The controller of personal data is SECO, through its personal data processor. In order to define and establish sales contractual relations, SECO will be in possession of Customer data, recognized as personal data by the Law. As regards personal data, Customer is informed that:
- Every order submitted is stored; a digital copy is saved in the server and a paper copy is kept in supplier's HQ office, in compliance with confidentiality and security standards. Data will be processed in writing and/or through magnetic, electronic or telematic support.
- Customer must provide personal data to the extent imposed by the law and the contractual agreement; therefore, refusal to provide or consent the use of personal data may prevent the establishment of contractual relations.
- Failure to provide other data not subject to contractual and legal obligations will be considered at a time and may involve critical decisions in relation to the incidence of data in the commercial relation.
- It being understood that when transmissions and disseminations are made in compliance with the law, data may be transmitted in Italy and/or abroad to: agents, suppliers, customers and partner of SECO, factoring companies, banks, carriers and shipping agents, companies controlled, affiliates or related to SECO, professionals and consultants for purposes of credit protection and improving the management of our rights in relation to every commercial relation.
- Data will be processed over the duration of the commercial relation and afterworld, in order to fulfill legal requirements and for future commercial purposes.
- As regard personal data, Customer may exercise rights as indicated below:
Right to access personal data and other rights
1) A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form.
2) A data subject shall have the right to be informed
a) of the source of the personal data;
b) of the purposes and methods of the processing;
c) of the logic applied to the processing, if the latter is carried out with the help of electronic means;
d) of the identification data concerning data controller, data processors and the representative designated;
e) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
3) A data subject shall have the right to obtain:
a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
4) A data subject shall have the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.