REGULATION (EU) 2016/679 on the protection of customers and suppliers and with regard to the processing of personal data
As per art. 13 of the EU regulation (EU) 2016/679
Dear Customer and supplier,
in compliance with the provisions of art. 13 and 14 of the European Regulation (EU) 2016/679 (General Regulation on the Protection of Individuals with regard to the processing of personal data, hereinafter “Regulations” or “GDPR”), we inform you that your personal data provided by you or however recorded at the time of registration, as part of our activity, will be treated in compliance with the Rules and principles of fairness, based on the conditions of lawfulness as per art. 6 of the Regulations, transparency and protection of confidentiality provided for by it.
This circular relates to the personal data sent by the visitor when filling out the contact forms on our website, made available in order to allow visitors to contact the manager of the website by sending an email with the aforementioned form, with your contact details and any notations or preliminary questions and data that our system could automatically record while visiting the website:
- when filling out a contact form, the IT system may register the means and the website through which it has accessed our website while the data that you will voluntarily give us through the contact forms will be transformed into an email that can be stored in our e-mail system. Your data may also be recorded in a database on the server relating to the website;
- while visiting the website, however, even if you do not fill out a contact form, we may automatically collect some user information, such as the means and the website through which you accessed our website, your IP address, the date and time of access to our service, the hardware, software or browser being used and information on the operating system of your computer, your clicks, the pages you visited on our site and the operations done.
1. Holder of the processing of personal data
The Data Controller (hereinafter “Data Controller”), as per Article 4 of the Regulation, is SOA Società Consortile a.r.l., with registered headquarter in Via Ammiraglio Millo no number, 70011 Alberobello (Bari) – Italy (hereinafter “SOA S.c.a.r.l.”), in the person of its legal representative who, under its prerogatives, may avail itself of the collaboration of data processors and / or authorized persons, expressly appointed.
2. Purposes of processing personal data
The data provided to the Data Controller, not included in the particular categories of personal data as listed in art. 9 of the Regulations, will be processed by SOA S.c.a.r.l. for the following purposes:
2.a Administrative and accounting objectives
All data concerning your company are processed exclusively for purposes connected with the economic activity of SOA S.c.a.r.l. and in particular for administrative and accounting purposes: pre-contractual requirements, (offers, order processing, etc.), fulfillment of legal, community and contractual obligations; risk control (in particular fraud, insolvency, reliability, etc.), litigation management, electronic payment instruments management, warehouse management and transport through external couriers.
With reference to these processing purposes, any refusal by the interested party to provide the requested data will determine the impossibility of establishing contractual relationships.
2.b Operational and strategic marketing
Updating occurs through the sending of promotional material, even personalized, through periodic newsletters (technical communications, commercial and promotional communications related to the activities carried out by SOA Scarl, events, training updates, etc.), through market surveys, retargeting, telemarketing, web marketing, etc. carried out by the Owner in his own interests and the companies associated with the SOA S.c.a.r.l. and / or in the interest of third-party companies but also directly through companies appointed by the Controller as data processors, on services, offers and initiatives of SOA S.c.a.r.l. or make them participate in market surveys (to better understand their preferences and to improve our offer);
2.c Sharing of Partner’s commercial promotions
Communicating your data to our business partners who will contact you to let you know about their offers, promotions, updates on products and services.
2.d Purpose of generic contact
Providing a better browsing experience in line with the preferences already shown in the online navigation or in the possibility of contacting you via the contact details you sent us in order to process any requests contained in the message sent to us through the contact form, arrange for you an appointment in the nearest facility or inform you of any event reminders, messages and promotional initiatives and market researches promoted by the structures adhering to our project.
3. Methods and legal bases of treatment
The data may be provided by you at the time of registration at our offices, using paper and / or electronic forms, provided at events, fairs and events to which SOA S.c.a.r.l. participates or organized by SOA S.c.a.r.l., by members of the sales and assistance network of SOA S.c.a.r.l. or by the commercial partners of SOA S.c.a.r.l. or provided in the course of your interaction with the websites, the internet and mobile applications of SOA S.c.a.r.l..
The legal basis of the data processing referred to:
Purpose a) it will be the fulfillment of the contractual relationship established with you (Article 6, paragraph 1, letter b) and c) of the Regulation), given that the treatments put in place for these purposes are necessary for the fulfillment of contractual obligations and do not require of a specific consent by the interested party
Purpose b) The treatments put in place for these objectives are performed with the user’s specific consent, with the exception of commercial communications concerning similar services to those bought and subscribed by the user, to whom the processing responds to a legitimate interest of the Data Controller
Purpose c) The treatments put in place for these objectives are performed with the user’s specific consent
Purpose d) it will be the fulfillment of the contractual relationship established with you (Article 6, paragraph 1, letter b) and c) of the Regulation), given that the treatments put in place for these purposes are necessary for the fulfillment of contractual obligations and do not require of a specific consent by the interested party
Your consent will always be freely revocable, by writing to firstname.lastname@example.org and will be taken over by the privacy office in staff to the Data Protection Officer.
