Complete privacy policy for actual and potential customers
Engraving solutions
Who are we and what do we do with your personal data?
The company Engraving Solutions S.r.l. with its registered office in 55100, Lucca (LU), Via di Mugnano, 815 (hereinafter also the "Data Controller"), as Data Controller will see to the confidentiality of your personal data and guarantee its necessary protection from any event that could put it at a risk of violation.
The Data Controller applies policies and practices concerning the collection and use of personal data and the exercise of the rights recognized by the applicable legislation. The Data Controller is responsible for updating the policies and practices adopted for the protection of personal data whenever it becomes necessary and in any case whenever regulatory and organizational changes that may affect the processing of your personal data arise.
The Data Controller has appointed a Data Protection Officer (DPO) that you can contact if you have questions about the policies and practices adopted. The contact details of the Data Protection Officer are as follows: DPO@engravingsolutions.it.
How does the Data Controller collect and process your data?
The Data Controller collects and/or receives information about you, such as:
- name, surname
- phone number
- fax number
- address
- role in the company
- language
- images/videos
Your personal information will be processed for:
1) the management of the pre-contractual negotiation, of the contractual relationship and the fulfilment
of any other obligations including regulatory obligations, arising therefrom
Purpose | Legal Basis |
|
Execution of pre-contractual and contractual activities Fulfilment of legal obligations and depending on
|
Your personal data is also collected from third parties such as, by way of example:
- other data controllers (e.g. companies of the group).
The personal data that the Data Controller processes for this purpose are, among others:
- name, surname, e-mail, telephone number, fax number, address, role in the company, language,
images.
2) for the communication to third parties and recipients
Purpose | Legal basis |
Communication to third parties, such as:
|
|
The Data Controller may transfer your personal data abroad (non-EU countries) and in particular:
USA, South Africa, Russia, Turkey, Singapore, South Korea (Agents) - ex art. 49 lett.b) “the transfer is necessary for the performance of a contract between the Data subject and the Data Controller or the implementation of pre-contractual measures taken at the data subject’s request.”
Israel (Agents) - The European Commission adequacy decision on the adequate level of data protection by the State of Israel.
China, Brazil, USA (Sister Companies) - Standard contractual clauses aimed at ensuring adequate safeguards, including data subjects' rights with regard to the transfer of personal data outside the EU.
Japan (Sister Company) – Adequacy decision EU-Japan.
Your data will not be disclosed to third parties / recipients for their own independent purposes unless:
- you give permission
- the communication is necessary for the fulfilment of the obligations depending on the contract and the laws that govern it (e.g. for the defence of your rights, for reporting to the supervisory authorities, etc.).
3) for direct marketing activities concerning the services of the Data Controller
The processing of your personal data is to offer additional services to the ones you requested, perhaps even better or more appropriate to your needs and, in order to send you promotional material. The processing of your data (such as name, surname, e-mail, telephone number, fax number, address) may take place for:
- e-mail;
- sms;
- telephone contact even without an operator;
- paper mail;
- fax.
The processing in question may be carried out if:
- you give your consent for the use of the data also with regard to the communication methods, both traditional and automated, with which the processing takes place;
- the processing is carried out through a telephone operator contact, if you are not registered in the register of oppositions pursuant to Presidential Decree no. 178/ 2010;
- you have not opposed to the processing and/or if, in case, you have not specifically and separately objected to the sending of communications by traditional methods and/or by automated tools.
- for the communication of data to partners and/or to the companies of the group to which the Data Controller belongs for marketing activities in an autonomous basis
With your consent, your data such as name, surname, e-mail, telephone number, fax number, address may be processed for communication to partners and/to to the companies of the group to which the Data Controller belongs for independent marketing purposes concerning products and services of the recipients.
5) for information security purposes
Purpose | Legal basis |
|
Execution of activities depending on the
|
What happens if you do not give your consent to the processing of personal data?
If you do not provide your personal data, the Data Controller will not be able to follow up the processing related to the pre-contractual negotiation, the management of the contract and the services connected to it or to the fulfilments arising therefrom.
The Data Controller intends to carry out the processing based on certain legitimate interests that do not affect your right to privacy, such as those that:
- to allow the prevention of computer incidents and the notification to the supervisory authority or the communication to users, if necessary, of the violation of personal data;
- to allow communication to third parties / recipients for activities related to those of contract
management.
