We inform you that your personal data acquired or being acquired by WÜRTH PHOENIX S.R.L., as “Data Controller”, from the data subject or through third parties such as public databases, company registers, the Internet, other companies, will be processed in compliance with legal requirements and with your (hereinafter referred to as “data subject”) rights. Personal data are referred directly to your organisation if it is a natural person or a sole proprietorship, or may consist of information relating to natural persons who represent, belong to or are otherwise related in any way to your organisation if it is a company or another public or private entity.
- Processing method
The processing may include the following operations: collecting (by telephone, telematic or written means or from public registers, lists of deeds and documents and/or public and/or private databases (commercial information companies), or on websites of public and/or private bodies, or from other customers or suppliers), recording, organising, storing and processing on paper, magnetic, automated or telematic media, processing of data collected by third parties, changing, selecting, extracting, comparing, using, interconnecting also with data of other subjects on the basis of qualitative, quantitative and time criteria that are recurring or definable on a case-by-case basis, temporary processing for the purpose of rapid aggregation or transformation of data, discretionary (never fully automated) decision making, profiling and information notices, communication, deletion and destruction of data, or combining two or more of the abovementioned operations.
The Data Controller has also appointed one or more external or authorised internal data processors. Authorised internal data processors belong to the homogeneous functional areas of the company that need to process the data for the purposes indicated in this information notice, such as the purchasing office, the administration office, the IT department, the marketing office, the sales office, etc.
The processing is supervised by adequate technical and organisational security measures, such as, among other things, electronic files protected by authentication credentials, access reserved only for authorised and periodically updated profiles, firewalls, antivirus and antispamm programmes, back-up systems and data recovery in the event of incidents, maintenance services.
- Processing purposes
The processing purposes are set below:
- meeting pre-contractual requirements (e.g. instruction of our offers or your orders, solvency checks);
- fulfilment of contractual (supply or purchase of goods and/or services, including the management of delivery requirements and the logistics and transport that are functional to it) and legal obligations (e.g. keeping of the accounts; tax formalities, administrative and accounting management, etc.);
- management of customers and suppliers for aspects other than those under 1-2 (internal organisation of the activities functional to the active and passive supply of products and/or services, e.g. credit management and risk control (fraud, insolvency, etc.), litigation management and disposal of loans; management of financial and insurance services instrumental to the management of suppliers and management of electronic payment instruments; production management, telephone directory management, statistical processing)
- only if you are our customers, direct marketing i.e. i) the sending of commercial and promotional communications and/or the direct offer of goods and services, via e-mail, fax, sms, telephone calls, social networks, and/or market research.
- Legal basis for the processing.
The legal basis for the processing is that it is necessary i) for the performance of a contract you are a party to or for the performance of pre-contractual measures taken at your request (e.g. requests for information or commercial offers), or ii) for compliance with a legal obligation to which WÜRTH PHOENIX S.R.L. is subject. In any case, it is a legitimate interest of our Company to be able to process data in order to effectively and efficiently manage the relation with its customers and/or suppliers and manage the related internal and external organisational processes (e.g. management of relations with any of its sub-suppliers functional to the supply requested by the data subject).
Limited to the processing for direct marketing purposes, it is carried out on the basis of your consent.
- Data communication.
Without prejudice to the communication to third parties made in fulfilment of legal requirements or arising from regulations or other EU legislation, or at the request of courts or other third parties whose right is recognised by these provisions, the data may be communicated by us to the following categories of third party recipients:
- banks and credit institutions, for the management of payments;
- insurance companies;
- debt collection companies, factoring companies, leasing companies, credit insurance or disposal companies, credit syndicates (solely for the purposes of credit guarantee and better management of our rights relating to the individual business relation);
- commercial information companies;
- professionals and professional firms (lawyers, chartered accountants, auditors, members of 231 supervisory bodies, etc.);
- accounting auditors;
- members of the supervisory body as per Italian Legislative Decree 231/2001 (if existing);
- entities that provide maintenance and/or IT assistance services in relation to our IT systems, databases and services;
- forwarding agents, carriers and couriers;
- other suppliers and sub-suppliers (in the case of customer or supplier data) or customers (in the case of supplier or sub-supplier data);
- other companies, entities and/or natural persons that carry out activities that are instrumental, supportive or functional to the performance of contracts or services requested by you (e.g. mail enveloping and sorting companies);
- other companies of the WÜRTH Group;
- public entities.
The Data Controller appointed as external processors all the categories of third party recipients to whom he/she communicates the data, unless they take on the role of autonomous data controller in accordance with the regulations in force.
Transfer of data abroad.
Should the offered services indicate it, the Controller could make use of “Microsoft Azure” cloud services that would involve the transfer of data abroad.