Please note that, in case of revocation of consent, you will no longer be recipients of any type of communication, with no mode. If you wish, you may revoke your consent only for the receipt of communications by electronic means (eg e-mail, text messages, instant messaging), continuing to receive technical and / or commercial communications only by mail or telephone contact with an operator, if provided.
This site collects and processes data according to your consent. With the use or consultation of this website, visitors and users explicitly approve this information and consent to the processing of their data in relation to the methods and purposes d) of the previous paragraph 2 “Purpose of the processing of personal data” of this information, described below, including any disclosure to third parties if necessary for the provision of a service.
Failure to provide and / or to consent, where necessary for the processing of your data, for the purposes described in paragraph 2, will make it impossible to re-contact you and process your request, send communications regarding our promotional activities or provide some services and the experience browsing the website, could be compromised. Starting from 25 May 2018 (date of entry into force of the GDPR), this website will process some of the data based on the legitimate interests of the data controller.
4. Nature of the provision of data and methods of processing
The provision of data by the interested party is mandatory for all the aforementioned purposes 2.a), 2.b), 2.c), the consent is optional and explicit.
Data will be processed with the support of IT department, telematic and / or paper support, according to the logic related to the specifications indicated above and, in any case, adopting procedures and measures suitable to protect their security and confidentiality and by SOA S.c.a.r.l. or companies expressly appointed as data controllers.
SOA S.c.a.r.l might process the user’s common personal data, without any expressed consent, for the following service purposes:
- To manage and maintain the website
- To allow the user to benefit from the existing functions
- To manage the user’s requests and notifications
- To send newsletters and technical information related to road safety
- To collect spontaneous application
- To process a contact request
- To fulfill the obligations established by laws, regulations, Community legislation or by an order of the Authority
- To prevent or discover fraudulent activities or malicious activities that may damage the site;
- To exercise the data Controller’s rights, such as the exercise of a right in legal action, as well as for the domains and purposes of the activities rendered to customers.
The computer systems and software procedures set up for this website acquire, during their normal operation, some personal data whose transmission is implied in the use of Internet communication protocols. Information are not stored or recorded in order to straightforwardly identify browsers, but according its nature, after being processed, can lead to identify internet users. This category of data includes the IP addresses, the addresses of the request, the time of the request, the method required, the numerical code indicating the status of the response given by the server and other parameters, related to the operating system and the IT environment user. These data are useful for obtaining anonymous statistical information on the use of the site and for checking its correctness.
Data provided voluntarily by the user:
The discretionary, explicit and voluntary sending of e-mails to the addresses indicated on this website or the completion and submission of contact forms entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the missive. The processing is carried out directly by the data controller, also through its internal agents.
Cookies are short fragments of text that allow the web server to store information to be reused during the same visit to the website (session cookies) or later, even after days (persistent cookies). Cookies are stored, according to user preferences, by the single browser on the specific device used (computer, tablet, smartphone). Similar technologies such as, for example, transparent GIFs and all forms of local storage introduced with HTML5, can be used to gather information on user behavior and use of services. While browsing, these types of cookies will be installed on the site: session, analytics and profiling of third parties and in the following of this document we will refer to cookies and all similar technologies, simply by using the term “cookies” from now onward.
- Technical cookies: they are used only to “carry out the transmission of a communication on an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide such service”. They are not used for other purposes and are normally installed directly by the owner or operator of the website. They can be divided into navigation or session cookies, which guarantee the normal navigation and use of the website; functional cookies, which allow the user to navigate according to a series of selected criteria, in order to improve the service. For their installation the prior consent of users is not required, while the obligation to provide information pursuant to art. 13 of the Regulations, that the site manager, if he uses only such devices, can provide in the manner he deems most suitable.
- Profiling cookies: are designed to create profiles related to the user and in order to send advertising messages in line with the preferences expressed surfing the net by the same user. Because of the significant invasiveness this device can have in the private sphere of users, European and Italian legislation requires the user to be adequately informed about their use and is to express explicit consent. The Article 122 of Legislative Decree no. 196/03 states that “the storage of information in the equipment of a contractor or a user or the access to information already stored, is permitted only on condition that the contractor or user, has given his consent, after having been informed with the simplified procedures referred to in the Article 13, paragraph 3 “(Article 122, paragraph 1, of Legislative Decree 196/03). This site uses profiling cookies.
