POLICY ON THE PROCESSING OF PERSONAL DATA OF CUSTOMERS

Customer information natural persons

Subject: Information pursuant to Article 13 of the European Regulation 679/2016 on the protection of personal data processing.

The Company L. Gobbi S.r.l. Unipersonale as Data Controller (hereinafter also
Data Controller), pursuant to and in accordance with Article 13 of the European Regulation 2016/679 – GDPR and the applicable national legislation
, is required to provide some information regarding the use of your personal data.

Personal data processed

The Controller processes various of your personal data (hereinafter referred to as “personal data” or also “data”) such as your first name, last name, telephone number, e-mail, vat number, tax code, residential address, date and place of birth, provided by you when signing the contract with the Controller or even subsequently.

Purpose and legal basis for processing

Personal data are collected and processed for the following purposes and because of the following legal bases:

(a) for contractual purposes and in particular for:

Personal data are collected and processed for the following purposes and because of the following legal bases:

The performance of the contract or fulfillment of pre-contractual commitments:

  • The management of pre-contractual and contractual relationships;
  • The fulfillment of obligations related to the execution of the contractual relationship;
  • The conclusion, management and execution of the existing contractual relationship, providing for the relevant billing and sending communications related to the contract.

The fulfillment of legal obligations:

  • The management of administrative, accounting, civil and tax compliance;
  • Management of Certificates of Entitlement to Sell with possible photograph of the person qualified to sell (Entitlement and so-called Patent);
  • Compliance with and fulfillment of obligations under laws, regulations, EU regulations and orders of competent authorities.

The pursuit of a legitimate interest of the Owner:

  • the handling of complaints, litigation, contractual defaults, the recovery of debts, the prevention and suppression of unlawful acts, as well as the protection of the rights and legitimate interests of the Holder and/or third parties, including in court: the Holder’s interest corresponds to the constitutionally guaranteed right of action (art. 24 Const.) and, as such, is socially recognized as prevailing over the interests of the individual data subject.

Data disclosure and recipients

Without prejudice to communications performed in fulfillment of legal and contractual obligations, all data collected and processed may be communicated for the purposes specified above to:
– Judicial authorities;
– Any other subjects, to whom the current legislation and/or contract provides for the obligation of communication. In addition, in the management of your data, the following categories of authorized internal and/or external managers who have been given specific instructions may become aware of them:
– Employees of the personnel, administrative and accounting department and/or in any case employees/collaborators of the Data Controller; – Professionals or Service Companies for business administration and management who work on behalf of our company Data Controller;
– Agents;
– Service Providers who perform outsourcing activities on behalf of the Data Controller;

Data Transfer

The Controller does not transfer your personal data outside the European Economic Area (“EEA”). However, in the event that it becomes necessary to transfer your personal data outside the EEA, the Controller will assess the impact of the transfer and adopt appropriate safeguards, including European Commission adequacy decisions under Article 45 of the Regulation, standard contractual clauses approved by the European Commission, and contractual instruments providing adequate safeguards (Article 46 Regulation).

Data retention data

The Data collected will be retained for the duration of the contract entered into and, after termination, for the period of 10 (ten) years from the termination of the contract, unless there are certain needs that justify retention for an additional period, such as litigation. In the latter case, the data will be retained until the time limits for appeal actions have been exhausted.

Nature of data provision and consequences in case of non-disclosure

The provision of your personal data processed for contractual purposes is necessary for the conclusion and management
of the contract. Therefore, failure to provide such data will make it impossible for the Owner Company to give
execution of the contract.

Rights of the data subject

The Controller informs you that, as a data subject, if the limitations provided by law do not apply, you have the right to:
(a) to request confirmation whether or not any processing of one’s personal data is taking place;
b) access their personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, and the existence of automated decision-making processes;
(c) to obtain without delay the rectification of inaccurate personal data concerning him/her and the notification thereof to those to whom the data may have been transmitted;
d) to obtain, in the cases provided for, the cancellation of their data and notification of those to whom the data may have been transmitted;
(e) obtain restriction of processing, when provided;
(f) object to the processing of personal data when possible;
g) request and obtain the portability of personal data in the established cases and in a structured, commonly used and machine-readable format, including for the purpose of transmitting such data to another data controller, within the limits of the material feasibility of the operation and the costs to be incurred;
h) lodge a complaint with the Data Protection Authority www.garanteprivacy.it;
i) file a judicial appeal against a legally binding decision of the Supervisory Authority (Art. 78 GDPR);
j) file a judicial appeal if he/she believes that his/her rights have been violated as a result of processing (Art. 79 GDPR).
You may exercise your rights by writing to the address of the Company, Data Controller, below or to the following e-mail address privacy@lgobbi.it

Data controller

The data controller whom you may contact is L. Gobbi S.r.l. Unipersonale 16013 – Campo Ligure (GE), Via Vallecalda 33, email lgobbi@legalmail.it

The Data Controller L. Gobbi S.r.l. Unipersonal

Legal entity customer information

Subject: Information pursuant to Articles 13 and 14 of European Regulation 679/2016 on the protection of personal data processing.