What happens if you do not give your consent to the processing of personal data for direct marketing purposes of the Data Controller and for the communication of data to partners and /or to the companies of the group to which the Data Controller belongs for marketing activities on an autonomous basis?
The processing of your personal data will not be carried out for such purposes; this will not have effects related to treatment of your data for the main purposes, nor for that for which you have already given your consent, if requested.
How and for how long is your data stored?
How
The data processing is performed through paper supports or IT procedures by specially authorized and trained internal subjects. Such internal subjects are allowed access to your personal data to the extent that it is necessary to carry out the processing activities that concern you. The data belonging to particular categories are treated separately from the others also by means of pseudonymisation or aggregation methods that do not allow you to be easily identified.
The Data Controller periodically verifies the tools through which your data is processed and the security measures provided for which it requires constant updating; verifies, also through the subjects authorized to the treatment, that personal data of which the processing is not necessary is not collected, processed, filed or stored; verifies that the data is stored with the guarantee of integrity and authenticity and their use for the purposes of the treatments actually performed. The Data Controller guarantees
that the data, even after the verifications, are found to be excessive or irrelevant will not be used except for the possible retention, according to the law, of the deed or document that contains them.
Where
The data is stored in paper, computerized and software archives located within the European economic area.
For how long
The personal data processed are kept for the time necessary to carry out the activities related to the management of the contract that you have stipulated with the Data Controller and for the fulfilments, including those required by law, arising therefrom.
In particular:
|
Duration of the contractual relationship
|
Once all the purposes that legitimize the retention of your personal data are exhausted, the Data Controller will take care of deleting them or making them anonymous.
The personal data processed by the Data Controller related to direct marketing are kept for 24 months unless you revoke the consent you have given and/or object to the processing.
However, you have the right to object at any time to the treatment based on legitimate interest for any reason related to your particular situation.
What are your rights?
In substance, you, at any time and free of charge and without special charges and formalities for your request, can:
- obtain confirmation of the processing carried out by the Data Controller;
- access your personal data and know the origin (when the data are not obtained from you directly), the purposes and the scopes of the processing, the data of the subjects to whom they may be disclosed, the period of retention of your data or the criteria useful for determining it;
- withdraw consent at any time, if this constitutes the basis of the processing. In any case, the revocation of the consent does not affect the lawfulness of the treatment based on the consent before the revocation;
- update or rectify your personal data so that they are always accurate and correct;
- delete your personal data from the data banks and / or the archives including backups of the Data Controller in the case, among others, where they are no longer necessary for the purposes of the processing or if it is assumed to be illicit, and always if they exist the conditions required by law; and in any case if the treatment is not justified by another equally legitimate reason;
- limit the processing of your personal data in certain circumstances, for example where it has disputed its accuracy for the period necessary for the Data Controller to verify its accuracy. You must be informed, in due time, even when the suspension period has been completed or the reason for the limitation of the processing has ceased, and therefore the limitation itself revoked;
- obtain your personal data, if received or processed by the Data Controller with your consent and / or if their processing is based on a contract and with automated tools, in electronic format also for the purpose of transmitting them to another data controller.
The Data Controller must proceed in this way without delay and, in any case, at the latest within one month of receiving your request. The deadline can be extended by two months, if necessary, taking into account the complexity and the number of requests received. In such cases the Data Controller, within a month of receiving your request, must inform you and inform you of the reasons for the extension.
For any further information and in any case to send your request, contact the Data Controller at privacy@engravingsolutions.it.
How and when can you oppose the processing of your personal data?
For reasons related to your particular situation, you can oppose the processing of your personal data at any time when this takes place for legitimate prevailing reason or if it concerns the processing of personal data whose disclosure is subject to your consent, sending your request to the Data Controller at the address privacy@engravingsolutions.it.
You have the right to the deletion of your personal data if there is no legitimate prevailing reason with respect to the one that gave rise to your request, and in case in the event that you are opposed to the processing of data.
Who can you lodge a complaint with?
Without prejudice to any other administrative or judicial action, you can file a complaint with the competent control authority or that which carries out its tasks and exercises its powers in Italy where you have your habitual residence or work or if different in the State Member where the violation of Regulation (EU) 2016/679 occurred.
Any update of this privacy policy will be communicated to you promptly and by appropriate means and the same will be communicated to you if the Data Controller proceeds to process your data for purposes other than those referred to in this statement before proceeding and in time to give your consent if necessary.