- Third-party cookies: visiting the website you can receive cookies from sites managed by other organizations (third parties), such as the scripts or social plugins of Facebook, Twitter, Google, LinkedIn. These are parts of the page visited, generated directly by the aforementioned sites and integrated into the page of the host site. The most common use of social plugins is aimed at sharing content on social networks. The presence of these, involves the transmission of cookies to and from all sites, operated by third parties. The management of information collected by “third parties” is governed by the relevant information to which reference is made. To ensure greater transparency and convenience, the following are the web addresses of the various information and how to manage cookies.
This site also includes some components of analytical cookies of third parties transmitted by:
Session cookies remain active only until the browser is closed or the log-out command is issued. Persistent cookies remain active when the browser is closed to be available in subsequent visits by the user. In some cases, a deadline is set, determined by the server when they are created, while in others the duration is unlimited until the user has removed it.
HOW TO MANAGE AND DEACTIVATE COOKIES
The user can decide whether or not to accept cookies using the settings of his browser. The usability of public content is also possible by completely disabling cookies, while the total or partial disabling of technical cookies can compromise the use of site features reserved for registered users. The disabling of “third-party” cookies does not in any way affect the navigability of the sites. The setting can be defined specifically for different websites and web applications. In addition, browsers typically allow you to customize settings for different types of cookies, define whether to accept them or not and proceed with their removal.
Here are the links to the main browsers:
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=it
- Mozilla Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
- Internet Explorer: http://windows.microsoft.com/it-it/windows7/how-to-manage-cookies-in-internet-explorer-9
- Microsoft Edge: http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookies
- Opera: http://help.opera.com/Windows/10.00/it/cookies.html
- Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT
For further information about how to manage cookies in your browser: http://aboutcookies.org
For further information about cookies and to manage your preferences on third-party profiling cookies, please visit: http://www.youronlinechoices.com
To simplify your cookies management, in compliance with current legislation, SOA S.c.a.r.l., provides you with a management tool for the selective activation and deactivation of cookies unwelcome among those controlled or controllable by SOA S.c.a.r.l. Within Privacy preferences you can find, in categories, all the cookies we manage or consciously hosted.
OTHER THIRD PART COOCKIES
Visiting a website, you may receive cookies from the visited site (“owners”) and from sites managed by other organizations (“third parties”). An example is the presence of “social plugins” for Facebook, Twitter, Google+, LinkedIn, etc. These are parts of the page visited, generated directly by the aforementioned sites and integrated into the page of the host site. The most common use of social plugins is aimed at sharing content on social networks.
The presence of these plugins involves the transmission of cookies to and from all sites, managed by third parties. The respective circulars rule the management of this information collected by “third parties”. To ensure greater transparency and convenience, here follows the web addresses of the various information and how to manage cookies.
- Facebook information
- Facebook (configuration): access your account > Privacy section
- Twitter information
- Twitter (configuration)
- Linkedin information
- Linkedin (configuration)
- Google+ information
- Google+ (configuration)
- Instagram information
- Pinterest information
Cookies are connected to the browser in use and CAN BE DISABLED DIRECTLY FROM THE BROWSER, refusing / withdrawing consent. Disabling cookies may influence the correct use of some features of the site.
Instructions for disabling cookies can be found on the following web pages:
Mozilla Firefox – Microsoft Internet Explorer – Microsoft Edge – Google Chrome – Opera – Apple Safari
5. Duration of treatment and used criteria for the storage of Personal Data
Your personal data will be processed only for as long as necessary to accomplish contractual, legal and settlement obligations, without prejudice to laws and regulations of the Authorities, while respecting rights and in compliance with the obligations or to defend or to claim a right.
The Data will be stored according to the following criteria:
- The Data processed for the purposes referred to in subparagraph a) of paragraph 2 “Purpose of the Processing of Personal Data” of this policy, will be kept for a period of 10 years following the termination of the relationship, except in the case further conservation is required, in order to allow SOA Scarl the protection of their rights;
- The Data processed for the purposes referred to in letter b) of paragraph 2 “Purpose of the Processing of Personal Data” of this policy, will be kept for a maximum of 24 months.
- The Data processed for the purposes referred to in letter c) of paragraph 2 “Purpose of the Processing of the Personal Data” will be treated until the eventual revocation of the consent by the person concerned
Personal data of the site concerning the objectives referred to in paragraph e) can be also stored by the Italian Law to safeguard the legitimate interests of the Data Controller of SOA S.c.a.r.l. (art. 2947, par. 1 and 3 of the Italian Civil Code).
6. Redirect towards external websites
The website can use the c.d. social plug-in. Social plug-ins are special tools that incorporate the features of the social network within the website (for example, the “like” function of Facebook).
All social plug-ins on the site are trademarks of the respective logo owned by the social network platform (eg Facebook, Google, Twitter, Linkedin).
