Privacy policy

Information on the processing of your personal data, pursuant to art. 13 and 14 of the European Regulation 2016/679 (hereinafter "GDPR") relating to the protection of personal data. We inform you that, for the execution of ongoing contractual relationships with you, our Company is in possession of data relating to you , also acquired verbally, directly or through third parties, qualified as "personal data" by the GDPR, and that such data are processed based on the principles of correctness, lawfulness and transparency, protecting your privacy and your rights.

DATA CONTROLLER

The data controller of your personal data is GESTECO SPA with headquarters in - 33040 - POVOLETTO (UD) Via Pramollo, 6, VAT number 01523580304, e-mail gesteco@gruppoluci.it, PEC gesteco@deltapec.it.

PURPOSE OF THE TREATMENT

Your data is processed in relation to contractual needs and the consequent fulfillment of legal and tax obligations, as well as to allow effective management of financial and commercial relationships. The legal basis of the processing is the contract, as well as explicit consent. Therefore, your data may be processed for the fulfillment of pre-contractual, contractual and fiscal obligations deriving from existing relationships, or for the fulfillment of obligations established by national or community regulations, or even to exercise the rights of the Data Controller, for example the right of defense in court.

CATEGORIES OF DATA PROCESSED

We process your personal and fiscal data, as well as the data of an economic nature that are necessary for the performance of the commercial and contractual relationships existing with you. As a rule, the data relating to contacts (name, address, telephone number, e-mail address) email) and, depending on the purpose, banking and payment data (reference bank and current account) or data available from public sources (e.g. internet or chamber of commerce).

PROCESSING METHODS

The data processing is carried out by means of the operations or set of operations indicated in article 4 n.2 GDPR (collection, recording, organisation, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion, or any other form of making available, comparison or interconnection, limitation, cancellation or destruction) both through paper supports and through the use of electronic, telematic and/or automated tools, with logic strictly related to the purposes indicated and in compliance of the principles imposed by current legislation on the protection of personal data. Personal data are processed by subjects specifically authorized or designated by the Company within its structure (employees and collaborators however named), in relation to the performance of duties and tasks attributed to each. Personal data may also be processed by other external parties operating on behalf of the Company pursuant to specific contractual constraints or, in any case, duly authorized or appointed (by way of example, third parties appointed for specific administrative, processing or instrumental services, necessary for the purposes stated above). The data can be inserted into relevant databases which can be accessed by persons specifically authorized or designated by the Company. Data processing operations are implemented in such a way as to guarantee their integrity, confidentiality and availability. Personal data is protected through appropriate technical and organizational measures, in order to guarantee its security and confidentiality, in compliance with current regulatory provisions. The Company has implemented specific security measures to prevent the loss or destruction of data, unauthorized access, processing that is not permitted or does not comply with the purposes for which it was collected.

RECIPIENTS OF THE DATA

Your data will not be "disseminated" by us, with this term meaning giving them knowledge to indeterminate subjects in any way, including by making them available or consulting them. Your data may instead be "communicated" by us, with this term meaning giving knowledge of it to one or more specific subjects, for the above purposes, in the following terms:

  • to persons authorized within our Company to process your data, and in particular to the employees of the Administration Office, to the employees of the Commercial Office;
  • to subjects who can access the data pursuant to legal provisions, regulations or community legislation, within the limits established by such rules;
  • to subjects who need to access your data for purposes auxiliary to the relationship between you and us, within the limits strictly necessary to carry out the auxiliary tasks entrusted to them. In particular, the subjects specified below will be able to access your data.

STORAGE PERIOD

The data will be processed for the entire duration of the contractual relationship and also subsequently, for the fulfillment of legal obligations and for administrative and commercial purposes, and in any case for a period not exceeding ten years.

TRANSFER OF DATA ABROAD

The Company mainly processes its data within the E.U. Also by virtue of the IT applications used, where necessary the Company may transfer your personal data to third countries. In any case, we assure you that the transfer and processing of your personal data takes place in compliance with the conditions imposed by the G.D.P.R. (art. 44 et seq.), such as for example the existence of adequacy decisions by the Commission referred to in art. 45 of EU Regulation 679/2016, standard contractual clauses or other guarantees considered adequate.

OBLIGATION OR RIGHT TO PROVIDE DATA CONSEQUENCES OF ANY REFUSAL

With regard to the data that we are obliged to know, in order to fulfill the obligations established by laws, regulations and community legislation or by provisions issued by Authorities legitimated by law and by supervisory and control bodies, their failure to provide on your part will make it impossible to establish or continue the relationship, to the extent that such data is necessary for the execution of the same. As regards the data that we are not obliged to know, their failure to obtain it will be assessed by us on a case-by-case basis. from time to time, and will determine the consequent decisions related to the importance for us of the data requested and provided by you.

YOUR RIGHTS

As interested parties, we inform you that, in addition to the right to lodge a complaint with the Supervisory Authority, pursuant to articles. 15 - 21 GDPR you can assert the rights listed below:

  • right of access: the interested party has the right to obtain access to personal data and information relating to processing, and to request a copy;
  • right of rectification: taking into account the purposes of the processing, the interested party has the right to obtain the rectification or integration of incorrect or incomplete personal data, also by providing a supplementary declaration;
  • right to cancellation ("right to be forgotten"): the interested party has the right to obtain from the data controller the deletion of personal data concerning him without unjustified delay and the data controller has the obligation to delete without unjustified delay the personal data, without prejudice to the exercise of the right to freedom of expression and information, the fulfillment of legal obligations or the establishment, exercise or defense of a right in court by the owner;
  • right to limitation of processing;
  • right to data portability: the interested party has the right to receive the personal data concerning him or her provided to a data controller in a structured, commonly used and machine-readable format and has the right to transmit such data to another data controller without impediments. In exercising their rights relating to data portability, the interested party has the right to obtain the direct transmission of personal data from one data controller to another, if technically feasible;
  • right of opposition: the interested party has the right to object to the processing of data concerning him carried out on the basis of the legitimate interest of the owner. In this case, the data controller shall refrain from further processing the personal data unless he demonstrates the existence of compelling legitimate reasons for proceeding with the processing which prevail over the interests, rights and freedoms of the interested party or for ascertaining, 'exercise or defense of a right in court;

If you believe your rights have been violated, you can lodge a complaint with the Guarantor Authority for the Protection of Personal Data (also known as the Supervisory Authority) at the following addresses: Piazza Venezia n. 11 - 00187 Rome - http://www.garanteprivacy.it - ​​e-mail: garante@gpdp.it - ​​Fax: (+39) 06.69677.3785 - Telephone switchboard: (+39) 06.69677.1.

To exercise the rights listed above or for further information you can contact the following addresses: e-mail gesteco@gruppoluci.it, PEC gesteco@deltapec.it, or by registered letter with return receipt to the address: Via Pramollo, 6 - 33040 POVOLETTO (UD). We reserve the right to integrate this information following any subsequent regulatory adjustments.