As required by the regulations, we provide the user with information regarding the processing of their personal data. Protecting your privacy is one of our main goals. We regularly carry out checks on the efficiency and adequacy of the measures applied to ensure the protection of databases, fundamental rights and freedoms of individuals, and the application of data processing by those who use our services. According to the provisions of the Regulation, the processing will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data retention limitation, data minimization, accuracy, integrity, and confidentiality.
Article 6(1)(f) of the GDPR constitutes the legal basis for data processing. The processing of the mentioned data is necessary for the provision of our services and is therefore aimed at protecting a legitimate interest of our company. The legal basis that legitimizes the processing is the existence of a relationship in which the data subject is an integral and essential part. In cases explicitly specified, the legal basis is the freely given consent of the data subject.
By signing the supply or service contract, or by voluntarily submitting requests for information or contact, the data subject consents to the processing of personal data in the manner and for the purposes described in this privacy notice. Providing data is mandatory for all that is required by legal and contractual obligations, and therefore, any refusal to provide data, in whole or in part, may result in the inability to provide the requested services.
The collected data will be processed using electronic or otherwise automated, computer-based, and telematic tools, or through manual processing with methods strictly related to the purposes for which the personal data were collected, ensuring their security at all times:
– Processed lawfully and transparently toward the data subject
– Processed in a manner that ensures appropriate security, including protection through adequate technical measures, against unlawful or unauthorized processing, accidental loss/damage/destruction.
The data is collected and processed for the following purposes:
– To carry out contractual activities with the customer
– To provide the requested service or deliver goods
– For administrative purposes and to fulfill legal obligations such as accounting, tax, or responding to judicial authority requests
– To facilitate communications and requests sent via telephone, telematics, or electronically
– The data will also be processed for the technical functioning of the website. The computer systems and software procedures used for the operation of this website acquire, during their normal operation, some personal data whose transmission is implied in the use of Internet communication protocols.
– These are not collected to be associated with identified data subjects, but by their nature could, through processing and association with data held by third parties, allow identification of users.
– Internal control services (security, productivity, quality of services, asset integrity)
– To provide technical assistance to customers and their users
– With specific consent, for sending periodic newsletters and promotional material via email.
We are committed to protecting privacy and handling personal data confidentially. To prevent manipulation, loss, or misuse of stored data, we implement comprehensive technical and organizational measures, which are regularly reviewed and adapted to technological progress. However, we would like to emphasize that, due to the nature of the Internet, data protection regulations and the security measures mentioned above may not be observed by other parties or institutions for which we are not responsible. In particular, unencrypted data, such as those transmitted via email, may be read by third parties. We have no control over this. It is the user’s responsibility to protect the data they provide against misuse, either through encryption or other means. For access to the IT tools used during data collection, consultation, and storage, the data controller and processor have implemented all necessary technical and organizational measures to ensure an adequate level of security, preventing unauthorized disclosure and ensuring the confidentiality, integrity, and availability of the data. In case of a physical or technical incident, these measures also ensure the ability to restore the data promptly. The data controller ensures that the personal data under their control are managed securely and by competent operators.
The personal data processed will not be transferred to third countries or international organizations. However, we reserve the right to use cloud services; in such cases, service providers will be selected among those who provide adequate guarantees, as required by Article 46 of GDPR 2016/679. No analytics or statistical services, such as Google Analytics or similar, are used.
Data is retained for the time strictly necessary to manage the purposes for which it was collected, in compliance with applicable laws and legal obligations. Mandatory data for contractual and tax purposes is retained for the time necessary to carry out the contractual and fiscal relationship and for the duration required by the obligations arising from it. Optional data, collected with the explicit consent of the data subject, is retained until the request for revocation or the termination of the contractual relationship, and in any case, will be deleted within 6 months from the conclusion of the relationship.
The processing of the collected data is carried out by authorized internal personnel, specifically designated and trained according to the instructions provided, in compliance with current regulations.
The collected data, if necessary or instrumental for the execution of the above purposes, may be processed by third parties appointed as external Data Processors, or, depending on the case, communicated to them as independent controllers, including:
Individuals, companies, associations, or professional firms providing assistance and consultancy to our company:
Companies, entities, and associations providing services related to the execution of the above purposes (e.g., market research services, payment management, IT system maintenance); Banks and credit institutions; Consultants, law firms, and independent professionals, including those in associations; Internal or external Data Processors and authorized persons; Parties, companies, or entities closely related to the stated purpose; Companies providing warehouse logistics and transportation services.
Data subjects have the following rights:
– Right of Access, as explicitly provided by Article 15 of Regulation 679/2016, i.e., the right to access all personal information concerning them. – Right to Rectification, as explicitly provided by Article 16 of Regulation 679/2016, i.e., the right to obtain the update of inaccurate personal data concerning them without undue delay. – Right to Erasure (Right to be Forgotten), as explicitly provided by Article 17 of Regulation 679/2016, i.e., the right to have personal data concerning them erased.
Right to Restriction of Processing, when one of the cases provided by Article 18 of Regulation 679/2016 applies. – Right to Data Portability, as explicitly provided by Article 20 of Regulation 679/2016, i.e., the right to obtain their data in an interoperable format and/or the right to have their personal data transmitted to another data controller without hindrance from this company. – Right to Withdraw Consent at any time, as explicitly provided by Article 7 of Regulation 679/2016. – Right to File a Complaint with the Supervisory Authority in case of a violation in data processing under Article 77 of Regulation 679/2016. – Right to Judicial Remedy in case of unlawful data processing, including against decisions taken by the Supervisory Authority under Article 78 of Regulation 679/2016. Under the same article, there is the right to request the erasure, transformation into anonymous form, or blocking of data processed in violation of the law, as well as the right to object to their processing for legitimate reasons.
To exercise the rights provided by the GDPR and for any information, support, or clarification, please refer to the following contact details:
Ghezzi Renzo Srl
Via San Rocco, 44 – Calolziocorte (Lc)
Tel. 0341 641089 – Fax 0341 630572
VAT number 01633580160
Email : info@ghezzirenzo.it
Pec : ghezzirenzo@mailcertificata.org