article-header

Privacy Policy

DATA PROTECTION AGREEMENT

Art. 1. Data controller: (the person or company which decides how and why the personal data should be processed).

ATEP Italia S.r.l.
Via Vanzago 20, 25030 Paratico (BS), Italy
VAT number and tax code: 01694380161
Phone number: +39 035913344, e-mail address: info@atep.it

Art. 2. Purpose and legal basis for data processing: (data treatment purposes and justified reasons that allow the treatment).

Data controller manages their clients’ data for the following purposes.

Purpose a) – Online contacts
–    Fulfilment of pre-contractual obligation (fulfil the requests sent with the contact form on the website in the section “contacts”).

Legal basis: performance of the contract.
By refusing to give mandatory data (marked with *) data controller will not be allowed to fulfil the requests.

Purpose b) – Newsletter subscription
–    Sending commercial proposals via newsletter.

Legal basis: consent of the data subject.
By refusing to subscribe to the newsletter data controller will not be allowed to send commercial proposals via e-mail.

Purpose c) – Online purchases
–    Fulfil the contractual obligations (verify, prepare and ship the order);
–    Fulfil the administrative obligations;
–    Fulfil the legal obligation, imposed by the law or by order of authorities;

Legal basis: performance of the contract and legal obligation.
By refusing to give mandatory data (marked with *) data controller will not be allowed to fulfil the contract or the legal obligation.

Purpose d) – Right of defence
–    Exercise data controller’s rights, for instance the potential right to defence.

Legal basis: legitimate interest of the controller.
The controller does not profile the data.

Art. 3. Processed data and processing methods.

To fulfil purposes of Art.2, the controller processes the following data:

Purpose a) – Online contacts
–       Mandatory data: name, surname, e-mail address, text.
–       Voluntary data: phone number, text subject.

Purpose b) – Newsletter subscription
–       Mandatory data: name, e-mail address.

Purpose c) – Online purchases
–       Mandatory data: billing information (name, surname, address, phone number, e-mail address, tax code, any vat number, any SDI code or certified e-mail code), shipping information (name, surname, address, phone number) and payment information.

Your profile registration is not mandatory. If it is not request, your data will only be treated to process your order and will not be stored.
Necessary data for the invoicing will be registered in the management electronic invoicing.
Data will only be processed to fulfil purposes in Art.2, including with the support of electronic means or computer-based tools.
Data processing is made using measures that ensure the security and confidentiality of the personal data, especially in respect of appropriate security measures and in accordance with the principles of lawfulness, necessity and proportionality.

Art. 4. Data storage

Data are processed and stored at the Data controller’s headquarters and on the business tools used (for instance: server, computer).  Some digital files are stored in cloud systems (for instance, electronic mail). Providers had been selected in order to ensure the protection and confidentiality of the data. All data are physically stored inside the European Union.
The dispatch of the newsletter implies the use of a software that store data outside the European Union (Unite States of America). Transmitted and stored data on the provider database are name and e-mail address. Here follows the provider data protection and treatment policy: https://mailchimp.com/gdpr/

Data controller will store personal data for as long as necessary to fulfil purposes previously mentioned in Art. 2.
After that, data stored on paper form will be inaccessible.
Some digital data will be deleted or, if the software does not allow the deletion, will be made anonymously.

Some data may be stored on backup systems. In this case it is not possible to delete them. It is guaranteed that, in case of a necessary restoration of the systems, data will be made anonymously / delated.
Personal data may be stored for a longer period in case of any litigation, for as long as the litigation process, to ensure data controller’s right of defence in court and out-of-court.

Collected and processed data are stored for the following period:
Purpose a):      1 year since the request of a contract, except for what stated in purpose c)
Purpose b):      deleted within 30 days after the withdrawal of consent by interested parties.
Purpose c):      10 years since the ending of the performance of the contract, except for what stated in purpose d)
Purpose d):     time required to ensure data controller’s rights.

Art. 5. Data communication and disclosure

Data controller’s employees and associates, performing their normal work activities and / or collaboration, have access to data being people authorised to process data.
Personal data are not subjected to communication and disclosure to third parties, except for law obligation.
In fulfilment of those obligation, personal data can be disclosed to third parties that process data on behalf of the data controller being data processor (for information only, the accountant for invoicing data).
Data to process payments (PayPal, bank transfer, credit card) will automatically be managed by the provider in charge of the payment.
Personal data may be communicated to the following subjects: credit institutions, law firms that manage any litigation and data controller’s right of defence, competent authorities of Public Security for inspection and investigation activities.
No data is resold to third parties.

Art. 6. Data transmission Extra-UE

Newsletter subscription (purpose b) implies the transmission of the data outside the European Union.
Their name and e-mail address will be stored on the service provider’s database.

Art. 7. Data subjects’ rights

Art. 7 n. 3 Data subject has the right to withdraw consent anytime; Art. 15 Right of access, including right to obtain the information regarding personal data storage period of time, or, if it is not possible, the criteria used to define that period. Right to obtain information regarding the origin of the data collecting, purposes and processing methods. Right to submit a complaint to Supervisory authorities (The Italian Data Protection Authority) anytime; Art. 16 Data subject’s right to obtain personal data updates and integration; Art. 17 Right to erasure and right to be forgotten; Art. 18 Right to restriction of processing, if applicable; Art. 20 Right to data portability, if the technology system used allows it; Art. 21 Right to object anytime for legitimate reasons related to their specific situation, in the event that the processing has been made in the exercise of official authorities or performing a task of interest or if made according to the legitimate interest of the data controller; Art. 22 Right to obtain information regarding the existence of a automated decision-making process, including profiling. Art. 19 compels data controller to notify any processing adjustment, erasure and/or restriction required by the data subject.

Art. 8. Concern of data subjects: how to exercise the rights.

Concerns regarding the exercise of the rights referred to the previous Art. 7 can be submitted to the data controller through the address that can be found in the previous Art. 1. In any cases data subject must attach their valid identity document to the request.

Join our newsletter

    © 2021 Atep Italia Srl