Notice to customers
This information is provided to Customers and through them to natural persons who operate in the name and on behalf of Sarce SpA customers in the person of the pro-tempore legal representative, pursuant to art. 13 – 14 GDPR 679/16 and subsequent national adjustment rules – “European regulation on the protection of personal data”. Sarce SpA undertakes to comply with the obligations deriving from the applicable legislation on the protection of personal data, including, by way of example, the laws governing the storage and processing of personal data.
DATA CONTROLLER, pursuant to art. 4 and 24 of EU Reg. 2016/679 is SARCE SpA with headquarters in Parma (PR) cap. 43122 in Largo A.Cacciari 1 / b – in the person of the pro-tempore legal representative, Tel. +039 0521788811 – e-mail: firstname.lastname@example.org
The personal data processed are those possibly displayed by Sarce staff on the occasion of the Services provided for under specific contracts. The personal data of the Customer’s natural persons may be information aimed at executing the contractual relationship displayed during the Remote Assistance Service; provided directly by customers during visits; exchanged with various means of communication (telephone, email, paper mail); forming part of proposing offers and / or transmissions and transactions subsequent to orders.
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF THE DATA
The personal data provided by the Customer and / or processed during the Service activities may be communicated to recipients, who will process the data as managers (art.28 of EU Reg. 2016/679) and / or as persons individuals who act under the authority of the owner and manager (art.29 of EU Reg. 2016/679), for the purposes listed above. Mainly, except for various specific activities that the Customer will always be aware of, the data exchanged during the Service activities will be communicated to other Sarce SpA collaborators. In particular, on the basis of the roles and job duties performed in Sarce, some collaborators have been legitimated to process personal data, within the limits of their competences and in accordance with the instructions given to them by Sarce itself. All Sarce staff comply with the provisions listed in the company policies, which implement the dictates of the EU Reg. 2016/679, documented in the processes of their ISO 9001: 2015 Certified Quality System. In particular, Sarce personnel have the obligation to protect the confidentiality of confidential information and will be responsible to Sarce and its customers for any disclosure or improper use of such confidential information.
PROTECTION OF PERSONAL DATA
Sarce Spa expressly declares that, with regard to the Customer’s personal data:
- will process personal data only on the basis of existing contractual needs or on instructions given by the Customer;
- take appropriate technical and organizational security measures to safeguard personal data;
- will assist the customer in ensuring compliance with the obligations of the applicable legislation on the protection of personal data, taking into account the nature of the treatment and the information available to Sarce Spa;
- will immediately inform the Customer if, in his opinion, an instruction violates the applicable legislation on the protection of personal data or other provisions, of the Union or Member States, relating to the protection of personal data.
TRANSFER OF DATA
Sarce does not transfer the personal data of the Customers to third parties unless expressly requested and / or accepted by the Customer in particular Service needs. In any case there will be no transfers to third countries or to international organizations. In the case of Cloud Services, these will be governed by specific contracts.
RETENTION OF DATA
Sarce stores and processes personal data for the time necessary to fulfill the purposes indicated. Subsequently, personal data will be stored, and not further processed, for the time established by the current civil and fiscal provisions.
RIGHTS OF THE INTERESTED PARTY
With reference to articles 15 – right of access, 16 – right of rectification, 17 – right to cancellation, 18 – right to limitation of processing, 20 – right to portability, 21 – right to object, 22 right to object to the automated decision-making process of the GDPR 679 / 16, the interested party exercises his rights by writing to the Data Controller at the above address, or by email, specifying the subject of his request, the right he intends to exercise and attaching a photocopy of an identity document that certifies the legitimacy of the request.
REVOCATION OF CONSENT
With reference to all. 6 point a) of the GDPR 679/2016, the interested party can revoke the consent given at any time by exercising the rights entrusted to him by art.7.3 However, the treatment covered by this information is lawful and reliable, even in the absence of consent, as necessary for the execution of a contract of which he is part of the interested party (the relationship of supply of products and services).
The interested party has the right to lodge a complaint with the supervisory authority of the state of residence.
REFUSAL TO PROVIDE DATA
The interested party can refuse to give the owner his personal data. The provision of personal data is however necessary for a correct and efficient management of the contractual relationship. Therefore, a refusal to provide the data may compromise the contractual relationship in whole or in part.
AUTOMATED DECISION-MAKING PROCESSES
The unmanaged owner on the data of natural persons who reports in the name and on behalf of customers treatments that consist of automated decision-making processes.
Update date 30-09-2018
Data controller: SARCE SpA