Skip to content

PRIVACY NOTICE IN COMPLIANCE WITH ARTICLES 13-14 OF GDPR (GENERAL DATA PROTECTION REGULATION 2016/679)

As Data Controller (hereinafter Data Controller), we want to submits to you this Privacy notice in compliance with Articles 13 and 14 of GDPR 2016/679 to offer you detailed information on the collection and processing of Personal Data. This information refers only to data relating to natural persons, collected in files or intended to be part of files. Data relating to legal persons are excluded. The information is prepared in technical language as it is aimed at professional users and companies. If you have any questions or would like to know more, please do not hesitate to contact us.

1. DATA PROCESSING SCOPE

The Data Controller will process Personal Data voluntary provided by you prior to entering into a contract and for the contract itself. We will acquire further data from public archives only.

2. PURPOSE OF THE PROCESSING

2.1 Contractual purposes The provided Data will be processed to meet contractual obligations deriving from commercial relationships. The collected Data will be processed to request offers, to send orders, to provide requested services, to provide goods and to handle all related matters including payment of invoices. Lawfulness of processing: performance of a contract [art. 6 c.1 lett.(b)].

2.2 Purposes of fulfilling obligations laid down by law, regulation or EU legislation Secondly, personal data will also be processed to fulfil obligations laid down by law, regulation or EU legislation and for civil, accounting and tax purposes. In view of the purposes of the processing indicated above, the provision of data is necessary: failure to provide such data, in part or inexactly, will result in the impossibility of establishing or continuing the business relationship. The basis of legitimation is the legal obligation [Art. 6(1)(c)].

2.3 Commercial development purposes The data may be used to propose goods and services similar to those already of interest to the data subject. The basis of legitimation is the legitimate interest in the development of the company’s business (Art. 6(1)(f)). The person concerned may object to this processing at any time.

3. DATA PROCESSING METHODS

Personal data are processed both in the traditional way and with the aid of computer technology and in any case in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with the organisational, physical and logical measures provided for by the provisions in force. All processing personnel will be qualified as Authorised.

4. DATA RETENTION

The Controller shall process personal data for the time necessary to fulfil the above purposes and in any case for at least 10 years after the termination of the business relationship.

5. DATA CONTROLLER

The Data Controller is: CM Srl Via Alba, 38 10024 Moncalieri, Italy

6. DATA SHARING

Communication and dissemination of personal data for the pursuit of processing purposes. The Data Controller may disclose personal data to data processors or third parties to whom disclosure is necessary in order to comply with legal requirements (by way of example, but not limited to: persons, companies or professional firms providing assistance, consultancy or collaboration in accounting, administrative, legal, tax, financial and management systems matters). Furthermore, personal data may be communicated to any other third party or owner when such communication is obligatory by law or in order to properly fulfil the services provided for in the Regulation. Categories of persons who may become aware of the personal data in their capacity as data processors: accountants, labour consultants, lawyers, notaries, IT partners and technical partners management systems consultants labour safety consultants None of the personal data will be disseminated. 7. DATA TRANSFER OUTSIDE THE EU No data transfer outside the EU is envisaged.

8. RIGHTS

In compliance with Articles 13, paragraph 2, subparagraphs (b) and (d), 15, 18, 19 and 21 of the Regulation, you shall be informed that you have the rights to: access to your Data; seek rectification or cancellation of your Data, or obtain restriction of the processing; object to processing of your Data; request the portability of your Data; withdraw your consent, if applicable, without prejudicing the lawfulness of the processing, based on the consent given before the revocation; lodge a complaint with the supervisory authority (DPA – Garante Privacy). You may exercise your rights by sending a request by email to m.signoretta@cm-torino.com

9. DATA PROTECTION OFFICER

The Data protection Officer (DPO) is Mr. Massimiliano Signoretta and can be contacted via email at: m.signoetta@cm-torino.com

10. WHAT TO DO

The Privacy policy is provided to data subject with all available contact points. It is not necessary to give acknowledgement. It is not necessary to accept the privacy policy. It is not necessary any consent.

11. PRIVACY POLICY UPDATE

Information updated on 03 May 2022