The Company L. Gobbi S.r.l. Unipersonale as the Data Controller of personal data (hereinafter also the Data Controller
or Company), pursuant to and in accordance with Articles 13 and 14 of the European Regulation 2016/679 – GDPR and the applicable national legislation
, is required to provide some information regarding the use of personal data processed.

Personal data processed

The Controller in the execution of the contract with the Client Company may process various personal data (hereinafter “personal data” or also “data”) such as, for example, name, surname, address, tax code, VAT number, telephone number, e-mail of employees and/or consultants of the Client Company involved in the activities under the said contract. In the latter case, the source from which the data comes is the Client Company.

Therefore, the Client Company undertakes to communicate this information and/or bring it to the attention
of its employees and/or consultants and/or all individuals whose data could be processed
in the execution of the contract, assuming all responsibility and/or indemnifying L. Gobbi S.r.l. Unipersonale from any
prejudicial consequences arising from failure to comply with this provision.

Purpose and legal basis for processing

Personal data are collected and processed for the following purposes and because of the following legal bases:

(a) for contractual purposes and in particular for:

The performance of the contract or fulfillment of pre-contractual commitments:

  • The management of pre-contractual and contractual relationships;
  • The fulfillment of obligations related to the execution of the contractual relationship;
  • The conclusion, management and execution of the existing contractual relationship, providing for the relevant billing and sending communications related to the contract.

The fulfillment of legal obligations:

  • The management of administrative, accounting, civil and tax compliance;
  • Management of Certificates of Entitlement to Sell with possible photograph of the person qualified to sell (Entitlement and so-called Patent);
  • Compliance with and fulfillment of obligations under laws, regulations, EU regulations and orders of competent authorities.

The pursuit of a legitimate interest of the Owner:

  • the handling of complaints, litigation, contractual defaults, the recovery of debts, the prevention and suppression of unlawful acts, as well as the protection of the rights and legitimate interests of the Holder and/or third parties, including in court: the Holder’s interest corresponds to the constitutionally guaranteed right of action (art. 24 Const.) and, as such, is socially recognized as prevailing over the interests of the individual data subject.

Data disclosure and recipients

Without prejudice to communications performed in fulfillment of legal and contractual obligations, all data collected and processed may be communicated for the purposes specified above to:
– Judicial authorities;
– Any other subjects, to whom the current legislation and/or contract provides for the obligation of communication. In addition, in the management of your data, the following categories of authorized internal and/or external managers who have been given specific instructions may become aware of them:
– Employees of the personnel, administrative and accounting department and/or in any case employees/collaborators of the Data Controller; – Professionals or Service Companies for business administration and management who work on behalf of our company Data Controller;
– Agents;
– Service Providers who perform outsourcing activities on behalf of the Data Controller;

Data Transfer

The Controller does not transfer your personal data outside the European Economic Area (“EEA”). However, in the event that it becomes necessary to transfer your personal data outside the EEA, the Controller will assess the impact of the transfer and adopt appropriate safeguards, including European Commission adequacy decisions under Article 45 of the Regulation, standard contractual clauses approved by the European Commission, and contractual instruments providing adequate safeguards (Article 46 Regulation).

Data retention data

The Data collected will be retained for the duration of the contract entered into and, after termination, for the period of 10 (ten) years from the termination of the contract, unless there are certain needs that justify retention for an additional period, such as litigation. In the latter case, the data will be retained until the time limits for appeal actions have been exhausted.

Nature of data provision and consequences in case of non-disclosure

The provision of your personal data processed for contractual purposes is necessary for the conclusion and management
of the contract. Therefore, failure to provide such data will make it impossible for the Owner Company to give
execution of the contract.

