INFORMATION CONCERNING THE PROCESSING OF PERSONAL DATA, IN ACCORDANCE WITH THE LAW 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 27 APRIL 2016

According to the 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) regulating the norms on the protection of personal data (following the “CODE”), the firm ONGETTA Srl – Registered Office: Via A. Dalla Torre, 5 – 31047 PONTE DI PIAVE (TV), as Data Controller, is obliged to provide you with information regarding the use of your personal data. This disclosure also refers to the data processing performed by persons who exercise on behalf of ONGETTA Srl the technical and organizational tasks described in paragraph 1.

1. Object of the data processing

The owner manages the personal data, which are communicated as it follows:

• Verbal and written communication

• To conclude contracts for the owner’s services.

2. Purpose and method of data processing

The interested party examines the data in our possession, acquired in relation to your specific requests. All data processed will be processed in compliance with current legislation, and in any case, with due confidentiality.

Your personal data will be used for the following activities:

• To sign contract for the owner services

• To send communication regarding the supply

• To fulfill the contract and fiscal obligations coming from the relations generated by those.

• To fulfill the obligations stated by the law with the regulations and European norms or from an order of the Authorities (such as a money laundering)

• To manage any requests of information, claims and contentious (also from external entities)

• For the services regarding payments and collection of money (also from credit recovery external entities)

• To investigate about costumers satisfaction (also from external entities)

The usage of your personal data is made by the operation indicated bt art. 4 n. 2 GDPR, precisely: collections, registration, organization, storage, consultation, elaboration, modification, selection, extraction, confrontation, utilization, interconnection, blocking , communication, erase and destruction of data. Your personal data are subjected to both paper and electronic and / or automated processing.

The owner will process the personal data for the time necessary to fulfil the purpose described above.

3. Nature of collection and consequences of rejection

Contractual relationship:

For the stipulation and execution of contractual relationship of the personal data follows also some natural obligations as it has to fulfill the law and the fiscal regulations. Therefore, the rejections to supply those data will results into the impossibility to build some relationship with our company. In this case, the data processing does not require the consensus of the interested party (art. 24).

4. Data access

Your data could be accessed for the purposes listed above:

• To employees and collaborators of the owner or to companies in Italy and abroad, to the appointed roles or internal and/or external person in charge to the process and/or to the administrator.

• To public and private subjects which can access the data in force of provision of the law, regulations or community legislations, within the limits established by these rules (for example, institutions and social security and welfare institutions, associations of local authorities, administrations and public bodies, institutions or bodies of insurance type)

• To subjects who need access to data for purposes that are auxiliary to the relationship between the parties, within the limits strictly necessary to carry out auxiliary tasks (for example, banks and credit institutions, service companies, carriers and shipping company)

• To our consultants, within the limits necessary to carry out their duties in our organization, subject to our letter of appointment which imposes the duty of confidentiality and security.

5. Communication and dissemination

Without the need of an explicit consensus art. 6 lett. B) and C) GDPR, the owner could communicate its data to entities of security, judicial authorities, to insurance companies for the delivery of insurance services, as well as to those subjects to whom the communication is mandatory by law for the purposes indicated.
Those subjects will process the data as independent data controllers.

6. Data transfer

Personal data are stored both on paper and on servers located both within the European Union and on servers located in non-EU countries. The Holder ensures that the transfer of non-EU data takes place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission.

7. Rights referred to in Article 15 of REGULATION (EU) 2016/679

In your capacity as an interested party, you have the rights included in art. 15 GDPR and precisely the following rights:

i. to obtain the confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;

ii. get the following information:

a) the origin of personal data;

b) the purposes and methods of the processing;

c) the logic applied in case of treatment carried out with the aid of electronic instruments;

d) the identifying details of the holder, of the responsible and of the representative designated according to the art. 3, paragraph 1, GDPR;

e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or agents;

iii. obtain:

a) updating, rectification or, when interested, integration of data;

b) the cancellation, transformation into anonymous form or blocking of data processed against the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

c) the certification that the operations referred to letters a) and b) have been brought to the attention, also as regards their contents, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment proves the impossible or involves use of means disproportionate to the protected right;

iv. to object, in whole or in part:

a) for legitimate reasons, the processing of personal data concerning you, even if concerned to the purpose of the collection;

b) to process the personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market researches or commercial communication, through the use of automatized call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.
Where applicable, it also has the rights, referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.

8. How to exercise the rights

You may exercise your rights at any time by sending the in charge person for the processing of personal data, in the person of the legal representative, available at the owner’s office, by sending a communication to the address-pec ongettasrl@legalmail.it in order to obtain a quick feedback.

9. Holder, manager and agents

The data controller is ONGETTA Srl, in the person of the legal representative appointed with responsibility as Data Processor, with registered office: Via A. Dalla Torre, 5 – 31047 PONTE DI PIAVE (TV).

The update list of data processors and data processors is kept at the registered office of the Data Controller.

10. Cookies

See the specific page dedicated to the Cookie Policy