Regarding the processing of personal data provided, it should be noted that:
1. Data Controller
The Data Controller is Fitt Spa Società Unipersonale [single-member company], with its registered office in Sandrigo (VI), Via Piave no. 8 – 36066, telephone +39 0444461000, email, certified email (hereinafter “the Company” for brevity).
2. Type of Data Processed, Purpose, and Legal Basis for Processing
The following personal data are collected and processed: general personal data (business name, first and last name, personal details, role within the company, address, VAT number, tax code, banking information, creditworthiness and financial reliability, personal details and contact information: email, phone, mobile phone) relating to: client/supplier companies/entities and their representatives, employees, collaborators and subcontractors as communicated by the same, for: a) pre-contractual purposes and the performance of the contractual relationship, including any communications related to the ongoing relationship; b) administrative, accounting, tax and legal obligations associated with invoicing and the management of the contractual relationship; c) marketing activities (unless consent is withheld), through the sending of commercial/promotional/advertising communications via email related to products or services similar to those purchased or subject to the contractual relationship (soft spam); d) marketing activities, subject to consent, through the sending of general commercial/promotional/advertising communications and participation in events, trade fairs and similar.
The legal basis for data processing includes: compliance with contractual obligations for the purposes outlined in letter a); legal obligations for the purposes outlined in letter b); the legitimate interest of the Data Controller and Art. 130(4) of the “Privacy Code” (Legislative Decree 196/2003) for the purposes outlined in letter c); consent for the purposes outlined in letter d).
3. Disclosure of Data to Third Parties – Data Recipients
The Company may disclose processed data for the aforementioned purposes to: internal company personnel authorised to process the data; external parties in the following categories: external consultants, service companies (transport, shipping, marketing, IT services), the company’s sales network (agents), banks, supervisory bodies and organisations.
4. Transfer of Data to Third Countries
The data processed are not transferred by the Controller to third countries. However, in the event of any data transfer to third countries, such transfers will be carried out in compliance with the regulations in force at the time regarding the transfer of data to third countries.
5. Processing Methods, Period and Data Retention Criteria
Data will be processed in both paper and digital formats. Data will be processed by the Controller for the period necessary to achieve the above-mentioned purposes and, in particular: for the purposes outlined in letters a) and b), for the additional statutory limitation period applicable to the retention of contracts and administrative data and/or for legal defence (ten years from the last use and/or interruption of the statutory period); for contact data (email addresses) used for the purposes in point 2, letters c) and d), until any objection to processing or request to unsubscribe from the service and, in any case, no later than 24 months from the last purchase or expression of consent or interest.
6. Profiling and Automated Decision-Making Processes
The processing is not conducted using automated decision-making processes (e.g. profiling).
7. Data Provision
Providing data is mandatory for the performance of the contractual relationship (2.a.) and for legal purposes (2.b.), whereas it is optional for marketing purposes (2.c. and 2.d.), with the data subject having the right to object to processing as indicated below. Failure to provide data will make it impossible to pursue the aforementioned purposes.
8. Data Subject Rights, Withdrawal of Consent, and Complaints to the Supervisory Authority
The data subject has the right, at any time, to request access to their personal data, correction, erasure, restriction of processing, objection to processing, withdrawal of consent, and the exercise of the right to data portability where applicable, by contacting the Controller as specified below.
In the event of an alleged violation, the data subject also has the right, if the conditions are met, to lodge a complaint with a supervisory authority for data processing in the EU Member State where they habitually reside, work or where the alleged violation occurred.
9. Contacts and Requests
To object to processing, exercise rights under current data protection laws, and/or obtain the full list of external parties involved in processing and/or information about data transfers to non-EU countries and related guarantees, a request can be sent to the email address privacy@fitt.com or by contacting +39 0444461099.
Notice Updated on 26/11/2024