PRIVACY NOTICE
PURSUANT TO REGULATION (EU) 2016/679
ON THE PROTECTION OF PERSONAL DATA (“GDPR”)
AND REQUEST FOR CONSENT TO THE PROCESSING OF PERSONAL DATA


PREMISE
In compliance with the requirements set forth in Regulation (EU) 679/2016 (General Data Protection Regulation - “GDPR”), M.M. srl Company (henceforth, the “Company”), has prepared this Notice to inform customers on how their personal data are processed, making them aware of their rights are and how they can be exercised.

DATA CONTROLLER AND CONTACT DATA
The Data Controller is M.M. srl - in the person of its pro tempore legal representative, with registered office in Udine (UD), A. Zanussi, no. 300/302, VAT Reg. no. 00477620306 - Tel .: 0432 522970; E-Mail: privacy@mmgrigliati.it.

SOURCES OF PERSONAL DATA COLLECTION
The Company collects personal data directly from customers, both in its own sales offices and other venues (for example, at events or fairs) and through remote communication means (for example, through its website or online portals). Personal data may be provided at the time of quote and information request, during negotiations, when contracts are signed and during their implementation, and when services are subscribed to or provided.

PROCESSING METHODS
Personal data are processed either manually, in paper format, or through electronic, computerized, and/or automated tools, according to a logic that is strictly related to the purposes indicated.
Personal data are entered in our management system and in a Customer Relationship Management (“CRM”) system
In any case, personal data are protected by appropriate technical and organizational measures, in order to guarantee their safety and confidentiality, in compliance with current statutory regulations. The Company has implemented specific security measures to prevent data loss or destruction, unauthorized access, and processing that is either unlawful or not consistent with the purposes for which they were collected.

PURPOSES OF PROCESSING AND LEGAL BASES
The Company processes personal data for operational management purpose. It refers to the implementation of all those activities deemed strictly functional to the fulfilment of requests, both in the pre-contractual phase and during implementation, as well as any activities connected and instrumental thereto, that are functionally linked to the Company's operations or protect its rights, including, but not limited to: management of negotiation activities - pre-contractual phase; negotiation and stipulation of contract or order requests; provision of services; fulfilment of administrative and accounting requirements; management of payments; technical assistance and support request, including after sales; and management of complaints, if any. Furthermore, the following activities are connected and instrumental to the foregoing: verification of internal quality through audits and inspections, including those performed by third parties; fulfilment of legal, accounting, tax and administrative obligations deriving from the law, statutory provision and EU legislation; credit recovery; credit risk protection; protection of corporate assets; and, protection of the Company's rights in courts of law, or where most appropriate. The aforementioned processing purposes are lawful since they are necessary for the implementation of a contract or pre-contractual measures adopted upon request, to allow the Company to meet its legal obligations and pursue its legitimate interests.
Pursuant to Whereas 47 of Regulation (EU) 679/2016 and Article 130 of the Data Protection Act, the Company proposes products or services similar or complementary to those already requested to existing customers for direct marketing purposes
In all other cases, the delivery of advertising, direct sales, commercial and promotional communication can occur with prior consent of the concerned party.
In order to compare and possibly improve the results of communications, the Data Controller relies on systems for sending newsletters and promotional communications with reports.
Pursuant to Whereas 47 of Regulation (EU) 679/2016, the assessment of customer satisfaction on products and/or services via telephone interviews or on-line questionnaires, is also considered to be a legitimate interest of the Company, since it allows improving quality.

DATA CONFERMENT
The provision of personal data is always voluntary.
However, conferment for Primary Purposes is necessary and essential to allow the Company to fulfil requests. Therefore, failure to provide personal data may make it impossible for the Company to begin negotiations/pre-contractual activities, stipulate contracts, manage post-contract phases and/or, in any case, provide services or products.
The provision of personal data is, however, absolutely voluntary and optional for marketing purposes. Any failure to provide personal data for the aforementioned purposes will have no consequence, if not the impossibility for the Company to carry out the above described procedure.

