INFORMATION ON THE PROCESSING OF PERSONAL DATA
This is to inform you that the processing of your personal data is carried out at our company in full
compliance with current national legislation of the European Union regarding the processing of
personal data.
In accordance with art. 13 and 14 of the EU REGULATION 2016/679 we would like to inform you that:
1. The data controller is Sotras S.r.l. in the person of the legal representative pro-tempore, with
registered office in Via Donatello, 13 - 10071 - Borgaro T.se (TO) Italy.
2. The data processor is è Alessandro Quaglino, Telefono: 0112622222, Email: privacy@sotras.com
3. Responsible for the protection of data processing (so-called Data Protection Officer) The appointment,
for the company indicated above, is not foreseen because the treatment carried out does not fall within
the cases referred in art. 37 of Reg. 2016/679;
4. Purpose of data processing: Personal data are processed during business routines for the following
purposes:
- exclusively intended for the fulfilment of contractual obligations or in order to obtain pre-contractual
information and information about requests for supplies or services.
- connected with the obligations provided by laws, regulations and Community legislation as well as by
provisions issued by authorities empowered to do so and by supervisory and control bodies, as well as
obligations in tax and accounting matters;
- for communication activities, also with commercial nature.
5. Category of data collected: The data collected falls within the category of personal identification
data (personal data, social security number or VAT number, details of identification documents) closely
related and instrumental to the management of relations with customers and suppliers (such as acquisition
of preliminary information for the conclusion of contract, execution of transactions based on the
obligations arising from the concluded contract, compliance with tax and accounting obligations, etc. ...).
The category of special data is also included, referred to art. 9 of Reg. 2016/679, exclusively for
the fulfilment of legal obligations.
6. Data processing methods: Data processing is carried out by IT, telematic and paper tools with logics
strictly related to the purposes and, in any case, in order to ensure the security and confidentiality
of the data. In particular, we inform you that your data are:
- treated lawfully, fairly and transparently;
- collected for the purposes set out above, when they are explicit and legitimate, and not further
processed in a way incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they
are processed ("data minimization");
- accurate and, where necessary, kept up to date, delated and/or updated;
- kept in a form which allows their identification for no longer than is necessary for the purposes
for which they are processed;
- processed in a way that ensures adequate security of personal data, including the protection,
by appropriate technical and organizational measures, against unauthorized or unlawful processing
and against accidental loss, destruction or damage
7. Communication of data: In order to achieve the purposes indicated above, your data may be communicated
for the purposes indicated in point 4 to legal; designers; companies that acquire, register and process
data contained in documents or tools for the editing of texts, terms of contract and agreements;
companies, including those for IT, in order to manage electronic devices for the procedures related to
the storage of data, printing of correspondence and management of incoming and outgoing mail; companies
responsible of fraud control, credit recovery and detection of credit and insolvency risks; Public
Administrations, in according to law; all those involved in banking, financial and insurance services;
service companies for the management of the company's information system; companies that transmit,
envelope, transport and sort communications activities; studies or companies in the context of assistance
and consultancy tasks; Supervisory Board; Quality System Certification Bodies; Audit Board; entities who
carry out control, audit and certification obligations on the activities carried out by the company;
entities to whom the communication is necessary or functional for the correct fulfilment of the contractual
obligations undertaken, as well as the obligations deriving from the law or who have access to personal
data by virtue of regulatory or administrative provisions; accountants and procuring entities.
The complete list of those responsible is available at the company headquarters and to find it, simply
contact the Owner indicated above.
8. Dissemination of data: Personal data are not subject to disclosure.
9. Transfer of data abroad: Your personal data may be transferred outside your national country in
accordance with the provisions of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield
Framework.
10. Compulsory / facultative data provision: Considering the personal autonomy of the person concerned,
the provision of personal data, both common and falling into particular categories, may be:
- compulsory in relation to the obligations provided by laws, regulations and legislation of the
European Union, as well as by provisions issued by authorities entitled to do so and by supervisory
and control bodies, as well as obligations in tax and accounting matters;
- essential to the conclusion of new relationships or to the management and execution of contractual
relationships in place or in the process of being established.
11. Refusal to provide data: The potential refusal by the person concerned to provide personal data for
the purposes indicated in paragraph 4 letter a) b) c) of this information means that it is impossible
to proceed with the conclusion of new relationships or to the management and execution of contractual
relationships.
12. Data retention period: The personal data concerning you will be kept in a form that allows your
identification for a period of time no longer than the achievement of the purposes for which they are
processed, and in compliance with legal obligations regarding the time of data retention (tax assessments
and prescription periods for the exercise of rights).
13. Rights of the interested party: You may contact the data controller in order to assert your rights,
as provided by the Regulations, and in particular you have the right to:
a) request the access, updating, delating and the restriction of personal data concerning him, in
addition to the right to have the data portability;
b) lodge a complaint with a supervisory authority;
c) know the source of the personal data and, where appropriate, whether the data originate from available
public sources;
d) obtain from the data controller confirmation as to whether or not personal data concerning him are
being processed and, if so, to obtain access to the personal data and to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the targets or categories of targets to whom the personal data have been or will be disclosed, in
particular if they are targets in third countries or international organizations;
- where possible, the envisaged period for retention of the personal data or, if that is not possible,
the criteria used to determine that period;
e) request (to the data controller) to correct or delete personal data or to restrict the processing
of personal data concerning him or to object to their processing;
f) know, where the data are not collected from the person concerned, all available information on their
origin, on the existence of an automated decision-making process, including profiling, and, at least in
such cases, meaningful information on the logic used, as well as on the importance and the expected
consequences of such processing for the person concerned;
g) obtain from the data controller the rectification of personal data relating to him which are
inaccurate without undue delay;
h) obtain, taking into account the purposes of the processing, the integration of incomplete personal
data, providing a supplementary statement;
i) obtain from the data controller the delating of personal data relating to him without undue delay;
j) obtain from the data controller the limitation of the data processing when he contests the accuracy
of the personal data, or has opposes the cancellation of the data, or - although the data controller
no longer needs it for the purposes of the treatment - the data are necessary to the interested party
for the check, the exercise or the defense of a right in judicial proceedings, or has opposed the
treatment carried out by the data controller for the pursuit of his own legitimate interest;
k) receive the personal data concerning them in a structured format, in common use and readable by an
automatic device, and to transmit such data to another data controller without obstacles by the data
controller to whom they were provided (the so-called right to data portability);
l) take position against the processing of personal data relating to them, for reasons relating to
their particular situation, at any time (when such processing is necessary for the performance of
tasks carried out in the public interest or in the exercise of official authority assigned to the
data controller, or when such processing is necessary for the legitimate interests of the data
controller), including profiling based on such provisions, as well as to take position against the
data processing for direct marketing purposes.
14. The above rights may be exercised by written request addressed to the Data Processor by registered
letter, or also by e-mail to the following e-mail address: privacy@sotras.com
Consent form