7. Links to/from third-party websites
From this website it is possible to connect, through appropriate links, to other websites. The Data Controller declines any responsibility regarding any request and / or release of personal data to third party sites and regarding the management of authentication credentials provided by third parties.
8. Security measures
This site processes data in a lawful and correct manner, adopting appropriate security measures to prevent non-specific access, disclosure, modification or unauthorized destruction of data. The processing is carried out using IT and / or telematic tools, with organizational methods and with related logics related to the purposes indicated. In addition to the owner, data can be accessible to the appointees involved in the organization of the website (staff belonging to administrative, commercial, marketing and legal areas as well as system administrators) and external subjects (third party technical service providers, hosting providers, IT companies, communication agencies).
9. Scope of transfers and spread of personal data
In compliance with the purposes set out in point 2 and without prejudice to any communication to third parties, made in implementation of legal obligations, the data may be transferred by us to countries belonging to the European Community, to the following subjects:
- associated companies of the SOA Corporate Group of which SOA S.c.a.r.l.
- our staff, appropriately appointed and informed;
- banks and credit institutions;
- advisors and professionals (website management, IT archives, etc.)
- legal, tax and IT consultants from companies and / or individuals who provide us with data processing and maintenance services;
- shippers, carriers and couriers;
- judicial offices, in the context of criminal investigations or other subjects whose right to access data is recognized by law;
- companies, entities and / or natural persons who perform related, instrumental and / or support activities to ours, or necessary and / or functional to the execution of the contracts or services requested.
- specialized companies for: management of fees invoicing services;
- the detection of financial risks and the prevention of fraud (in specific databases established to assess credit risk, managed by private individuals and available to many parties); credit recovery procedures; the management of fines; vehicle recovery;
This site may share some of the data collected with services located outside the EU. Especially with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, particularly the decision 1250/2016 (Privacy Shield) for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
10. Rights of the interested parties
We inform you that at any time, regarding your data, through communication to be sent to the e-mail address email@example.com, or by writing to our office, you have the rights, provided within the limits and under the conditions set out in articles 7 and 15 of the Rules.
In particular, you have the right to withdraw at any time the consent to the treatment provided and to oppose the processing of his data, in particular for marketing purposes or analysis of his preferences.
Whomever believes that the processing of personal data, reported to them through this service, in violation of the provisions of the Regulations, have the right to send a communication to the Data Processor, at firstname.lastname@example.org, or have the right to propose a complaint to the Supervisory Authority (The Italian Data Protection Authority), as required by art. 77 of the Regulations, or to take appropriate judicial offices (Article 79 of the Rules).
- Contact information Data Protection AuthorityPiazza di Monte Citorio, 12100186 Rome
Phone +39 06 69677 1
Fax +39 06 69677 785
11. Revocation of consent to the processing of data
You have the right to revoke your consent to the processing of your personal data at any time by sending a registered letter to the following address: SOA S.c.a.r.l.,with registered headquarters in Via Ammiraglio Millo S.N. 70011 Alberobello (BA), with the following text “withdrawal of consent to the processing of personal information” accompanied by a photocopy of your ID card. The request can be sent also at this email address email@example.com.
At the end of this operation, your personal data will be removed from the archives as soon as possible.
For further information on the processing of your personal data, please use the e-mail address: firstname.lastname@example.org. Before being able to provide or modify any user information, it may be necessary to verify the user’s identity and answer some questions to guarantee the regularity of the contact.
12. Contact data of the Data Protection Officer
Data Protection Officer appointed by SOA S.c.a.r.l. can be contacted at email@example.com e-mail.
13. Exercise of rights
The user can contact SOA S.c.a.r.l. as Data Controller or Data Protection Officer at the above addresses to get an updated list of our data processors (that is, our service providers), the subjects to whom the data are communicated and to exercise the rights provided for by art. from 15 of the Data Protection Code.
Specifically, the User may, at any time, request access to their personal data stored in our Database, making an explicit request, by sending an Email with the nature of the request to the e-mail address firstname.lastname@example.org. The user can also exercise the right to cancel / forget their personal data, at any time.
The interested party must address his written request to the attention, in one of the following ways:
- By e-mail to the appropriate address: email@example.com
- By fax to the following number: +39 080 4322904
- By registered mail to the following address: SOA S.c.a.r.l. via Ammiraglio Millo S.N. 70011 Alberobello (BA) Italy
This information will be regularly up to date. SOA S.c.a.r.l. invites therefore those interested, to visit this page periodically.
A possible entry into force of new regulations, as well as the constant examination and updating of services to the user, could entail the need to modify the methods and terms described in this Information. It is therefore possible that this document will change over time. We therefore invite you to consult this page periodically. We will publish any changes to this Statement on this page and when changes are significant, we will notify you with a more visible notification.
In any case, previous versions of this information will be stored to allow consultation.
Last update on 08/01/2019.