(GDPR - General Data Protection Regulation)
Pursuant to articles 12 and following of the GDPR
WE INFORM YOU THAT
our cooperative society Alpha & Beta processes the personal data of clients, suppliers, collaborators, members and other parties who communicate their data to our offices intentionally (orally, in written form, also via fax or email or through our internet pages), as well as those of people whose data are collected from third parties, for example when collecting details for commercial operations or from public contact lists, etc.
Our company is therefore a data controller according to the legislation for data protection and the legal basis for data processing is based on the framework of article 6, section 1, of the GDPR.
In line with the provisions of the legislation, our company guarantees that the processing of personal data will occur with due regard for the fundamental rights and freedoms, as well as the dignity of the party involved, with particular attention to privacy, personal identity and to the right to protection of personal data. The protection and processing of personal data occurs mainly through digital media and procedures. The systems of these procedures are described in detail in a specific document regarding security (DPS).
Aims of the acquisition and processing of data:
Personal data are acquired and processed in the following circumstances:
a) the processing is necessary for the stipulation of a contract which includes the concerned party or for the implementation of pre-contractual measures requested by the concerned party;
b) the processing is necessary in order to fulfill a legal obligation which the controller is subject to;
c) the processing occurs in order to send business information and advertising material (via post, fax, sms or email), as well as in order to carry out surveys among clients, market research etc.;
For the objectives expressed in a) and b) the communication of data is obligatory. Any refusal to comply entails the partial or total impossibility to carry out the contractual or legal obligation. “Sensitive data” (particular categories of personal data) are necessary exclusively to comply with legal or contractual obligations and are acquired solely in the cases listed in article of 9 the GDPR.
For the objectives expressed in c) the consent of the concerned party is necessary.
In relation to the aims described above, your personal data will be communicated, when necessary, to:
- the people responsible for the processing of data on behalf of the controllers (article 28 GDPR), and to any persons, natural and/or legal, public and/or private (legal or commercial advice firms, courts, chambers of commerce, insurance companies, etc.), when the communication is necessary or expedient to the carrying out of our activities and in the ways and for the aims previously mentioned;
- the public administration and welfare institutions for the execution of their institutional functions according to the law, as well as trade unions for the aims prescribed by collective contracts;
- to credit institutions which our company has relations with for the management of credits/debts and for financial mediation;
- to the contractual or cooperating partners with which we carry out events or business operations, insofar as this communication of personal data is necessary for the proper operation of our common activities. These partners may also be in non-EU countries where there are agreements regarding data protection.
Data deletion and retention periods
The personal data of the concerned party will be deleted as soon as the company no longer requires it for operational purposes, unless laws and national prescriptions, to which the controller is subjected, prescribe a longer conservation period. The deletion of data also occurs when the period of conservation prescribed by the above mentioned laws comes to an end, unless further storage of the data is necessary due to the stipulation or fulfillment of a contract.
Rights of the concerned party
The European legislation regarding data protection gives the concerned parties the possibility to exercise extensive rights: the right to obtain from the controller information regarding his/her personal details (art. 15); the right to obtain the correction (art. 16), erasure (art. 17) or the restriction of the processing of his/her data (art. 18); the right to object to data processing (art. 21), and, furthermore, the right to data portability (art. 20); the right to revoke, at any given moment, his/her consent to personal data processing (art. 7 and 8), and, finally, the right to file a complaint with the supervisory authorities (art. 77).
Except for the right to file a complaint with the authorities, the concerned party can exercise his/her above mentioned rights by directly contacting the controller (firstname.lastname@example.org).
The controller of the data
The controller of the data is: Alpha & Beta Cooperative Society, with legal headquarters at 39012 Merano, Piazza della Rena 2, and registered at the Chamber of Commerce of Bolzano, nr. 01374810214, the Cooperatives Register of Bolzano, n. A145621, fiscal code and VAT registration number: 01374810214.
Merano, 25.05.2018 ALPHA & BETA Cooperative Society Dr. Ivo K. Carli (legal representative)