PRIVACY POLICY FOR CUSTOMERS AND SUPPLIERS

SLINGOFER SRL, with registered office in Via Trento, 1 – 25055 Pisogne (BS), Tax ID Code and VAT no. 03263180980 (hereinafter the»Data Controller»), as the Data Controller, hereby informs you, pursuant to Art. 13 of EU Regulation no. 2016/679 (hereinafter the «GDPR «) that your data will be processed in the manner and for the purposes defined below:

1. Object of the Data Processing

The Data Controller processes the personal and identifying data (e.g., name, surname, company, address, telephone, e-mail, bank and payment details, hereinafter «personal data» or «data») that you provide when stipulating a service contract with the Data Controller.

2. Purpose of the Data Processing

Your personal data are processed without your express consent (Art. 6 lett. b), e) GDPR)
for the following Purposes of Service:
– stipulating contracts for the services provided by the Data Controller;
– fulfilment of the pre-contractual, contractual, and tax obligations arising from existing relationships with you;
– fulfilment of the obligations established by Italian law, by a regulation, by European Community legislation, or by order of an Authority (for example relating to anti-money laundering);
– exercise the rights of the Data Controller, for example, the right to defence in court.
For customers only:
We inform you that if you are already a customer of ours, we may send you commercial communications relating to the Data Controller’s services and products, similar to those you have already used unless you disapprove (Article 130 paragraph 4 of Legislative Decree no. 196 of 30.6.2003 (hereinafter «Privacy Code» and Art. 7 of the EU Regulation 2016/679).

3. Data Processing methods

The processing of your personal data is carried out through the operations indicated in Art. 4, paragraph 2) of the GDPR and specifically the: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data is processed both on paper and electronically and/or by automated means.
The Data Controller will process personal data for the time needed to fulfil the above purposes and for a period not exceeding 10 years from the termination of the relationship for Service Purposes.

4. Access to Data

Your data may be made accessible for the purposes referred to in Art. 2 of this Privacy Policy:
• to employees and collaborators of the Data Controller, in their capacity as internal appointees and/or Data Processors and/or system administrators;
• to third-party companies or other subjects (for example, credit institutes, professional firms, consultants, insurance companies, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external Data Processors.

5. Data communication

Without the need for express consent (pursuant to Art. 24 lett. a), b), d) of the Privacy Code and Art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in Art. 2. of this Privacy Policy to Supervisory Bodies (such as IVASS), Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the fulfilment of said purposes. These subjects will process the data in their capacity as autonomous data controllers.
Your data will not be disseminated.

6. Transfer of Data

Personal data is stored on paper or digital archives within the European Union.

7. Nature of the provision of data and consequences of the refusal

The provision of data for the purposes referred to in Art. 2 of this Privacy Policy is mandatory. In their absence, we cannot guarantee the Services and Relationships in existence with your organization mentioned in Art. 2 of this Privacy Policy.

8. Rights of the Data Subject

In your capacity as Data Subject, you have the rights set forth in Art. 15 of the GDPR and specifically the right to:
I. obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information;
II. obtain information on:
a. the source of the personal data;
b. the purposes and methods of their processing;
c. of the logic applied to the processing if the latter is carried out with the help of electronic means;
d. any identification details of the Data Controller, the Data Processors and the representative designated pursuant to Art. 3 paragraph 1, GDPR;
e. of the subjects or categories of subjects to whom personal data may be disclosed or who may become aware of it as appointed representative in the territory of the State, Data Processors or persons in charge of processing;
III. obtain:
a. the update, amendment or, where relevant, the integration of data;
b. the cancellation, transformation into anonymous form or the block of the data processed in violation of the law, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;
c. confirmation that those to whom the data is communicated or disclosed are notified of the actions referred to under letters a) and b), including their content, unless the fulfilment thereof proves impossible or involves using methods that are clearly disproportionate to the right being protected;
IV. object to, in whole or in part:
a. for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose for which it was collected;
b. to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. Please note that, with regard to direct marketing through automated methods, the data subject’s right to object, as set forth in point b) above, is extended to traditional methods, and that the data subject is able to exercise their right to object, even partially. Therefore, the data subject may choose to receive only communications by traditional means or only automated communications or
neither.
Where applicable, you also have the rights as set forth in Arts. 16-21 of the GDPR (Right to rectification, right to erasure, right to restrict processing, right to data portability, right to objection), as well as the right to lodge a complaint with a Supervisory Authority.

9. How to exercise your rights

You may exercise your rights at any time by sending:
– a registered letter with acknowledgement of receipt to SLINGOFER SRL – Registered office at Via Trento, 1 – 25055 Pisogne (BS);
– an e-mail to amministrazione@slingofer.eu (mailto:amministrazione@slingofer.eu);
– in case of marketing by e-mail, it is possible to object to the processing by following a specific link in the message.

10. Data Controller, Data Processor and those responsible for processing

The Data Controller is SLINGOFER SRL with registered office in Via Trento, 1 – 25055 Pisogne (BS).
The updated list of Data Processors and those responsible for processing is kept at the Data Controller’s registered office.