INFORMATION ON THE PROTECTION OF PERSONAL DATA (PRIVACY POLICY)

INFORMATION ON THE PROTECTION OF PERSONAL DATA (PRIVACY POLICY)

provided according to Articles 13-14 of the GDPR (General Data Protection Regulation) 2016/679

Dear Data Subject, in compliance with European Regulation 2016/679 (GDPR), Cavit sc informs you that the personal data you provide, or acquired by us, as part of our business, will be processed in compliance with the legislation on privacy and principles of correctness, lawfulness, transparency and protection of your privacy and your rights.

THE DATA “CONTROLLER”

The Data Controller is Cavit s.c. With registered offices in Via del Ponte 31, 38123 Trento (Italy).

DATA PROCESSED, PURPOSE AND LEGAL BASIS OF THE PROCESSING

Personal data (personal identification data such as, for example: name and surname, company name, tax code and VAT number, address, telephone/ fax, e-mail, bank and payment references) are collected and processed:

1. to carry out the relationship activities with the data subject based on pre-contractual and contractual agreements; allow and manage the registration of your personal data and to manage and execute the same
2. for administrative, tax or internal accounting purposes related to the relationship and to fulfil the obligations generally provided for by the Data Controller by laws or regulations, by EU legislation, by requests from the judicial Authority or to exercise the rights of the Data Controller

The legal basis that legitimises the processing of the data referred to in points “a” (pre-contractual and contractual agreements) and “b” (administrative, accounting or tax purposes) is the execution of a contract to which the data subject is a party, or the performance of pre-contractual activities at the request of the data subject.

PROCESSING METHODS

The data subject’s personal data is processed using the following operations: collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data.

The data subject’s personal data is collected following direct sending to the Data Controller, by filling in forms or modules generally prepared for this purpose, via the WEB or included in contractual documents, or collected by telephone by the operator during pre-contractual activities.

Data is processed both through manual processing in paper format and with electronic or automated, IT and telematic instruments.

The Data Controller records and stores the collected data in computer and paper archives, and these are kept and controlled to avoid risks of destruction or loss, even accidental, unauthorised access and forbidden processing or processing that does not comply with the collection purposes.

The data is processed by the Data Controller’s employees or collaborators who are duly trained in this regard.

RECIPIENTS OR POSSIBLE CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The Data Controller’s employees (employees, collaborators, system administrators) who are identified and authorised for processing according to a code of conduct that complies with current legislation on privacy and data security process the data subject’s data.

If necessary for the purposes of the processing, personal data may be processed by third parties appointed as Data Processors (pursuant to article 28 of the GDPR) or “autonomous” Data Controllers, and precisely:

professionals, companies, associations or professional firms that provide the Data Controller with assistance or advice for administrative, accounting, tax, or legal protection purposes;

Public Institutes established by law and more generally by all the bodies envisaged by current accounting and tax legislation as recipients of mandatory communications;

Banking institutions for collections and payments, for the management of payments by credit cards or electronic payment instruments in general, postal couriers, specialised companies for the possible recovery of credits or for the certification of the data controller’s balance sheet.

The updated list of the Data Processors and people in charge of processing is kept at the Data Controller’s head office. Please contact us at the email address: info.privacy@cavit.it if you wish to view the list of authorised persons and any other subjects to whom these data are communicated.

PERSONAL DATA RETENTION PERIOD OR CRITERIA USED TO DETERMINE THIS PERIOD

For the purposes referred to in letters “a” (pre-contractual and contractual agreements) and “b” (management of administrative, accounting or tax obligations), the data subject’s personal data will be processed and stored by the Data Controller for the entire duration of the contractual relationship between the data subject and the Data Controller and, at the end of the same for any reason, will be kept for the time provided – for each category of data – by the current accounting, tax, civil and procedural legislation.

CONTACTS

The contact details of the Company, as Data Controller, are:

Cavit SC – Via del Ponte, 31 – 38123 – TRENTO (ITALY)

Telephone number +39 0461.381711

Fax +39 0461 912700

If you have specific questions regarding the processing of your personal data, you can write to the email address: info.privacy@cavit.it.

YOUR RIGHTS REGARDING THE PROTECTION OF PERSONAL DATA AND YOUR RIGHT TO LODGE COMPLAINTS TO THE SUPERVISORY AUTHORITY

In your capacity as a data subject and in relation to the processing described in this policy, the user has the rights referred to in articles 7, from 15 to 21 and 77 of the GDPR and, in particular, on:

Right of access –Article 15 GDPR: right to obtain confirmation that the personal data of the data subject is being processed and, in that case, obtain access to such personal data, including a copy of the same;

Right to correction – Article 16 GDPR; right to obtain, without undue delay, the correction of incorrect personal data concerning the data subject and/or integration of incomplete personal data;

Right to erasure (right to be forgotten) – Article 17 GDPR: right to obtain, without undue delay, the cancellation of personal data concerning the data subject;

Right to restriction of processing – Article 18 GDPR: right to obtain the limitation of the processing, when: the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such data; the processing is illegal and the data subject opposes the cancellation of personal data and instead requests that use thereof is limited; personal data is needed for the data subject to ascertain, exercise or defend a right in court; the data subject opposes processing according to article 21 GDPR, in the waiting period of the verification regarding the possible prevalence of the Data Controller’s legitimate reasons over those of the data subject;

Right to object –Article 21 GDPR: right to object the processing of personal data regarding the data subject at any time for reasons related to your particular situation, which must be based on the lawfulness of the legitimate interest or of the execution of a public interest task or of the exercise of public powers, including profiling, unless there are legitimate reasons for the Data Controller to continue processing that prevails over the interests, rights and freedoms of the data subject or for the assessment, exercise or defence of a right in court. Furthermore, the Data Subject has the right to object at any time to the Processing of Personal Data for direct marketing purposes, including profiling, to the extent in which it is connected to this direct marketing;

Right to object the automated profiling process – Article 22 GDPR: the data subject has the right not to be subjected to a decision based solely on an automated decision-making process, including profiling, unless he or she has given explicit consent or if this is needed to conclude or execute a contract between the data subject and data controller;

Right to withdraw – Article 7 GDPR: the data subject has the right to withdraw his or her consent at any time. Withdrawal of consent does not jeopardise the lawfulness of processing based on consent provided before withdrawal;

Right to lodge a complaint – Article 77 GDPR: the data subject has the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data, Piazza Piazza Venezia, 11 – 00187 Rome; Certified email: protocollo@pec.gpdp.it .

METHOD FOR EXERCISING RIGHTS

The Data Subject can exercise his or her rights at any time by sending an email to comunicazioni@pec.cavit.it or by registered letter to be sent to Cavit sc, via del Ponte 31, 38123 Trento (TN)

This privacy policy was last modified on 23/05/2018.