Pursuant to Legislative Decree no. 196/2003, and EU Regulation No. 679/2016 (GDPR), and with respect to your personal information subject to processing, we take this opportunity to provide you the following information.
Maflon S.p.A., a company with registered office on Viale Bianca Maria No. 41 – 20122 Milano, Tax ID and VAT No. 04080020169, appearing herein as Data Controller, shall process client data for the following
a) Vetting (financial solvency of current and prospective customers, potential reputational impact of the relationship, anti-corruption and anti-money-laundering compliance);
b) Customer contract execution, management, and performance;
c) Statutory/regulatory compliance relating to civil, tax, and accounting laws and regulations; discharging duties assumed under contract; technical assistance and support regarding purchased products and services, including post-sale; accounts receivable;
d) Marketing and references, information on future sales initiatives, service and/or product innovations, special offers, market research, statistics.
LEGAL BASIS FOR THE DATA PROCESSING
Customer personal data shall be processed based on express consent provided by signing the instant policy.
Please note that, even where consent is not provided, or where it is revoked, your personal data may still be processed in the following situations, and when predicated on the following legal bases:
a) Processing is necessary to perform under a contract to which you are privy, or for the carrying out of any pre-contractual measures implemented at your request;
b) Processing is necessary to discharge a legal duty incumbent on the Data Controller;
c) Processing is necessary to safeguard the interests of a natural person;
d) Processing is necessary to perform a duty in the public interest, or relating to the exercise of any public authority vested in Data Controller;
e) Processing is necessary for Data Controller to pursue a legitimate interest; legitimate interests shall include:
- The interest in executing, managing, and performing those contracts identified in subsection 1(b) hereof;
- The interest to protect any rights arising - be it directly or indirectly - from the aforementioned contracts;
- The interest in safeguarding company security and equity;
Provided no interest, right, or fundamental liberty on the part of Data Subject, and requiring the protection of any personal data, trumps the same.
Subject to Data Subject’s autonomy, the submission of any directly acquired personal data may be:
a) Mandatory under applicable law, regulation, or EU statute, or any order issued by any authority mandated by statute, or by any supervisory or control body;
b) Strictly necessary to execute a new undertaking with the customer and ... or to manage and perform under any existing undertaking or obligation.
Any objection to processing and/or refusal on the part of Data Subject to submit personal data may make any new contracts, performance under existing contracts, compliance with EU law, regulation, or statute, or the orders of any authority mandated by statute or by any supervisory or control body, impracticable or impossible, either in whole or in part.
DATA PROCESSING METHODS
The processing of personal data may be performed with the aid of analogue, electronic, or otherwise automated instruments, with methods and procedures strictly related to the pursuit of the foregoing purposes. Maflon S.p.A. carry out processing directly through parties within its own organisation, or in outsourcing.
Such parties shall process data:
a) Pursuant to instructions provided by Data Controller, as either authorised persons or processors, and solely in the pursuit of specific purposes as stated herein.
b) Autonomously, as independent data controllers.
DATA DISCLOSURE AND DISSEMINATION
Personal data - solely for the purposes appearing in point 1 - may be disclosed to:
a) Data Controller employees or associates duly authorised by the same to process data;
b) Credit institutions, service companies for the recording, packaging, transport, and handling of documents, subcontractors tasked with projects or construction, service providers, notaries, attorneys, experts, consultants,
collections companies, auditing firms;
c) Entities to whom disclosure is required in compliance with any collective-bargaining agreement (e.g. a labour union) or specific regulatory duties (e.g. police force or other public authority).
The data shall not be disseminated.
DATA SUBJECT RIGHTS
Data-protection regulations (see Art. 12-22 of EU Regulation no. 679/2016) guarantee the right to be advised of data processing, the right to access the data themselves at any time, and to request such data be updated,
supplemented, or corrected. Where the criteria established by the law are met, the Data Subject may also exercise the right to have the data deleted, limit their processing, object to processing, to avoid being subject
to decisions based solely on automated processing, and the right to data portability.
Should personal-data processing be predicated on Data Subject consent, the Data Subject shall have the right to revoke such consent.
To exercise your rights - and for more detailed information regarding the parties or categories of parties to whom data might be disclosed, or who might have access to the same as data processors or authorised persons
- please contact the Data Protection Officer at Maflon S.p.A., with registered office on Viale Bianca Maria No. 41 – 20122 Milano, via email at firstname.lastname@example.org.
Should you believe your rights have been infringed upon, you may protect your rights by lodging a complaint with the Data Protection Authority.
DATA RETENTION PERIOD
Personal data shall be retained for so long as is necessary to realise the purposes appearing in point 1 herein;
following the achievement of such objectives, the data may be retained until the rights accruing to you and to Data Controller from the legal relationship have lapsed with respect to any facts directly or indirectly related
to the purposes themselves (10 years).
PROCESSING OF THIRD-PARTY DATA
The customer is on notice that should any third party (e.g. representative, employee, associate) be involved in the performance of any contract executed with Data Controller, such third party’s data may be processed by
Maflon S.p.A. likewise acting as Data Controller, for the purposes appearing in point 1 herein, and especially with respect to managing communication with such customer contact persons and delegates.
Such processing shall have the same goals, methods, and retention period as the data otherwise described in the instant policy; furthermore, with respect to such processing, data subjects shall have the same rights
identified in point 6 herein. Customer agrees to properly advise any data subjects engaged by the same with respect to such processing, including but not limited to by providing the instant policy to them, and by recording their signature in acknowledgement whereof.