COPLAN SRL may process user’s personal data when he or she visits the website and uses the services and the functionality present on the website. Where provided for in Reg. EU 679/2016 will be required user’s consent before proceeding to the processing of his or her personal data. If the user provides third party’s data, he or she shall ensure that the communication of data and the subsequent processing for the specified purposes is applicable in accordance with the Reg. EU 679/2016.
2. Controller, Supervisors, Processors and DPO
The Controller is COPLAN SRL, based in VIA TREVES 74 – 20090 TREZZANO SUL NAVIGLIO (MI) – ITALY fiscal code and VAT registration number 09463670159. The supervisor is LITSCHER DANIEL. The updated list of processors is kept at the head office of the Controller.
3. Object of treatment
The visit of the website does not generally involve the personal data collection and treatment, except for browsing data and cookies. In addition to browsing data may be object of treatment personal data (for example name, surname, business name, address, bank details and payment data) voluntarily provided by the user when he or she uses the functionality of the website or claims the services on the Website or on the occasion of pre-contractual or contractual relationship, closely related to a current or future commercial relationship. COPLAN SRL, in compliance with the Privacy Code, could collect user’s personal data by third parties in the performance of its activity.
4. Purposes of the treatment
A) The Company process users’ data with the following modalities and purposes:
• To conclude a contract;
• To fulfil pre-contractual, contractual and fiscal obligations arising from current relationships;
• To allow users to use website’s services and functionalities;
• To handle requests and reports from its users;
• To fulfil obligation provided for by law, a regulation, community law or an order by the Authority;
• To exercise Controller’s rights (the exercise, the defence, etc….)
B) Your personal data may be processed only with your prior and distinct agreement (art.7 Reg. EU 679/2016), for the following marketing purposes:
• To send to the user promotional material or business communications related to the Company’s
services and products, to the indicated address, both through traditional modalities (such as postal service, call centre, etc.) and automated modalities (such as, via the internet, fax, e-mail, SMS, mobile devices applications, cd, social network accounts)
5. Modality and time of treatment
The treatment of your personal data is realized through the procedures indicated in the art. 4 Privacy Code, consisting of: collection, registration, organization, conservation, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, block, communication, cancellation, destruction of data. Your personal data are exposed to both paper treatment and automatic treatment in full compliance with Reg. EU 679/2016 and inspiring to honesty and lawfulness of treatment. Personal data are kept and treated through information systems owned by COPLAN SRL and managed by the same company. The Controller will treat personal data for the time needed to fulfil the purposes specified and no later than 10 years since the termination of the contract for service purposes. For marketing purposes will the Controller treat the data no later than 2 years since their collection. The data of those who do not purchase or use products or services, having a contact with the Company, will be immediately deleted or treated anonymously if the conservation is not be justified, unless informed consent about the subsequent marketing research or commercial promotion is given.
6. Safety and quality of personal data
The Controller undertakes to protect the safety of user’s personal data and respect the relevant legal provisions on safety in order to avoid data losses, irregular use and unauthorized access to them, with specific reference to the technical specification about safety. Procedures, systems and programs used are configured so that the use of personal data is minimised.
7. Data will be available
Data will be available only for those, inside the society, that need them because of their task. These people will be instructed in order to avoid problem about data. The data will be available for the purposes of points 4.A) and 4.B):
• To employees and co-worker of Controller and related companies in Italy, in their capacity as processors, internal data managers, external data manager and system administrators;
• To third party companies or other people involved in outsourcing activities on behalf of the Controller, in their capacity as external data manager, with prior consent at the time of contract conclusion
• To professionals, consulting firms, factoring firms, credit institutions, information societies, debt collection companies, credit insurance companies and transport companies;
• To institutions that have access to your data pursuant to national law, community law or secondary law;
• To public or private institutes, as a result of inspections (for example financial administration, law enforcement agencies, legal authorities, labour inspectorates, ASL, provident societies, Enasarco, Chamber of Trade, etc.)
• To computer systems companies having specific tasks about contractual obligations and the staff in charge of ordinary and extraordinary maintenance.
