Information concerning Italian Legislative Decree 196/03 and EU GDPR – management of personal data


This information is given to customers/suppliers of company ERRETIPLAST SRL, according to art. 13 d. lgs. 30 June 2003 n°196 – “Codice in materia di
protezione dei dati personali (Law concerning protection of personal data)” and article 13 679/2016 – “European regulation on protection of personal data (GDPR)”.

Organization representative

The representative for matters concerning treatment of personal data is the Owner of the company. Legal and physical address: Via Nazario Sauro 61 – 23893 Cassago Brianza (LC).

Data sources:

Personal data collected and treated by the Organization may include:
♉ personal visits or phone calls;
♉ pre-contractual data;
♉ management and control of risks; fraud prevention, insolvency, missed payments;
♉ management of purchase orders;
♉ management of legal issues/litigation;
♉ management of tax/fiscal issues;
♉ transactions concerning compensation, indemnity for damages incurred by customers;
♉ management of accounting, administrative and legal obligations;
♉ filling in the “contact request” form;
♉ information request, included, but not limited to, e-mails;
♉ previous transactions.

Purpose of data treatment

The personal data of the customers / suppliers of natural persons and the personal data of the natural persons who legal entities operate in the name and on behalf of clients / suppliers, if provided, are processed by the Representative and Tax Advisor for:
♉ forward communications of various kinds and with different means of communication (telephone, mobile phone, sms, email, fax, paper mail);
♉ formulate requests or process requests;
♉ exchange information for the execution of the contractual relationship, including the
pre and post contractual activities; carry out the operations necessary for the fulfillment of orders and other requests;
♉ initiate and manage transactions and compensation procedures in case of damage suffered by people inside the stores.

Both the personal data of customers / suppliers of individuals and personal data of individuals
who operate in the name and on behalf of clients / suppliers will be added to the owner’s archives and used (having regard to art. 130 paragraph 4 of Legislative Decree 196/2003 and also having regard to General provision of the Guarantor G.U. July 1, 2008 No. 188 / C, formulation 6, points a, b, c) for sending communications concerning products, services, news and promotions.

Recipients of data

The personal data processed by the Data Manager will not be disclosed, or will not be disclosed to indeterminate subjects, in no possible form, including that of making them available for
simple consultation. Instead, they may be communicated to workers who work at
dependencies of the owner and to some external subjects who collaborate with them. They can also be communicated, within the strictly necessary limits, to subjects who for the purpose of evasion of orders or other requests or services related to the transaction or relationship
contract with the Data Controller, must supply goods and / or perform services on behalf of the Data Controller. Finally, they may be communicated to the subjects entitled to access them by virtue of legal provisions, regulations or community regulations.
In particular, based on the roles and job duties performed, some workers may be legitimated to process personal data, within the limits of their competences and in compliance with
instructions given to them by the Owner.

Data transfer

The Data Controller does not transfer personal data to third countries or to extra-territorial organizations. However, it reserves the right to use cloud services; in which case, the service providers will be selected from those who provide adequate guarantees, as required by art. 46
GDPR 679/16.

Data retention

The Data Controller keeps and processes personal data for the time necessary to fulfill the purposes indicated in this document. Subsequently, personal data will be stored, and not further
treated, for the time required by current civil and fiscal regulation.

Rights of the interested party

With reference to art. 7 of the legislative decree 196/2003 and to the articles 15 – right of access, 16 – right of rectification, 17 – right to erasure, 18 – right to limitation of treatment, 20 – right to
portability, 21 – right to object, 22 right to object to decision making of the GDPR 679/16, the interested party exercises his rights by writing to the owner of the treatment at the address above, or by email, specifying the subject of your request, the right he intends to exercise and attaching a photocopy of an identity document that certifies the legitimacy of the request.

Withdrawal of consent

With reference to art. 23 of Legislative Decree 196/2003 and art. 6 of GDPR 679/16, the interested party can withdraw any consent given at any time.
However, the processing covered by this information is lawful and permitted, even in the absence of consent, as is necessary for the execution of a contract of which the interested party is a part (the service supply relationship) or to the fulfillment of above-mentioned requests.

Claim proposal

The interested party has the right to lodge a complaint with the supervisory authority of the state of residence.

Refusal to provide data

Individual customers / suppliers cannot refuse to provide personal data to the Data Controller if it is necessary to comply with the legal regulations governing commercial transactions and the
The provision of further personal data may be necessary to improve the quality and the efficiency of the transaction.
Therefore, the refusal to provide the data necessary by law will prevent the fulfillment of orders;
while the provision of further data may compromise in whole or in part the evasion of other requests and the quality and efficiency of the transaction itself.
Persons who operate in the name and on behalf of clients / suppliers legal entities can refuse to give the Data Controller their personal data.
The provision of personal data is however necessary for a correct and efficient management of the
contractual relationship. Therefore, a refusal to provide data could compromise all or part of the contractual relationship itself.

Automated decision-making processes

The Data Controller does not carry out treatments that consist of automated decision-making processes on the data of the customers / suppliers, or individuals in the name and on behalf of the clients / suppliers legal entities.