DISCLOSURE ON PERSONAL DATA PROCESSING
Under Article 13 of Legislative Decree no. 196 dated 30 June 2003 and
Art. 13 of EU Regulation 2016/679 dated 27/04/2016
Under article 13 of legislative decree no. 196 dated 30 June 2003 “Personal Data Protection Code (the “Code”) and article 13 of the EU Regulation 2016/679 dated 27/04/2016, hereafter called GDPR (General Data Protection Regulation), Calzaturificio Panda Sport s.r.l., with registered offices in C.da Colucci, 154, 72014 Cisternino, in its capacity of data controller of the personal data, hereby informs you the following:
Data Controller and Processor
The data controller is Calzaturificio Panda Sport s.r.l., with registered offices in C.da Colucci, 154, 72014 Cisternino.
Purpose of the data processing
The personal data you provide will be processed exclusively for the following purposes:
- stipulating and executing the contract and all the connected activities, including but not limited to invoicing, credit protection, administrative, managerial and organisational services necessary for executing the contract;
- fulfilment of the obligations required by law, regulations, applicable rules and other provisions issued by authorities entitled to do so by law and by supervisory and control bodies.
The processing of the personal data for the purposes indicated above does not require your express consent (art. 24, letter a) and b) of the Code and art. 6 letter b) and e) of the GDPR).
- carrying out promotional and marketing activities of the Data Controller’s products and services, commercial communications using both automatic means without operator intervention (e.g. SMS, fax, MMS, email etc.) and traditional ones (by telephone, post).
- preparing studies and market research.
The processing of the personal data for the purposes indicated above does not require your express consent (art. 23 of the Code and art. 7 of the GDPR). This consent concerns both the manner of automatic communication and the traditional ones described above. You will always be entitled to easily and freely oppose, wholly or even only partially, the processing of your data for these purposes, by, for instance, excluding automatic contact methods and expressing your will to receive commercial and promotional communications exclusively through traditional contact methods.
Obligatory or optional nature of data disclosure and consequences of refusing to disclose the personal data
Disclosure of the data requested for the purposes indicated in the previous letters a) and b) is mandatory for fulfilling legal obligations and/or for concluding and executing the contractual relationship and providing the services requested. Therefore, any refusal, even partial, of providing these data would mean the impossibility for the Supplier to establish and manage the relation itself and to provide the requested service.
Disclosing the personal data necessary for the purposes indicated in the previous letters c) and d) is discretionary, therefore, any refusal to provide this data would make it impossible to implement the activities described herein.
Manner of processing the data
The personal data is processed by means of the operations indicated in art. 4 of the Privacy Code and art. 4 no. 2) of the GDPR, for the purposes indicated above, both on paper and in file format, by means of electronic instruments or anyway automated ones, in respect of the laws in force in particular regarding confidentiality and safety and in conformity with the principles of fairness, lawfulness and transparency and protecting the Customer’s rights.
The processing is carried out directly by the data controller’s organisation, by its data processors and/or assigned personnel.
Communication and Dissemination
Your personal data may be disclosed, within the limits strictly pertinent to the obligations, to the tasks and to the purposes indicated above and in respect of the laws in force on the subject, to the following categories of subjects:
- subjects to whom the disclosure must be made in order to fulfil or to demand fulfilment of specific obligations envisaged by the law, by regulations and/or by community law;
- companies belonging to the Data Controller’s Group that is parent companies, subsidiaries or affiliates pursuant to Art. 2359 of the Italian Civil Code, who operate in their capacity of data processors or for administrative accounting purposes (purposes connected to performing activities of the internal organisation, administration, finance and accounting, particularly, necessary for fulfilling contractual and pre-contractual obligations);
- natural and/or legal persons who provide services instrumental to the activities of the Data Controller for the purposes laid down in the previous point 1. (e.g. call centres, suppliers, consultants, companies, authorities, professional offices). These subjects will operate in their capacity of data processors.
The personal data will in no way be subject to dissemination.
Personal data storage period
The personal data will be kept for the whole duration expressed by the contract stipulated with the Data Controller, after which the data will be retained until the end of the term provided for by law for keeping administrative documents, after which they will be deleted.
The personal data will be kept on servers located within the European Union. In any case, it is agreed that the Data Controller will, if necessary, be entitled to move them to servers even outside the EU. In this case, the Data Controller hereby assures that the transfer of the data outside the EU will be carried out in conformity with the applicable legal provisions, subject to stipulating the standard contractual clauses envisaged by the European Commission.
Data subject’s rights
In your capacity of data subject, you have the rights indicated in art. 7 of the Privacy Code and art. 15 of the GDPR and specifically the rights of:
- obtaining confirmation as to whether or not personal data concerning you exist, regardless of their being already recorded, and communication of such data in intelligible form.
- obtaining the indication: a) of the origin of the personal data; b) of the purposes and manner of processing; c) of the logic applied in the event of processing performed with electronic instruments; d) of the identification of the data controller, of the data processors and of the controller’s representative designated pursuant to art. 5(2) of the Privacy Code and art. 3 (1) of the GDPR; e) of the entities or categories of entity to whom the personal data may be disclosed or who may become aware of said data in their capacity as designated representative in the State’s territory, of data processors or assignees.
- obtaining: a) the right to update, rectify or, when there is an interest, to integrate the data; b) the erasure, the anonymization or block of data processed unlawfully, including those which it is not necessary to keep in relation to the purposes for which the data was collected and subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom the data were communicated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- opposing, wholly or partially: a) for legitimate reasons, the processing of personal data concerning you, where it is carried out for the purpose of the collection; b) the processing of the personal data concerning you for the purposes of sending advertising materials or direct selling or else for the performance of market research or commercial communication, using automatic calling systems without the intervention of an operator, using email and/or traditional marketing methods by telephone and/or traditional mail. It is pointed out that the data subject’s right of opposition, indicated at the previous point b), for direct marketing purposes, using automatic means extends to traditional ones and that the data subject’s right to oppose it even partially remains unaffected. Therefore, the data subject may decide to receive communications by traditional means alone or only automatic communications or neither of the two types of communication. Where applicable, they also have the rights under arts. 16-21 GDPR (Right to rectification, right to erasure, right to restrict processing, right to data portability, right to object), as well as the right complain to the Supervisory Authority
To exercise the rights under art. 7 of Legislative Decree no. 196/03 and art. 15 of the GDPR or for questions or information regarding the processing of your data and the safety measures put in place, you may, in any case, send our company the request to the following address:
Calzaturificio Panda Sport s.r.l.
C.da Colucci, 154