8. Data communication and transfer
Your data may be communicated both in national and international range but they will never be publicized, propagated, shown or made available to people not specified previously. Those who will receive data will process them as separate Controller and will be obliged to follow the legislation in the field of safety of data processing. Your personal data are stored in server placed in COPLAN SRL’s office or in the European Union.
9. Disposition of data providing and consequences for the refusal to answer
Data providing for the purposes of point 4.A) is mandatory to enable the Company to manage the communications and user’s requests or to contact the user to follow up to his or her requests. The non- communication will make the commercial relationship management impossible and will cause inconvenience to order management.
Data providing for the purposes of point 4.B) is not mandatory and the non-communication will not cause no consequence for the user, so you can opt not to supply any data or to deny at a later time the possibility of processing already given data, in this case you will not receive any newsletter, commercial communication and promotional material about Controller’s services.
10. Data subject’s rights
As data subject, you have the rights of articles 15-21 of Reg. EU 2016/679, in detail:
10.1 Right of access to data
• The data subject shall have the right to obtain, with a written request sent via e-mail, confirmation as to whether or not personal data concerning him or her are being processed from the Controller and/or the processors.
• The data subject shall have the right to access, with a written request via e-mail, to personal data concerning him or her processed by the Controller and/or the processors.
10.2Right to Rectification
• The data subject has the right to obtain, with a written request sent via e-mail, from the Controller and/or the processors, the correction of incorrect personal data that concern him or her without undue delay.
• The data subject has the right to obtain, with a written request sent via e-mail, providing a supplementary statement the integration of his or her incomplete data from the Controller and/or processors.
10.3 Right to Erasure of data (Right to be forgotten)
• The data subject shall have the right to obtain, with a written request sent via e-mail, from the Controller and/or the processors, the erasure of personal data concerning him or her or of part of them, both from Controller’s paper archive and computer system
• The Controller and/or the processors, following the written request, are obliged to delete all user’s data or part of them according to user’s choice without undue delay
10.4 Right to Restriction of processing
• The data subject shall have the right to obtain temporarily, from the Controller and/or the processors, restriction of processing where one of the following applies: a. the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of personal data. b. the processing is unlawful and the data subject opposes the erasure of the personal data requests the restriction of their use instead. c. the Controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or legal claims.
• The data subject that have obtained from the Controller and/or the processors the restriction of his or her personal data shall be informed via e-mail before the restriction is lifted.
10.5 Notification obligation for Controller and/or processors
The Controller and/or the processors shall communicate any rectification or erasure of personal data or restriction of processing to the data subject, unless this proves impossible or involves disproportionate effort.
10.6 Right to object
The data subject shall have the right to object to processing of personal data concerning him or her, with written request sent via e-email. The Controller and/or the processors shall no longer process the personal data.
10.7 Right of data portability
• The data subject shall have the right to obtain, with written request sent via e-mail, the transmission of his or her personal data processed by the Controller and/or the processors to another controller, in a structured, commonly used and machine-readable format
• The exercise of this right can occur only if technically possible, that is to say if the Controller and/or the processors process data automatically
• The exercise of this right cannot compromise the point 10.4 (Right to Restriction to processing)
10.8 Right to lodge a complaint with a supervisory authority
If the data subject considers that his or her or her right are infringed has the right to lodge a complaint to
the authority responsible for privacy, to its public relations office:
• Garante per la protezione dei dati personali (authority responsible for privacy)
Address: piazza di Monte Citorio 121, 00186 Roma; fax: +3906 696773785; telephone: +3906
696771; e-mail: firstname.lastname@example.org – certified e-mail email@example.com
• Ufficio relazioni con il pubblico (public relations office)
Address: piazza di Monte Citorio 121, 00186 Roma; telephone +3906 696772917 – e-mail: firstname.lastname@example.org
11. Modality for the exercise of the rights
You can exercise your right at any moment sending a message to the Controller:
• With registered mail to COPLAN SRL based in VIA TREVES 74 – 20090 TREZZANO SUL NAVIGLIO
(MI) – ITALY
• Certified e-mail to email@example.com