In connection with such transfer(s), the controller informs that:
The “Microsoft Azure” cloud solution received an adequacy decision from the “Article 29 Working Party” body on its compliance with the security standards approved by the EU Commission.
- Mandatory or optional consent and consequences of failure to provide consent.
For the processing aimed at the purposes referred to in the aforementioned letter B) points 1 to 3, your consent is not necessary. For the processing referred to in letter B point 4 (direct marketing purposes) the consent of the data subject may be freely withheld but any failure to consent will make it impossible to carry out the processing for these limited purposes. The consent given to us may be subsequently revoked by you at any time, by means of communication without any particular formalities to our Company at the email address indicated below.
- Data retention period.
The data will usually be processed for the entire duration of the contractual relations established with the data subject, and, subsequently, only for the duration necessary for the fulfilment of our legal obligations (10 years). To the extent that personal data are processed for purposes of IT security (e.g. logs of transactions or choices made online on our website), retention will be for the time required to allow security checks and document the results (usually 1 year from collection). In the event of a dispute with the data subject and/or with third parties, the data will be processed for all the time strictly necessary to exercise the protection of the rights of WÜRTH PHOENIX S.r.l.
- Data controller
The data controller of your personal data is WÜRTH PHOENIX S.r.l., with registered office in Via Kravogl n.4, 39100 – BOLZANO (BZ), e-mail: firstname.lastname@example.org.
With regard to the processing of personal data, you can exercise the rights set out below, contacting without any particular formality our Company at the e-mail address indicated above:
- ask our Company to confirm whether or not personal data concerning you are being processed and, if so, obtain access to personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations;
- where possible, the envisaged period of retention of the personal data or, if that is not possible, the criteria used to determine that period;
- the existence of the right of the data subject to ask our Company to correct or delete personal data or to limit the processing of personal data concerning him or her or to oppose their processing;
- the right to lodge a complaint with a supervisory authority; if the data are not collected from the data subject, all available information on their origin;
- the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and the expected consequences of such processing for the data subject.
- where personal data are transferred to a third country or an international organisation, the data subject has the right to be informed of the existence of appropriate safeguards relating to the transfer (NB: as explained in this information notice, currently our Company does not transfer abroad the data of the data subject);
- request, and obtain without undue delay, the correction of inaccurate data; taking into account the purposes of the processing, the integration of incomplete personal data, also by providing a supplementary statement;
- request the deletion of data if
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- the data subject revokes the consent on which the processing is based and there is no other legal basis for the processing;
- the data subject opposes the processing, if there is no overriding legitimate reason for carrying out the processing, or opposes the processing carried out for direct marketing purposes (including profiling functional to such direct marketing);
- the personal data have been processed unlawfully;
- personal data must be deleted in order to fulfil a legal obligation under European Union law or the law of the Member State to which our Company is subject;
- personal data have been collected in relation to the provision of services of the IT company from the database of our Company;
- request the limitation of the processing that concerns you, when one of the following cases applies:
- the data subject contests the accuracy of the personal data; in this case, the limitation of the processing (i.e. its suspension) may take place for the period necessary for our Company to check the accuracy of such personal data;
- the processing is unlawful (for example, because the data subject has not been provided with the prior information required by law) and the data subject opposes the deletion of personal data (i.e. he/she prefers them to be retained by us in our paper and/or computer files) and asks instead that their use be limited as above;
- albeit our Company no longer needs them for the purposes of processing, personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
- the data subject opposed the processing carried out for direct marketing purposes, pending verification of the possible prevalence of the legitimate reasons of our company over those invoked by the data subject;
- obtain from our Company, on request, the communication of third-part recipients to whom the personal data have been transmitted;
- revoke at any time the consent to the processing – where previously communicated for one or more specific purposes – of your personal data, it being understood that this will not affect the lawfulness of the processing based on the consent given prior to revocation.
- receive, in a structured format commonly used and readable by automatic device, personal data concerning the data subject supplied by him/her to our Company and, if technically feasible, transmit such data directly to another data controller without impediment on our part if the following (cumulative) condition is met:
- the processing must be based on the consent of the data subject for one or more specific purposes, or on a contract the data subject is a party to and for the performance of which the processing is required; and
- the processing must be carried out by automated means (software) (total right to the so-called “portability”).
The exercise of the so-called right to portability is without prejudice to the right of cancellation envisaged above;
- not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or which significantly affect his/her person in the same manner. For information, we would like to point out that we do not carry out any automated processing of this kind.
- lodge a complaint with the competent Supervisory Authority based on the GDPR (Italian DPA) or the ordinary Court.
Würth Phoenix S.r.l.
For information and explanations, please contact: email@example.com