Informativa
Privacy Policy on the processing of personal data of individuals
(pursuant to Article 13 of EU Regulation 2016/679 – Last updated 08/11/2023)
A. Data Controller
The data controller is Dolfin S.p.A., whose details are provided in this privacy policy.
B. Personal Data Processed, Purpose, Legal Basis, and Retention Period
This section outlines the types of personal data collected, the reasons for its collection, the legal grounds for processing it, and the retention period.
B1: Purpose: Compliance with legal obligations related to civil, tax, and accounting regulations (e.g., issuing quotes, delivery notes, invoices, etc.). Legal Basis: Legal obligation to which the Data Controller is subject. Types of Data: Personal data. Retention Period: 10 years after the end of the contractual relationship. |
In relation to the stated purposes, your personal data may be shared with external parties who are bound by the same confidentiality obligations and have been appointed as Data Processors. Specifically, your data may be communicated to:
Only the categories of recipients are provided, as they may be subject to frequent updates. You can request an updated list of recipients by contacting us through the channels indicated in this policy. |
B2: Purpose: Administrative management of the relationship and technical support for products/services purchased by the data subject. Legal Basis: Fulfillment of contractual obligations. Types of Data: Personal data. Retention Period: For the time necessary to achieve the purposes. |
|
B3: Purpose: If necessary, to assert and/or defend the rights of the Data Controller in civil, criminal, and/or administrative disputes. Legal Basis: Legitimate interest of the Data Controller. Types of Data: Personal and sensitive data. Retention Period: For the entire duration of the dispute. |
|
The Data Controller stores your personal data on servers located in Italy. The data is processed in paper, electronic, and telematic formats and is protected by appropriate technical and organizational security measures as required by the GDPR. Your personal data will NOT be disclosed. "Personal data" is defined as any information concerning an identified or identifiable individual, according to Article 4, Paragraph 1 of the GDPR. This encompasses various forms of data that can directly or indirectly identify a person. “Sensitive data" refers to personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, genetic data, biometric data for unique identification, and health-related or sexual orientation data, as defined in Article 9, Paragraph 1 of the GDPR. |
It is specified that the processing of data and their provision are necessary for the stated purposes. Therefore, failure to provide this data will prevent the establishment of any relationship.
D. Rights of the Data Subject
You may exercise the rights outlined below at any time and without special formalities, where applicable.
Right of Access to Personal Data |
To exercise your rights, you can send a written request to the Data Controller, using the “Model for Exercising Rights in Data Protection” available at their offices, on their website, or on the Italian Data Protection Authority's website (www.garanteprivacy.it). If you believe that your personal data is being processed in violation of the EU Regulation 2016/679, you have the right to lodge a complaint with the Data Protection Authority, which can be contacted via www.garanteprivacy.it. |
Right of Rectification |
|
Right to Erasure (Right to be Forgotten) |
|
Right to Restriction of Processing |
|
Right to Data Portability |
|
Right to Object to Processing |