Privacy Policy
GENERAL PRIVACY INFORMATION POLICY
GDPR - EU REGULATION 679/2016 - last updated: 03/09/2018
This document constitutes the privacy information policy applicable to data processing that occurs within the data controller's facilities; for special privacy data processing, special privacy policies apply.
Identity and contact details of the data controller
The data controller is Zappettificio MUZZI Soc. Coop. a r. l., taxpayer's code 03102310376, VAT n. 00596321208, with registered office in Castel Guelfo di Bologna (BO), 40023, via Medesano 24, phone +39 0542 53117, fax +39 0542 53752, email info@muzzi.com; website www.muzzi.com.
The data controller is a company specialized in forging, drawing, hot stamping and metal profiling (no data protection officer, DPO, or representative is required by law.)
Purpose and legal basis of data processing
The processing of customers' personal data refers to personal information, identification and contact details, data regarding estimates, bids and commercial orders and administrative, accounting and financial data; among the data processed there may also be identification and contact details of company contact persons which, if supplied, are collected and processed exclusively within the scope of existing relationships with the customers that they refer to. The legal basis for processing all the above personal data is formed by the commercial agreements entered into by the customers.
The processing of suppliers' personal data, performed following purchase transactions of suppliers' goods and services, refers to data regarding estimates, bids and orders and administrative, accounting and financial data; among the data processed there may also be identification and contact details of company contact persons which, if supplied, are collected and processed exclusively within the scope of existing relationships with the suppliers that they refer to. The legal basis for processing all the above personal data is formed by the commercial agreements entered into by the suppliers.
The processing of personal data of one's employees includes personal information, identification and contact details, and administrative, accounting and financial data, as well as the identification and personal information on their dependents, necessary to finalise their respective employment contracts, with the employees as parties thereto, which form the legal basis of the data processing; as regards special, sensitive data, especially regarding sickness and health conditions, these are processed on the basis of the explicit consent given by the data subjects.
The processing of personal data that users of the data controller's website freely submit by filling in the forms available from the website is done for the sole purpose stated in those forms and on the legal basis represented by the requests contained in the forms; in certain cases, the legal basis of the processing can be the obtainment of consent from the data subjects, which may be indicated at the foot the mentioned forms by ticking special checkboxes; these boxes are never pre-ticked, their filling has no effect on the sending of the form, and they are always clearly marked, so that users can express their will in a free, specific, informed and absolutely unequivocal manner.
Although, as indicated above, data processing normally takes place on the basis of contracts that the data subjects are parties to, or sometimes, on the basis of their specific consent, occasionally, however, data processing may be done to pursue the legitimate interest of the data controller or of third parties, but only if this does not prevail over the interests or the fundamental rights and freedoms of the respective data subjects, who in any case are informed and made aware thereof from time to time
Data Recipients or Categories of recipients
The personal identifying and contact details and accounting, administrative and even special data of the data subjects may be sent or even just potentially be made available to external entities appointed to carry out certain activities and services (e.g. accountants, employment consultants, IT experts and system administrators in charge of system and hardware and software maintenance and servicing, to the provider of electronic communication services, to law firms, to insurance companies, etc.; often, as is the case for IT services, exposure to these data is not significant and quite occasional in nature.) Every instance of outsourced data transfer and processing is regulated by a dedicated and specific contract, through which each facility used is requested to observe binding rules for the protection of the processed personal data and of the appropriate guarantees to offer in terms of reliability, resources and technical and organizational measures to be adopted, in accordance with the requirements of the EU Data Protection Regulation.
International data transfers
As a rule, the data controller will not transfer data to non-EU countries, either physically or through the use of cloud- or web-based servers located abroad.
Data storage period
In the case of customers and suppliers, storage of their data is done for the time prescribed by the civil code and by tax regulations; for employee data, the same storage time rules apply, also in consideration of other social security and welfare rules, under which this period of time could even exceed 10 years in the case of lawful suspension of the limitation periods by the appointed institutions; the personal data supplied freely by users are destroyed within a reasonable period of time following the obtainment of a reply and, in any case, on average within one year.
Profiling and automated decision making processes
The data controller will not carry out personal data profiling or other automated decision-making processes.
Rights of the data subjects
Data subjects who are natural persons have the right to request access to their personal data as well as the correction, deletion or limitation of data processing; furthermore, they have the right to oppose data processing itself, or to ask for the portability of their data to another data controller (these rights do not apply in the case of data processed for legitimate interests of the data controller, in fulfilment of legal or contractual obligations, or when the data are to be provided as a requirement for entering into agreements; with regard to the consequences of failure to submit data, please refer to the existing contractual agreements). In the case of data processing legitimated by explicit consent, the data subject may withdraw such consent at any time, without prejudice, however, to the lawfulness of any processing that has been performed on the basis of the active consent supplied earlier, before it is withdrawn. In case of failure to observe the data subject's specific rights, the data subject has the right to file a complaint with the Supervisory Authority.
Data controller's website
This is a website the main purpose of which is to illustrate the data controller's identification and contact data, activities and services; in the "contact us" page form, which users can use to request information of interest from the data controller, the mandatory data are field of business, name, surname, email, province and country (company, telephone and remarks are not required fields)
Cookies
Check our cookie policy through the special link.
Updates related to this general privacy policy
This general privacy policy can be periodically reviewed and updated. The latest update is shown at the top of the page.
|
Índice de productos
Accesorios
|
El acceso al usuario a descargar el catálogo