Rights of the data subject

The Controller informs you that, as a data subject, if the limitations provided by law do not apply, you have the right to:
(a) to request confirmation whether or not any processing of one’s personal data is taking place;
b) access their personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, and the existence of automated decision-making processes;
(c) to obtain without delay the rectification of inaccurate personal data concerning him/her and the notification thereof to those to whom the data may have been transmitted;
d) to obtain, in the cases provided for, the cancellation of their data and notification of those to whom the data may have been transmitted;
(e) obtain restriction of processing, when provided;
(f) object to the processing of personal data when possible;
g) request and obtain the portability of personal data in the established cases and in a structured, commonly used and machine-readable format, including for the purpose of transmitting such data to another data controller, within the limits of the material feasibility of the operation and the costs to be incurred;
h) lodge a complaint with the Data Protection Authority www.garanteprivacy.it;
i) file a judicial appeal against a legally binding decision of the Supervisory Authority (Art. 78 GDPR);
j) file a judicial appeal if he/she believes that his/her rights have been violated as a result of processing (Art. 79 GDPR).
Data subjects may exercise their rights by writing to the address of the Company, Data Controller, below or to the following e-mail mail address privacy@lgobbi.it

Data controller

The data controller whom you may contact is L. Gobbi S.r.l. Unipersonale 16013 – Campo Ligure (GE), Via Vallecalda 33, email lgobbi@legalmail.it

The Data Controller L. Gobbi S.r.l. Unipersonal

Pursuant to art. 13 D. Lgs. 196/2003 and EU Regulation 679/2016, L. GOBBI S.r.l. provides the following information regarding the processing of personal data of Customers, Suppliers, Maintainers, Collaborators and other subjects.

1. PURPOSE OF PROCESSING

Personal data are processed exclusively for the fulfillments related to ‘economic activity of the company and the normal contractual relationship, according to the following specific purposes:

  • Master data management;
  • Transportation document management;
  • Purchase and sale and related activities;
  • Management of Certificates of Entitlement to Sell with possible photograph of the person qualified to sell; (Entitlement and so-called Patentino)
  • Accounting and billing management;
  • Credit and debt management;
  • Management of business contacts and operations
  • Any legal and contractual fulfillment.

2. METHODS OF PROCESSING

The processing of personal data is carried out using paper and/or computer and/or telematic supports, with logics and organization of the data strictly related to the purposes themselves and structured in such a way as to guarantee the security and confidentiality of the data, by the specially appointed individuals, in compliance with the provisions of Article 13 D. Lgs. 196/2003 and EU Regulation 679/2016.

3. PROVISION OF DATA

The provision of data for the purposes mentioned in point 1, while optional, is nevertheless necessary for proper management of business relations, and refusal of authorization may make it impossible to properly fulfill contractual obligations and result in termination of the contract.

4. COMMUNICATION AND DISSEMINATION OF DATA

Data will be processed through the adoption of suitable technical and organizational measures to meet the compliance with the

privacy regulations. The data may be communicated to subjects competent for the performance of the purposes referred to in point 1 and will be processed by internal staff authorized with regard to the performance of the working activity of L. GOBBI S.r.l. In particular, your data may be communicated to third parties, such as banking institutions and debt collection companies, companies operating in the transport sector, companies/professional firms that provide assistance, advice or collaboration in accounting, administrative, fiscal and legal, tax and financial matters.

Your data may be disclosed as a result of inspections or audits, to supervisory bodies, judicial authorities as well as to all other parties to whom disclosure is required by law.

The persons to whom L. GOBBI S.r.l. communicates the data act as Data Processors designated by the Data Controller by means of special contract or as persons authorized to process personal data under the direct authority of L. GOBBI S.r.l.

5. DATA RETENTION PERIOD

Data are kept at the administrative office for the time required to fulfill legal obligations, according to current regulations.

6. DATA CONTROLLER

The data controller of personal data is:

L. GOBBI S.r.l.
Registered office: Via B. Bosco, 57 – 16121 GENOVA – ITALY
Administrative headquarters: Via Vallecalda, 33 – 16013 CAMPO LIGURE (GE) – ITALY
PEC: lgobbi@legalmail.it

In the person of its Legal Representative: Alessio Zanasi

7. RIGHT OF ACCESS TO DATA AND OTHER RIGHTS OF THE DATA SUBJECT

In relation to the processing operations described in this policy, the data subject may, as provided for in EU Regulation 679/2016, exercise the following rights:

    • Right of access: has the right to obtain confirmation of the existence or non-existence of personal data concerning him/her – Art. 15 GDPR;
    • Right to rectification: has the right to obtain rectification of data concerning him/her – Art. 16 GDPR;
    • Right to erasure (right to be forgotten): he has the right to obtain the erasure of data concerning him art. 17 GDPR;
    • Right to limitation of processing: you have the right to obtain limitations according to art.18 GDPR;
    • Right to portability: you have the right to obtain data portability under Art. 20 GDPR;
    • Right to object: you have the right to object to the processing of personal data – Article 21 GDPR;
    • Right of revocation: has the right to revoke consent at any time;
    • Right to complain: has the right to file a complaint before the supervisory authorities (Data Protection Authority).

8. Ways of exercising rights

The above rights may be exercised at any time, against the Owner or the Manager, by contacting the above-mentioned references or by forwarding appropriate request via PEC: lgobbi@legalmail.it

Ligurian Field, 5/21/2018