Privacy Policy (Customers)

Information on the basis of article 13 of the General Data Protection Regolation EU 2016/679 in materia di protezione dei dati personali regarding the protection of personal data [GDPR]

 

In accordance with the requirements of the General Regulations on the protection of personal data, the Controller provides the data subject with the following information in relation to the processing of personal data carried out.

 

CONTROLLER

Controller

CMI SPA

Address

Via Meravigli, 16 – 20124 Milano (MI)

PIVA / CF

00932140031 / 00932140031

Contact

 

Legal representative

Comoli Franco

Privacy representative

Comoli Franco (info@cmiindustries.it)

Data protection officer

Not present

Joint data controllers

 

·     Not present

 

If you intend to request further information on the processing of your personal data or for the possible exercise of your rights, you can contact the aforementioned Privacy Representative in writing directly.

 

DATA SUBJECT

List of data subject

Customers, users, prospects

 

DATA PROCESSING

Contestant data processing

Description

Activities functional to the fulfillment of contractual and pre-contractual obligations, to the management and execution of the activities essential to provide the customer with the established service / product and related accounting.

 

ORIGIN, PURPOSE, LEGAL BASIS OF THE DATA PROCESSING AND NATURE OF THE PROVISION OF DATA

Origin

Data collected from the data subject.

Purpose

1. Customer management

2. Fulfillment of tax and accounting obligations

3. Management of disputes – Personal data are processed if strictly necessary for the purpose of preventing fraud and/or for credit recovery activities

4. Monitoring of contractual obligations

5. Detection of the degree of customer satisfaction

6. Information to customers of new services/products

7. Accounting or treasury management

8. Service provision

9. Supply of goods

Legal basis

For purposes 1, 4, 5, 6, 7, 8, 9:

The processing is necessary for the execution of a contract of which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same

 

For purposes 2:

The processing is necessary to fulfill a legal obligation to which the data controller is subject

 

For purposes 3:

The processing is necessary for the pursuit of the legitimate interest of the data controller or third parties

Personal data

Economic, commercial, financial and insurance activities, Tax code and other personal identification numbers, Telephone contact, Bank details, Accounting, tax and financial data, Contact and communication data, Residence address, E-mail address

The “particular” data (sensitive data) are those defined by articles 9 and 10 of Regulation 2016/679/EU (“GDPR”). These data are processed in compliance with the provisions of the GDPR as well as in light of the General Authorizations issued by the Authority for the protection of personal data.

Particular data processed

Legal basis art. 9

 

 

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Categories of recipients

The communication of your personal data, carried out on the legal bases provided for in Article 6 of Regulation 2016/679/EU, is envisaged to the following third parties:

Consultants and freelancers also in associated form, Banks and credit institutions, Other public administrations, Economic public bodies, Associations of entrepreneurs and companies, Subsidiaries and associated companies, Insurance companies, Revenue agencies, Commercial agents and business brokers , Debt collection company

These bodies, organizations, companies and professionals act as Data Processors appointed by CMI SPA or rather they are themselves Data Controllers of the personal data transmitted to them.

Your personal data, or the personal data of third parties in your ownership, may also be communicated to external companies, identified from time to time, to which CMI SPA entrusts the execution of obligations deriving from the assignment received to which only the data will be transmitted necessary for the activities required of them. All employees, consultants, temporary workers and/or any other “natural person” who, authorized to process, carry out their business based on the instructions received from CMI SPA, pursuant to art. art. 29 of the GDPR, are designated “in charge of processing” (hereinafter also “in charge”). CMI SPA gives appropriate operating instructions to the persons in charge or managers, possibly designated, with particular reference to the adoption and compliance with security measures, in order to guarantee the confidentiality and security of data. Precisely with reference to the protection aspects of personal data, you are invited, pursuant to art. 33 of the GDPR to report to CMI SPA any circumstances or events from which a potential data breach in order to allow an immediate assessment and the adoption of any actions aimed at countering this event by sending a communication to CMI SPA at the addresses indicated above.

