Privacy Policy
PRIVACY POLICY IN COMPLIANCE WITH (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 27th April 2016 and with Legislative Decree 101/2018.
Pursuant to art. 13 of EU Regulation no. 2016/679 and Legislative Decree 101/2018 (hereinafter, “GDPR”) containing provisions on the protection of personal data (hereinafter, the “Policy”), STARMATIK S.r.l., with registered office Via Tagliamento no. 1 – 31027 Spresiano (TV), in its capacity as Data Controller, is required to provide you with information on the use of your personal data.This notice also refers to the processing carried out by persons who perform the technical and organizational tasks described in paragraph 1 on behalf of STARMATIK S.r.l..
1.Data subject to Processing
The Data Controller shall process identifying personal data – hereinafter, “personal data” or also “data”, provided by you on the occasion of:
- any verbal or written communication,
- the execution of contracts for the supply of the Data Controller’s services.
2.Purposes and methods of the processing
Data we obtained in connection with specific requests on your part shall be collected directly from you.All the collected data shall be processed in compliance wioth the legislation from time to time in force and with all due confidentiality.
Your personal data shall be processed for the following purposes:
- To fulfil all obligations provided for by law, regulation, Community legislation or an order of the Authority (e.g. on anti-money
laundering);
- To present offers and to perform the services included in any existing contract, together with the relevant obligations;
- To fulfil the pre-contractual, contractual and fiscal obligations arising from existing relationships between You and the company;
- To manage any requests for information, complaints, disputes (also through external companies);
- To perform payment and collection services (also through external debt collection companies);
- To carry out Customer Satisfaction Surveys (Also through External Companies).
The processing of your personal data is carried out through the activities indicated in art. 4 n. 2) GDPR, namely: collection, recording, organisation, storage, consultation, processing, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, erasure and destruction of data.Your data shall be processed in both hard copy and in electronic and/or automated format. The Data Controller shall process the data for the time strictly necessary to achieve the purposes mentioned above.3.Nature of collection and consequences of a refusal
Contractual Relationship:The collection of personal data is mandatory in order to execute and perform a contractual relationship, as there are legal and tax obligations connected thereto; for this reason, a refusal to provide such data shall entail the impossibility of establishing a relationship with our companyIn this case, the consent of the data subject to processing of personal data is not required (Art. 24). 4.Access to data
Your data may be made available, for the abovementioned purposes, to:
- employees and collaborators of the Data Controller or of the companies in Italy and abroad, in their capacity as persons in charge
and/or internal or external data processors and/or system administrators;
- public and private subjects who have access to the data by virtue of law, regulation or Community legislation, within the limits provided
for by such rules (for example, social security and welfare institutions and bodies, associations of local authorities, public
administrations and bodies, insurance-type bodies or organisations)
- persons who need access to data for purposes ancillary to the relationship between the parties, within the limits strictly necessary to
perform the ancillary tasks (for example, banks and credit institutions, service providers, carriers and forwarding agents)
- our consultants, to the extent necessary to carry out their duties at our organization, subject to our letter of appointment requiring
confidentiality and security.
5.Disclosure and dissemination
The Data Controller may, without need for express consent (art. 6 letter b) and c) GDPR), communicate your data to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, as well as to those persons the Data Controller is legally required to disclose them for the performance of the aforementioned purposes.
These subjects will process the data in their capacity as independent data controllers.6.Data transfer
Personal data are stored on servers located both inside the European Union and in non-EU countries.The Data Controller ensures that the transfer of non-EU data is carried out in accordance with the applicable legal provisions, subject to the approval of the standard contractual clauses provided for by the European Commission.
7.Rights under article 15 of the (EU) REGULATION 2016/679
As a data subject, you are entitled to the rights provided for under art., 15 of the GDPR, namely:
i) the right to obtain confirmation as to whether or not personal data concerning you exist, and communication of such data in intelligible form;
ii) the right to obtain information on:a) the origin of the personal data;
b) the purposes and methods of the processing;
c) the logic involved in processing activities performed with the aid of electronic instruments;
d) the identification details of the data controller, data processors and representative designated pursuant to art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, data processors or persons in charge;
- employees and collaborators of the Data Controller or of the companies in Italy and abroad, in their capacity as persons in charge
iii) the right to obtain:
a) the updating, rectification or, where interested therein, integration of the data;
b) the erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) a certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
iv) the right to object, wholly or in part:
a) on legitimate grounds, to the processing of personal data concerning You, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning You, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys, through the use of automated calling systems without the intervention of an operator, by e-mail and/or through traditional marketing methods by telephone and/or conventional mail.It should be noted that the right of objection of the person concerned, as set out in point b) above, for direct marketing purposes by means of automated methods extends to the traditional ones and that, in any case, the possibility for the person concerned to exercise the right of opposition even only in part remains unaffected.Therefore, the data subject may decide to receive communications by traditional means only or by automated means only, or no communication at all.
Where applicable, the data subject also has the rights under Articles 16-21 of GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.
8.Procedures for the exercise of rights
You may at any time exercise your rights by sending the designated data processor, in the person of the legal representative of the company at the headquarters of the Data Controller, a notice by e-mail at the info@STARMATIK.com address, in order to obtain timely feedback.
9.Data controller, data processor and people in charge of processing
The Data Controller is STARMATIK S.r.l., in the person of its legal representative, appointed as Data Processor, with Registered Office at:Via Tagliamento n.1 – 31027 Spresiano (TV)
The updated list of data processors is kept at the registered office of the Data Controller.