Policy statement for the processing of personal data
pursuant to article 13 EU Regulation 2016/679
Pursuant to Art. 13 of the European Regulation (EU) 2016/679 (hereinafter GDPR), and regarding the personal data of which Irsap spa will dispose as part of the on-line sales process for goods/services concerning IRSAP NOW devices, we inform you of the following.
- Data Controller
The Data Controller is Irsap spa (VAT reg. no. 00040070294), with registered offices at Via delle Industrie 211, Arquà Polesine (RO).
- Data Subject
Data Subjects are the customers of Irsap spa, understood as: consumers ex Lgs. Decree no 206/2005, or professional users (owners of individual companies, legal representatives of businesses).
- Personal data
To use the on-line sales process for products/services relating to IRSAP NOW devices, the data subject will need to provide the following personal data:
- Name and family name
- Delivery/installation address
- Telephone no.
- Payment/invoicing details
- Purpose of data processing
Data processing is for the sole purpose of performing pre-contractual and contractual obligations (completion of on-line purchase of Irsap Now Systems and provision of installation, customer care and technical assistance services), as well as for legal, fiscal and accounting obligations, and to meet the specific needs of the customer.
For example, personal data will be processed for:
4.1 management of the pre-contractual stage and establishment/performance of the contractual relationship with the customer (on-line purchase of Irsap Now Systems and provision of customer care and corrective maintenance services);
4.2 fiscal and accounting management for the contractual relationship;
4.3 management of company quality systems and processes;
4.4 promotion of company activities, customer satisfaction and maximising customer loyalty.
4.5 profiling for the sending of customised communication;
Personal data may be processed using hardcopy and computer-based means - including portable devices - and processed using the methods strictly necessary to meet the aims stated above
- Legal basis for processing
5.1 The basis for processing, for the purposes as per point 4.1 is represented by the performance of the contract between the parties (art. 6, subsection 1, lett. b) Reg. EU 2016/679).
5.2 The basis for processing for the aims stated in the point and 4.4 is represented by the legitimate interest of the Data Controller or by third parties (art. 6, subsection 1, lett. f) Reg. EU 2016/679).
5.3 The basis for processing, for the purposes as per point 4.3 is represented by the performance of the contract between the parties (art. 6, subsection 1, lett. b) Reg. EU 2016/679).
5.4 The basis for processing, for the purposes as per point 4.5 is represented by the consent of the party concerned (art. 6, subsection 1, lett. a) Reg. EU 2016/679).
- Result of failure to provide personal data
Regarding the personal data pertaining to the performance of the agreement, of which the data subject is part or concerning the performance of a legal obligation, failure to communicate personal data will prevent the completion of the contractual relationship.
- Data retention
The Personal data being processed for the purposes stated in point 3 will be retained for the period of the agreement and subsequently, for the time for which the Controller is subject to retention obligations for tax purposes or for other purposes required by law or regulations. Specifically, data will be retained for the ten-year time limit required for retaining documents necessary for accounting, taxation and anti-money laundering purposes, in compliance with that stated in the reference standards,
- Data communication
The data subject’s information will be communicated to and processed by employees authorised by the Data Controller for this purpose (contact, appointed/authorised to carry out processing).
According to that required for the performance of the agreement, personal data may be communicated to:
- Accounting firm
- Law firm
- Credit institute
- Public and private bodies
- Control and certification bodies
- Public security authorities or insurance companies as well as third parties authorised by specific provisions in Law or Regulations, imposed by the laws of the European Union or member state to which the Data Controller is subject.
Data can be known by other independent Controllers or External Managers appointed by the Data Controller.
- Transfer to third countries
Irsap Spa may transfer data to third countries or international organisations.
In this case, Irsap Spa undertakes to perform this transfer in compliance with the guarantees set down in section V of the GDPR (Articles 46 and 47 GDPR).
- Data subject’s rights
The data subject has the right to:
- request access to their personal data and to the information regarding same; correction of incorrect data or the integration of incomplete data; deletion of personal data (in the event of the occurrence of one of the conditions stated in Art. 17, paragraph 1 of the GDPR and in compliance with the exceptions set down in section 3 of the same article); limitations to the processing of personal data (on the occurrence of one of the situations stated in Art. 18, section 1 of the GDPR);
- request and obtain - in the event that the legal basis of processing is the contract or consent, and the same is achieved with automated means - the personal data in a structured, legible format for the automatic device, also for the purpose of communicating these data to another data controller;
- oppose the processing of these personal data at any time, on the occurrence of specific situations involving the data subject;
- withdraw consent at any time, limited to the hypothesis in which treatment is based on the consent for one or more specific purposes, and concerns shared personal data (for example, date and place of birth or residence or specific data categories (for example, data that reveal racial origins, political opinions, religious beliefs, health or sexual orientation). Processing based on consent and carried out before the withdrawal of same will in any case be considered legal;
- submit complaint to a controlling authority.
Statement made with reference to cookies on the website https://now.irsap.com belonging to Irsap spa, with offices in Arquà Polesine (RO), Via delle Industrie 211, Data controller.
What is a cookie?
A cookie is a small text file that is stored in a computer’s memory as soon as the user visits the website. The text stores information that the site is able to read at the time in which it is consulted at a later time. Some of these cookies are required for the correct operation of the website, while others are useful to the visitor because it is able to store data safely, such as user name and language settings. The advantage of having cookies installed in your PC is that you no longer need to fill out the same intervention every time you want to access a site visited previously
What types of cookie are used on https://now.irsap.com?