Dear Customer,
in compliance with the provisions of European Regulation 2016/679 (abbreviated as GDPR), SUMMERTRADE S.r.l. wishes to inform you that the personal data provided by you or acquired by us as part of our business, necessary to implement the services offered to you, will be processed in accordance with the rules on privacy and the principles of fairness, lawfulness, transparency and protection of your privacy and your rights.
We also wish to communicate the following information:
1 - The Data Controller is Summertrade S.r.l., via Emilia, 129 - 47921 - Rimini, in the person of its pro-tempore legal representative. Pursuant to Art. 37 of the GDPR, the Data Controller is exempted from the need to identify and appoint a Data Protection Officer.
2 - Types of data, purposes and legal basis of processing.
The data voluntarily provided by the Customer are those necessary to the Controller in order to provide the services available and are processed lawfully and fairly, they are also collected and recorded for the explicit and legitimate purposes specified below and are used in processing operations that are not incompatible with those purposes.
Personal data (personal identification data such as, for example: name and surname, company name, tax code and VAT number, address, telephone / fax, e-mail, bank and payment references) are collected and processed using IT, manual and printed tools for the following purposes:
a) Fulfilment of contractual and legal obligations deriving from the participation of the data subject in the "Events" or connected to the already contracted or potential participation of the same.
b) Planning and organisational management of services requested.
c) Market analysis and promotional activities. Sending (via email, SMS (text message), MMS, push-up messages, messaging functions via mobile devices such as WhatsApp, fax, telephone calls with operator, social networks and other automated tools) of commercial communications, advertising and sales offers for Summertrade goods/services.
The legal basis justifying the purposes of data processing referred to in points a) and b), is the execution of a contract for the provision of services of which the Customer is a party or the performance of pre-contractual activities at the request of the Customer. The processing of data for the purposes referred to in point c) is subject to the specific written consent of the data subject, which may be freely denied without prejudice to the right of the data subject to participate in the Events and/or to obtain the services requested from Summertrade.
3 - Processing methods
The data are processed using both manual processing in paper format and using electronic or automated, computerised and online tools. The data provided will not be subject to profiling
activities.
4 - Nature of conferment.
The processing of data for the purposes referred to in points a) and b) is essential for the correct performance of accounting, administrative and tax procedures, as well as for the provision of the service requested. Failure to provide such data may make it impossible to provide the service and to comply with the applicable rules of law. Granting consent for the purpose referred to in point c) is optional and failure to provide it will not make it impossible to provide the requested service.
5 - Recipients or any categories of recipients of personal data.
Data processing is carried out by the Data Controller's personnel (employees, collaborators, system administrators), specifically identified and authorised to process the data according to instructions given in compliance with current legislation on privacy and data security.
Personal data provided by the Customer may be processed by third parties specifically appointed as Data Processors (pursuant to Article 28 of the GDPR) or Autonomous Data Controllers, namely:
professionals, companies, associations or professional firms that provide the Data Controller with assistance or advice for administrative, accounting, tax, or legal protection purposes;
companies that offer services in server farms;
all public institutions established by law and more generally, by all bodies established by current accounting and tax legislation as recipients of compulsory communications;
banks for collection and payments.
6 - Transfer of data to a third country or international organisations.
As part of the management of the contractual relationship, only for reasons related to the proper and timely management of the service, it may be necessary to transfer customer data to third countries outside the EU and/or international organisations, specifically identified in the register of processing activities.
7 - Personal data retention period or criteria used to determine such period.
The Customer's personal data will be processed and stored by the Data Controller for the entire duration of the contractual relationship and once this relationship terminates, for whatever reason, will be kept for the time provided for by current legislation on accounting, taxation, civil and procedural matters for each category of data.
8 - Customer's rights.
As a data subject and in relation to the processing operations described in this policy, the Customer may exercise the rights set out in Articles 7, 15 to 21 and 77 of the GDPR (right of access, rectification, restriction of processing, data portability, opposition, revocation and complaint). At any time, the data subject may revoke the consent given for the purpose referred to in point c) without thereby affecting the rights previously acquired by the Controller.
9 - Procedures for exercising rights.
The Customer may at any time exercise his/her rights by sending a registered letter with return receipt to Summertrade S.r.l. or by sending an email to privacy@summertrade.com. Exercising such rights by the Customer is free of charge, in accordance with Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, including repeated requests, the Controller may charge the Customer a reasonable fee for administrative costs incurred in order to handle such a request or else deny satisfaction of such a request.
The data subject has the right to lodge a complaint with the Italian Data Protection Authority, according to the procedures identified by the same.
Rimini, 03/06/2019
The Data Controller
