INFORMATION ON PROCESSING OF PERSONAL DATA FOR CLIENTS
pursuant to art. 13 of EU regulation 2016/679
The Group pays particular attention to the protection of your personal data. This commitment is reflected in the value and trust with which it manages the relationships with its Customers, Employees, Suppliers and Business Partners.
WHO IS the data controller of your data?
The data controller (hereinafter the Controller) is GTS Spa Company, in the person of its pro tempore legal representative, with registered office in 16121 Genova (GE), via D’Annunzio 2/75, with which you have entered into and / or may enter into a contract. The company is part of the group, and is the independent data controller of the processing described in this document. It's specified that the latter has adopted the same technical-organizational measures and best practices regarding the protection of the group's personal data. The data subject can contact the data controller by writing to the e-mail address: firstname.lastname@example.org, or calling the number indicated in the “Contacts " section of the site www.gtsspa.com.
What is personal data and WHAT DATA do we process?
"Personal data" means any information suitable to identify, directly or indirectly, a natural person, in this case you, our customer (so called Data Subject) who uses the services offered by the group.
In particular, we collect and process the following personal data necessary to carry out the obligations deriving from the supply services offered, including the contractual or pre-contractual relationships established with the customers:
- the identification data: for example the name and surname of the customer or of the customer's contact person;
- contact details: e.g. residence address, landline and mobile phone number, fax number and e-mail address;
- data on preferences in relation to the specific types of services offered;
- in general, any other data and information necessary for the conclusion and execution of the contract (eg. VAT number, bank account or current account details, credit card details).
What are the PURPOSES and LEGAL BASES of the processing?
The data controller collects and processes personal data (hereinafter also “data") provided by its Customers:
A. for purposes necessary for pre-contractual activities and for the management and execution of the contractual relationship established with you (administrative and accounting activities, customer assistance, claims management, credit recovery) and for the provision of services strictly connected and instrumental to this. These data, in fact, are necessary to follow up on the Services requested by you;
B. to fulfil the obligations provided for by law (administrative, accounting, tax) to which the Controller is subject and that are requested by the authorities;
C. to exercise the rights of the Controller, for example, the right of defense in court.
The provision of your personal data for purposes A, B, C is essential for the management and execution of the contractual relationship and does not require your prior consent. Any refusal to provide the above data, in fact, even if legitimate, would compromise the possibility for the Controller to provide the Services requested by you.
D. For commercial promotion and marketing purposes. In particular, with a view to continuous improvement of the Customer Experience and in order to offer services "designed for you", we will process your data to:
- send you newsletters, commercial communications and / or advertising material about the products and / or services offered by the Controller by e - mail, post and / or sms and / or telephone;
- invite you to participate in events/prize events / initiatives in general, organized by the Controller or in which the Controller will participate in order to promote its services.
The provision of your personal data for the purpose D is optional, therefore a prior and specific consent from you, expressed in writing and revocable at any time, is necessary. The failure to consent to the processing of your personal data for the purposes referred to in letter D does not affect or limit the processing for the purposes referred to in letters A, B, C.
E. For commercial promotion and marketing purposes (intended as soft-spam). If you are our customer already, we will send you newsletters by e-mail about the products and/or services offered by the Controller, similar to those you already use. The data controller will process your data (e-mail address and personal data) on the basis of your legitimate interest. You may oppose to the processing of your personal data for the purpose E at any time. This will not compromise or limit the processing for the purposes referred to in letters A, B, C in any way.
What are the PROCESSING METHODS?
The Company, as Controller, collects your personal data directly, as well as, in some cases, from third parties with whom the Controller has signed a contract for the supply of data. The processing of data for the purposes set out takes place both with automated methods, on electronic or magnetic media, and non-automated, on paper, in compliance with the rules of confidentiality and security provided for by art. 32 of the regulation, by the resulting regulations and internal provisions. It should be noted that the Controller does not carry out fully automated decision-making processes.
HOW LONG and WHERE do we keep your personal data?
We keep your data for the time necessary to perform the processing for the purposes mentioned above. In particular, the main periods of use and storage of your personal data, with reference to the different processing purposes, are listed below:
A. for purposes necessary both for pre-contractual activities and for the management and execution of the contractual relationship established with you, we will process your data for the entire duration of the contract, as long as there are obligations or fulfilments connected to the execution of the same and, in any case, no later than 10 years following the termination of the contract.
B. to fulfil the obligations established by law (of an administrative, accounting, tax nature) and requests from the Authorities to which the Controller is subject, your data will be processed and stored as long as the need for processing persists to fulfil these legal obligations.
C. to exercise the rights of the Controller, for example the right to defense in court, your data will be processed for as long as necessary to allow the defense of our rights, including any pending judgments.
D. for commercial promotion and marketing purposes, we will keep your personal data until your opposition (opt-out).
E. for commercial promotion and marketing purposes (intended as soft spam), we will keep your personal data until your opposition (opt-out).
Under the terms indicated above, the data will be automatically deleted or made anonymous in a permanent and non- reversible way.
WHO will we communicate your personal data to?
We communicate your data exclusively to the subjects we use to carry out the activities necessary to achieve the purposes described above, and who act as independent Controllers or appointed as Data processors pursuant to art. 28 GDPR, which include, for example, the following subjects:
- companies or other third parties (for example: credit institutions, professional firms, consultants, statutory auditing firms, supervisory institutions, etc.) that carry out outsourced activities on behalf of the Controller;
- public authorities, supervisory bodies or judicial authorities for the fulfilment of legal obligations;
- associated or subsidiary companies within the Group, if this is necessary for the pursuit of the purposes described above.
WHERE do we transfer your data?
We do not transfer your data outside the European Economic Area (EEA). The Controller, however, reserves the right, should it become necessary, to transfer your data outside the EEA in the future. However, in this case, it ensures from now on that this will take place in compliance with the applicable legal provisions, also through the provision of standard contractual clauses envisaged by the European Commission or the adoption of binding corporate rules (BCR).
What are your RIGHTS as data subject?
In relation to the aforementioned processing, you may exercise the rights referred to in articles 15 to 22 of EU Regulation 2016/679.
In particular, in the cases provided for by the Regulations, the data subject has the right to ask the Controller for access to their data (art. 15 GDPR), the rectification (art. 16 GDPR) or the cancellation of the same (art. 17 GDPR). You have the right to oppose to the processing (art. 17 GDPR) or to request the restriction of processing (art. 18 GDPR) and to obtain their data in a structured, commonly used and machine readable format (art. 20 GDPR). You can also revoke the consents given pursuant to art. 7 of the regulation (art. 21 GDPR) at any time.
Pursuant to the applicable legislation, the interested party can also lodge a complaint with the Guarantor Authority for the protection of personal data pursuant to art. 77 of the Regulation if you believe that the processing of your Personal Data is contrary to the current legislation, or to refer to the judicial authority pursuant to art. 78 GDPR.
The Controller reserves the right to modify and / or implement this information, also due to legislative changes subsequent to the pre-contractual or contractual relationship established with you, or recommendations, general authorizations, guidelines, further guarantee measures indicated by the Italian or European Privacy Guarantor. This occurs in order to provide greater protection for the processing of your personal data. However, the aforementioned changes will only take place after having informed you by means of a communication on our website. The information is available on the website in the updated version on the date at the bottom.
Update date: 01.04.2022
The Data Controller