Privacy policy potential customers and contact persons at customer companies

Home / Privacy policy potential customers and contact persons at customer companies

Last update: 11/12/2019

Privacy policy statement pursuant to articles 13-14 of Regulation (EU) 2016/679

Data Subjects: potential customers and contact persons at customer companies.

In its role of controller of your personal data, pursuant to Regulation (EU) 2016/679, hereinafter ‘GDPR’, GRUPPO ROMANI S.P.A. hereby informs you that, in compliance with the Regulation, data processing must be based on principles of fairness, lawfulness, transparency and protection of your confidentiality and your rights.

Your personal data will be processed in compliance with the legislative prescriptions of the aforementioned regulation and the confidentiality obligations it contains.

Aims and legal grounds of data processing: in particular, your data will be used for the following aims related to the execution of measures connected to contractual or pre-contractual obligations:

• reply to requests, manage offers, and other pre-contractual activities.

Your personal data can also be used for the following aims, when you give your consent:

• transmission of sales information and/or promotional material by means of conventional methods (e.g. telephone contacts, traditional mail, personal emails, etc.) or automated contact methods (email, social networks, etc.) related to the company’s activities and products and products marketed by the company. You can object to data processing at any time using the link at the foot of the message or by sending a request to the controller using the contact details given in this privacy policy statement.

Communication of data is optional in relation to the aforementioned aims, and your possible objection to processing will not affect the pursuit of the relationship or the congruity of processing.

Methods of processing. Your personal data can be processed in the following ways:

• by means of computers that use software systems managed by third parties;

• outsourcing of processing operations from third parties;

• automated contact management;

• processing of data collected by third parties;

• collection of data in public places or places open to the public;

• collection of data via forms, coupons and questionnaires;

• reports: to compare and potentially improve the results of communications, systems are used for sending newsletters and promotional communications with reports. Through the reports, the controller can access, e.g.: the number of readers, page views, unique clickers, and clicks; details of the activity of individual users; details of emails sent by date/hour/minute; details of emails delivered or not delivered, of those sent; a list of persons who have unsubscribed from the newsletter; the persons who opened an email or clicked a single link; users experiencing problems viewing the message; link tracking (i.e. the number of clicks on the message links); click tracking (which links were clicked and by whom). All these data are used to compare and potentially improve communication results;

• processing by means of computers;

• manual processing by means of hard copy files.

Each processing operation is carried out in compliance with the methods as at articles 6, 32 of the GDPR and by adopting the adequate security measures provided for.

Your data will be processed solely by personnel expressly authorised by the controller and, in particular, by staff in the following categories:

• Sales Department

• Marketing Department.

Disclosure: Your data may be disclosed to external parties for correct management of the relationship and in particular to the following categories of recipients who act in the role of duly appointed controllers or processors:

• agents;

• service providers that supply hardware and software assistance and cloud services; external platform for the management of transmission of corporate communications.

Distribution: Your personal data will not be disseminated under any circumstances.

Your personal data can also be transferred, limited to the above indicated aims, to the following countries:

• EU member states.

Period of Retention. In compliance with the principles of fairness, limitation of aims, and minimisation of data, pursuant to article 5 of the GDPR, the period of retention of your personal data is:

• established for a period of time no longer than the time required to render the services provided;

• for marketing aims, your data will be retained for a period of time no longer than the time required to render the services provided, until revocation by the data subject and as long as you manifest an interest in our communications.

Controller: in accordance with the law the controller is GRUPPO ROMANI SPA (via A. Volta 9 – 23/25, 42013 Casalgrande (RE), Italy; VAT number: 03028130361; contactable at: 39-0522-998411/911 e-mail: info@grupporomanispa.it; Telephone: +390522998411) in the person of its pro tempora legal representative.

The data protection officer (DPO) appointed by the controller pursuant to article 37 of the GDPR is:

• Name of the DPO available by writing to dpo@grupporomanispa.it (address: c/o the company headquarters).

You have the right to request the data protection officer for erasure (right to be forgotten), restriction of processing, updating, rectification, portability, to object to processing of your personal data, and more in general, to exercise all the rights provided by articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.

Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Data Subject rights

1. The data subject has the right to receive confirmation regarding the existence of personal data concerning him or her, even if not yet subscribed, and to receive a copy of such data in intelligible form. The data subject also has the right to lodge a complaint with the Supervisory authority.

2. The data subject has the right to be informed of:

a. the source from which the personal data originate;

b. the aims and methods of processing;

c. the logic applied in the case of data processing performed with the aid of electronic equipment;

d. the name and contact details of the controller, of the processors, and of the controller’s representative pursuant to article 5, subsection 2;

e. the recipients or categories of recipients to whom the personal data may be disclosed or who may become informed of the personal data in their role of designated representative in the Member State, and of processors or persons authorised to process personal data.

3. The data subject has the right to obtain:

a. updating, rectification and, taking into account the purposes of processing, completion of incomplete personal data concerning him or her;

b. erasure, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not required for the aims for which the data were collected or subsequently processed;

c. an attestation that the operations as at letters a) and b) have been brought to the attention, also with regard to their contents, of the parties to whom the data were disclosed or disseminated, except for cases in which compliance with this requirement is not possible or would require the use of manifestly disproportionate resources with respect to the protected right;

d. data portability.

4. The data subject has the right to object, entirely or partly:

a. for legitimate grounds, to the processing of personal data concerning him or her, even if relevant to the aim of data collection;

b. to the processing of personal data concerning him or her for transmission of advertising or direct sales material, for market surveys or for commercial communications.

social

newsletter