CMI SPA is obliged to communicate the data to Public Authorities upon specific request.

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

Transfer of personal data to third counties (extra UE) or international organizations

 

·   No transfer to third countries or international organizations

 

The transfer abroad of your personal data may take place if it is necessary for the management of the assignment received. For the processing of information and data that will eventually be communicated to these subjects, the equivalent levels of protection adopted for the processing of personal data of its employees will be required. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the regulatory instruments provided for by Chapter V of the GDPR will be applied.

 

DATA PROCESSING MATHODS AND LOGICS, CONSERVATION TIME

Duration of the processing

The data will be processed for the entire duration of the contractual relationship established and also subsequently, for the fulfillment of all legal obligations.

Your data are collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles and requirements set out in art. 5 c 1 of the GDPR.

The processing of personal data takes place using manual, computerized and telematic tools with logic strictly related to the purposes themselves and, in any case, in order to guarantee their security and confidentiality.

 

 

DATA PROCESSING PURPOSE

Processing of personal data will have the following purposes:

Purposes that do not require consent

– Customer management

– Fulfillment of tax and accounting obligations

– Dispute management – Personal data are processed if strictly necessary for the purpose of preventing fraud and/or for credit recovery activities

– Monitoring of contractual obligations

– Detection of the degree of satisfaction of the customer

– Information to customers about new services/products

– Accounting or treasury management

– Service provision

– Supply of goods

Purposes that require consent

Only with your explicit consent to be expressed at the bottom of this information, the data, the purposes of which require consent, will be processed. The provision of data is in any case optional and will not result in prejudice in relation to the contractual relationship in place with the Data Controller.

 

Your consent is not required for the data collected and used for needs related to the execution of activities related to the contractual relationship in compliance with the indicated legal obligations. Failure to communicate the above personal data will make it impossible to follow up on the relationship in question. Your consent is not required for the data collected and used for the legitimate interest of the Data Controller (letter f, art.6, of the GDPR). The communication of the above personal data is optional but necessary for the execution of the services offered by the Data Controller. Any refusal to communicate such data will make it impossible to provide all or part of the requested services.

 

RIGHTS OF THE DATA SUBJECT

(Artt. from 15 to 22 of GDPR)

Right to access

The data subject has the right, according to the provisions of art. from 15 to 22 of the GDPR to request to the controller access to his personal data.

Right to correct

The data subject has the right, according to the provisions of art. from 15 to 22 of the GDPR to request the Controller to rectify their personal data.

Right to erasure

The data subject has the right, according to the provisions of art. from 15 to 22 of the GDPR to request the controller to delete their personal data.

Right to limitate

The data subject has the right, according to the provisions of art. from 15 to 22 of the GDPR to request the controller to limit the data concerning him.

Right to object

The data subject has the right, according to the provisions of art. from 15 to 22 of the GDPR to oppose their treatment.

Right of portability (Data portability)

The data subject has the right, according to the provisions of art. from 15 to 22 of the GDPR to exercise their right to data portability.

Right to revocate

The data subject has the right, according to the provisions of art. from 15 to 22 of the GDPR to exercise their right to withdraw consent.

Right to complain

The data subject has the right, according to the provisions of art. 77 of the GDPR to exercise their right to lodge a complaint with the supervisory authority.

 

AUTOMATED PROCESS

Is there an automated process?

NO

Automated processes or profiling methods

Legal basis

 

The Data Controller reserves the right to make any changes deemed appropriate or made mandatory by current regulations to this information on the processing of personal data, at its sole discretion and at any time. On such occasions, users will be duly informed of the changes that have occurred.

 

Data Controller

CMI SPA

25/07/2020

© CMI SPA - Via Mezzomerico 47, 28040 Marano Ticino(NO) Italia Tel +39 032191144 Fax. +39 0321992693 Numero REA MI-1828356 Capitale sociale I.V. 3.000.000 P. IVA 00932140031