Pursuant to the provisions of Article 13 of the General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter“GDPR”), we provide you with certain information relating to the processing of your personal data provided in the context of the relationship with VTN EUROPE S.p.A.
|The Data Controller is VTN EUROPE S.p.A., with registered office in Cagnano di Poiana Maggiore (VI), via dell’Artigianato, no. 41-43, fiscal code and registration number with the Companies’ Register of Vicenza: 02366720247 (hereinafter “Controller”or“Company”).|
Mandatory purposes for which the treatment does not require your consent
|Purpose||Legal basis of processing|
|Manage the implementation of pre-contractual measures, as well as manage the implementation and fulfilment of contractual obligations mutually agreed upon.||(Art. 6, paragraph 1, letter b), GDPR) Fulfilment of a contract|
|Administrative, accounting and tax obligations; credit protection.||(Art. 6, paragraph 1, letter b), GDPR) Fulfilment of a contract
(Art. 6, paragraph 1, letter c), GDPR) Processing necessary to fulfil a legal obligation to which the Controller is subject
(Art. 6, paragraph 1, lett. f), GDPR)
Treatment necessary for the pursuit of the legitimate interests of the Controller related to the organizational, administrative, financial and accounting management of its organization
|Manage the filing and storage of data, information, communications, including electronic ones, and documents pertaining to the relationship with the Company.||(Art. 6, paragraph 1, letter c), GDPR) Processing necessary to fulfil a legal obligation to which the Controller is subject|
Your personal data may be brought to the attention of employees and/or collaborators of the Data Controller, duly appointed as authorized subjects or data processors, and communicated to other subjects or general categories of subjects other than the Data Controller, such as:
|Third parties or categories||Purpose||Notes|
|Information technology companies||Management, maintenance, updating of systems and software used by the Controller and video surveillance systems||Appointment as data processor (Art. 28 GDPR).
Information at the Data Controller
|Providers of networks, electronic communications services and computer and telecommunication services for the storage, archiving and management of computer data||Hosting, housing, Cloud, SaaS and other remote computer services essential for the provision of the activities of the Controller; regular archiving and storage services in accordance with electronic documents||Appointment as data processor (Art. 28 GDPR).
Cloud Services may involve data processing in countries outside the EU, which guarantee appropriate confidentiality rights.
Information at the Data Controller
|Consultants, professionals, law firms, arbitrators, insurance companies, experts, brokers||Legal, extra-judicial and insurance activities in the event of claims
Organisational, administrative, financial and accounting management
|Appointment as data processor (Art. 28 GDPR).
Information at the Data Controller
|Banks or institutions, companies and bodies of any kind engaged in banking, lending, leasing, factoring, financial – including brokerage – and related, complementary or similar activities||Organisational, administrative and financial management|
|Public Security and Judicial Authorities||Management of investigations by investigative bodies in the event of accidents|
We describe here below the period for which personal data are stored, or if not possible, the criteria used to determine such a period.
|Personal data and documents||Retention period or criteria for determining it|
|Personal data file and documents relating to the relationship with the Company||For the duration necessary to pursue the purposes of the processing and also subsequently, within the limits granted by law, for administrative, accounting and tax purposes, as well as to enforce or protect the rights of the Data Controller, if necessary|
We also inform you of the existence of certain rights provided by the GDPR on personal data and relevant treatment that you may request from the Data Controller.
|Right||Description||How to make it work|
|Data access rights (Art. 15)||You can request: a) the purpose of the processing; b) the categories of personal data in question; c) the consignees or the categories of consignees to which personal data have been or will be disclosed, in particular if living in foreign countries or coming from international organisations; d) where possible, the envisaged period for which the personal data will be kept or, if this is not possible, the criteria used to determine this period; e) the existence of the right to have the controller correct or erase the personal data or limit the processing of personal data relating to him or her or to object to their processing; f) the right to raise a claim at a control authority; g) if the data are not collected at the data subject, all the information available on their origin; h) the existence of an automated decision-making process, including profiling as provided for in Article 22, paragraphs 1 and 4, and, at least in such cases, meaningful information on the logic used, as well as the envisaged importance and consequences of such processing for the data subject.
You have the right to request a copy of the personal data being processed
|Forms on the website|
|Right of rectification (Article 16)||You have the right to request the rectification of personal data relating to you which are inaccurate and to obtain the integration of incomplete personal data||Forms on the website|
|Right to be forgotten (Art. 17)||You have the right to obtain from the Data Controller the cancellation of your personal data if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed||Forms on the website|
|Right to limitation of processing (Art. 18)||You have the right to obtain from the Data Controller the limitation of the processing when you have complained about the accuracy of personal data (for the period necessary for the Data Controller to verify the accuracy of such personal data) or if the processing is unlawful, but you object to the cancellation of personal data and instead request that its use be restricted or if it is necessary for the assessment, exercise or defence of a right in court, while for the Data Controller they are no longer necessary.||Forms on the website|
|Right to portability (Art. 20)||You have the right to receive in a structured format, commonly used and readable by automatic device the personal data concerning you provided to us and you have the right to transmit them to another data controller if the processing: (i) is based on consent, (ii) on contract, and (iii) is carried out by automated means, except where such processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, and the transfer does not affect the rights of a third party.||The right is exercised by opening a suitable procedure with the Data Controller|
|Right to object
|You have the right at any time to object, in whole or in part, to the processing of your personal data if the processing is carried out in pursuit of a legitimate interest of the Controller or if the processing is carried out for purposes of direct marketing. In this case, personal data will no longer be processed for these purposes.||Forms on the website|
|Right to lodge a complaint with the Supervisory Authority
|You have the right to lodge a complaint with the supervisory authority if you believe that your processing is in breach of the GDPR.|
The personal data provided may be processed by the Controller with and without the aid of computer tools.
We also inform you that the communication of your personal data for the purposes indicated is a legal or contractual obligation or a necessary requirement for the conclusion of a contract, so you are obliged to provide personal data, because otherwise it will not be possible to manage the relationship the Company.