KNOWLEDGE OF DATA AND THEIR NOTIFICATION
Where processed in electronic format, data can be accessed from any branch of the Company.
Personal data are processed by subjects specifically authorized or designated by the Data Controller within its facility (employees and collaborators) in relation to the tasks they are asked to carry out.
Personal data may also be processed by other third parties operating on behalf of the Company by virtue of specific contractual obligations or, in any case, duly authorized or appointed as data processors. By way of example, where necessary, personal data may be processed by: IT, automated and technological service providers, including hosting and maintenance services; companies that offer maintenance, updating and development services for websites and related functionalities; quality control and/or certification bodies or related activities; auditors; communication agencies. For the pursuit of operational management purpose, personal data may be shared with the following categories of recipients: banks and credit institutions; debt collection companies; credit insurance companies; professionals, experts, consultants, firms or consultancy firms in the administrative, insurance, accounting, tax, technical and legal fields; and, companies operating in the shipping and transport sector.
In general, however, personal data may always be disclosed to third parties, public and private, for compliance with legal requirements, as it pertains to requests from public authorities, or to exercise a right in a court of law, or in any other place.
Personal data are not disclosed and are not subject to dissemination.

TRANSFER OF DATA ABROAD
The Company mainly manages personal data in its possession within its facilities, or, in any case, within the EU.

DURATION OF PROCESSING
In accordance with statutory provisions requiring the retention of documents for accounting purposes, and the general rules relating to the standard limitation period for contractual actions, we will delete personal data relating to Primary Purposes after ten years from the moment of contract termination.
Personal data processed for Marketing Purposes will be deleted after the ten-year term, which is considered to be reasonable since such data are related to the sale of goods with low purchase frequency.

RIGHTS OF CONCERNED PARTIES
In applying the GDPR, we inform you that concerned persons may exercise the following rights at any time:
obtain confirmation of whether or not their personal data are being processed, and, if so, obtain access to such data and all information, as set forth in Art. 15 of the G.D.P.R., possibly obtaining a copy thereof, where such request does not damage the rights and freedoms of others;
obtain the correction of their inaccurate personal data without undue delay. Taking account of the processing purposes, concerned parties have the right to obtain the integration of incomplete personal data, also by providing a supplemental statement;
obtain the deletion of their inaccurate personal data without undue delay;
obtain the limitation of processing when any of the cases foreseen in Art. 18 of the GDPR apply;
data portability, namely, to receive personal data of concern provided to the Company, in structured and common-use format that is legible by automatic devices;
To exercise the aforementioned rights, the concerned parties may contact the Company at any time at the following address: privacy@mmgrigliati.it.
The request for deactivation and cancellation of the subscription to the Newsletter Service may be carried out by the concerned parties at any time by clicking, on the link at the end of the text (“Unsubscribe me”).

RIGHT TO OPPOSE
In accordance with the requirements of Art. 21, paragraph 4 of the GDPR, the Company guarantees the right to oppose.
To exercise the aforementioned rights, the concerned parties may contact the Company at any time at the following address: privacy@mmgrigliati.it.

RIGHT TO LODGE COMPLAINTS
Furthermore, if Data Subjects believe that data processing carried out by the Company is illegal, they can lodge a complaint with the competent Supervisory Authority.


REQUEST FOR CONSENT TO THE PROCESSING OF PERSONAL DATA

Having read the privacy policy pursuant to Regulation (EU) 2016/679 on the protection of personal data (“GDPR”), I, the Undersigned .................................................................. ................................., telephone number .......................................... email .......................................... gives his/her consent to the processing of personal data for the receipt of commercial and promotional communication, including of periodic nature (newsletter).

                                                                                                                                                      ○ YES     ○ NO

           Signature
 

Contacts
+39 0432 522970
+39 0432 602218
Facebook Twitter YouTube Google Plus Share