Pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter, the “GDPR”), as Data Controller, Cartai Bassanesi S.p.A. Con Socio Unico [sole-shareholder company], located at Via Santa Caterina 258, 31011 Asolo (TV), Italy, VAT no. 02213280247, email privacy@cartaibassanesi.it (hereinafter, the “Data Controller”), informs you that your data will be processed in the following manner and for the following purposes:
1. DATA PROCESSING SCOPE
The Data Controller processes personal, identity and non-sensitive data (in particular, first and last name, tax code, VAT number, email address, telephone number—hereinafter “personal data” or “data”) communicated by you when registering on the Data Controller's website or when filling out contact forms.
2. PURPOSES OF PROCESSING AND LEGAL BASIS
Your personal data is processed:
- Without your express consent (Article 24 a), b), c) of the Italian Privacy Code and Article 6 b), e) of the GDPR) – with fulfilment of legal obligations or performance of the contract as the legal basis – for the following Service Purposes:
- To allow you to register on the website;
- To manage and maintain the website;
- To respond to contact or information requests;
- To exercise the Data Controller’s rights, e.g., the right of defence in court.
- Only with your specific and express consent (Articles 23 and 130 of the Italian Privacy Code and Article 7 of the GDPR), for the following Marketing Purposes:
- To email you newsletters, commercial communications and/or information on products or services offered by the Data Controller.
If you are already our customer, we may send you - exclusively by email - commercial communications regarding the Data Controller’s services and products similar to those you have already used, unless you subsequently opt out (Article 130 par. 4 of the Italian Privacy Code).
3. PROCESSING METHOD
Your personal data is processed by means of the operations indicated in Article 4 of the Italian Privacy Code and Article 4.2 of the GDPR: collection, recording, organisation, storage, consultation, processing, alteration, selection, retrieval, alignment, use, combination, blocking, disclosure, erasure or destruction. Your personal data undergoes paper, electronic and/or computerised processing.
The Data Controller processes your personal data for the time necessary to fulfil the aforementioned aims, and in any case, for no more than ten years after termination of the relationship for the Service Purposes and no more than two years after the collection of the data for Marketing Purposes.
Your data may be processed by:
- employees and collaborators of the Data Controller, in their capacity as duly trained internal data-processing operators and/or data processors and/or system administrators;
- partners with which the Data Controller collaborates (e.g. for support activities in examining the feasibility of the customer's project, for technical management of the project, for the storage of personal data, etc.) or by third parties (e.g. website management and maintenance providers, suppliers, credit institutions, professionals, etc.) performing outsourcing activities on the Data Controller’s behalf, in their capacity as external data processors.
4. COMMUNICATION OF PERSONAL DATA
The Data Controller may communicate your data without your express consent (under Article 24 a), b), d) of the Italian Privacy Code and Article 6 b), c) of the GDPR) for the purposes set out in Article 2.A) to supervisory bodies, judicial authorities and to all other persons to whom communication is required by law for the specified purposes. Your data will not be disseminated.
5. TRANSFER OF PERSONAL DATA
Personal data will be managed and stored on the servers – located within the European Union – of the Data Controller and/or third-party companies entrusted with this service and duly appointed as data processors. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller may change the location of the servers in Italy and/or the European Union and/or non-EU countries, if necessary. In this case, the Data Controller hereby guarantees that non-EU data will be transferred in accordance with applicable legal provisions.
6. NATURE OF THE PROVISION OF PERSONAL DATA AND CONSEQUENCES OF REFUSAL TO PROVIDE SAME
The provision of personal data for the purposes set out in Article 2.1) is mandatory. If personal data is not provided, we will be able to guarantee neither registration on the website nor the Services under Article 2.1).
The provision of personal data for the purposes set out in Article 2.B) is optional. Therefore, you may decide not to provide any data or to subsequently deny processing of data already provided.
7. RIGHTS OF THE DATA SUBJECT
As a data subject, you have the rights established in Article 7 of the Italian Privacy Code and Article 15 of the GDPR, and in particular:
- to receive confirmation of the existence or otherwise of personal data concerning you, even if not yet registered;
- to obtain indications on origin, purposes, methods, logic, responsible parties and recipients;
- to obtain updating, rectification, integration, deletion, anonymisation, or blocking of data processed unlawfully;
- to object to the processing of your data for legitimate reasons or for marketing purposes.
8. MEANS OF EXERCISING THESE RIGHTS
You may exercise your rights at any time by sending an e-mail to: privacy@cartaibassanesi.it
9. MINORS
This website and the Data Controller’s services are not intended for children under the age of eighteen. If information on minors is inadvertently recorded, the Data Controller will delete it upon request.
10. DATA CONTROLLER, DATA PROCESSORS AND DATA-PROCESSING OPERATORS
The Data Controller is Cartai Bassanesi S.p.A.
An up-to-date list of data processors and data-processing operators is kept at the Data Controller’s premises.
11. CHANGES TO THIS POLICY
This Policy may change. Therefore, we recommend that you regularly review it and refer to its most current version.