’s services;
• To fulfill pre-contractual, contractual, and fiscal obligations arising from existing relationships with you;
• To fulfill obligations established by law, regulations, community legislation, or an order from the Authority;
• To exercise the rights of the Data Controller, such as the right of defense in court.

b. Only with your specific and distinct consent (Art. 23 and 130 Privacy Code and Art. 7 GDPR), for the following marketing purposes:

• To send you via email, mail, and/or SMS and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and to measure the degree of satisfaction with the quality of services;
• To send you via email, mail, and/or SMS and/or telephone contacts commercial and/or promotional communications of third parties (e.g., business partners, other group companies, etc.).

If you are already our customer, we may send you commercial communications relating to services and products of the Data Controller similar to those you have already used, unless you disagree (Art. 130 par. 4 Privacy Code).

3. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL

Providing data for the purposes referred to in point 2.a is mandatory. Without them, we cannot guarantee the related services.
Providing data for the purposes referred to in point 2.b is optional. You can therefore decide not to provide any data or subsequently deny the possibility of processing data already provided for these purposes; in this case, you will not be able to receive newsletters, commercial communications, and advertising material relating to the services and products offered by the Data Controller. You will, however, continue to be entitled to the services referred to in point 2.a.

4. PROCESSING METHODS

The processing of your personal data is carried out by means of the operations indicated in Art. 4 Privacy Code and Art. 4 no. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure, and destruction of data.
Your personal data are subjected to both paper and electronic and/or automated processing.
Processing is carried out by authorized personnel and collaborators within the scope of their respective functions and in accordance with the instructions received, always and only for the achievement of specific purposes, strictly respecting the principles of confidentiality and security required by applicable regulations.

5. ACCESS TO DATA

Your data may be made accessible for the purposes referred to in point 2:

• To employees and collaborators of the Data Controller in their capacity as authorized persons and/or internal data processors and/or system administrators;

• To third-party companies or other subjects (for example, credit institutions, professional firms, consultants, insurance companies, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors, a list of whom is available at our office.

6. COMMUNICATION OF DATA

Without the need for express consent (Art. 24 Privacy Code and Art. 6 GDPR), the Data Controller may communicate your data for the purposes referred to in point 2.a to Supervisory Bodies, Judicial Authorities, as well as to all other subjects to whom communication is mandatory by law for the fulfillment of the aforementioned purposes. Your data will not be disseminated.

7. DATA TRANSFER

Your data are not subject to transfer outside the European Union. In any case, it is understood that the Data Controller, should it become necessary, will have the right to transfer the data within the European Union and/or to non-EU countries. In such a case, the Data Controller ensures as of now that the transfer of data outside the EU will take place in accordance with applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

8. DATA RETENTION

All personal data provided will be processed in compliance with the principles of lawfulness, fairness, relevance, and proportionality, using only the methods—including IT and telematic—strictly necessary to pursue the purposes described above.
In any case, personal data will be kept for a period of time no longer than strictly necessary to achieve the indicated purposes. Personal data that do not need to be stored in relation to the indicated purposes will be deleted or transformed into anonymous form. It is noted that the information systems used to manage the collected information are configured, from the outset, to minimize the use of personal data.

9. RIGHTS OF THE DATA SUBJECT

In your capacity as a data subject, you have the rights referred to in Art. 7 Privacy Code and Art. 15 GDPR, and specifically the rights to:

Obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;

Obtain indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the Data Controller, the processors, and the designated representative; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them;

Obtain: a) updating, rectification or, when interested, integration of data; b) cancellation, transformation into anonymous form or blocking of data processed in violation of the law; c) certification that the operations referred to in letters a) and b) have been brought to the attention of those to whom the data were communicated;

Object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication.

Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority (Garante Privacy).

10. PROCEDURES FOR EXERCISING RIGHTS

You may exercise your rights at any time by sending an email to: amministrazione@isaserigrafia.com

11. CONTROLLER, PROCESSOR, AND AUTHORIZED PERSONNEL

The Data Controller is ISA Industrie Serigrafica e Affini S.P.A. The updated list of data processors and authorized personnel is kept at the registered office of the Data Controller.

12. UPDATES TO OUR PRIVACY POLICY

This Privacy Policy may be periodically updated without prior notice to reflect changes in our personal information processing practices. We will post a prominent notice on our websites to communicate any significant changes to our Privacy Policy, indicating the date of the last update at the bottom.

Policy updated as of 17/07/2018.