Privacy Policy
PRIVACY POLICY PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter, “GDPR” or “Regulation”), BDF Digital S.p.A. (hereinafter, “BDF” or “Data Controller”) hereby informs you that personal data (hereinafter, “Data”) pertaining to you or your company (hereinafter, “Client”) and natural persons acting on its behalf, collected either from the Client or third parties, shall be processed in accordance with Regulation (EU) 2016/679 and in compliance with the following privacy policy.
It is understood that it is the Client’s responsibility to inform natural persons acting on its behalf with regard to the processing of the Data to which this privacy policy refers, and to request their consent, where necessary.
DATA CONTROLLER
The Data Controller is BDF Digital S.p.a., with registered office in Via dell’Oreficeria, 41 36100 Vicenza – e-mail, info@bdfdigital.it
PURPOSE OF PROCESSING AND LEGAL BASIS
The data are used by the Data Controller to follow up on requests for registration and agreements for the supply of the purchased products/services, to manage and fulfil contact requests forwarded by the Client, to provide assistance and fulfil legal and regulatory obligations to which the Data Controller is bound by virtue of the activities it performs. Under no circumstances does BDF Digital S.p.A. resell the Client’s personal data to third parties or use them for undeclared purposes.
In particular, the Client’s data shall be processed for the following purposes:
a) Registration and requests for contact and/or informative material
The Client’s personal data are processed to pursue preliminary and subsequent activities concerning requests for registration and to manage requests for information and contact and/or for the sending of informative material.
The legal basis of such processing is fulfilment of the services inherent to the request for registration, information and contact and/or the sending of informative material pursuant to Art. 6(1)(b) of the Regulation.
b) Purposes related to the management of the contractual relationship
The data shall be processed for: the establishment, management and termination of the contractual and commercial relationship resulting from the purchase of products/services, the management of the relative order, the production and/or shipment of the purchased Product and/or provision of the Service; the fulfilment of accounting and tax obligations; the fulfilment of legal obligations; tax and accounting audits; the handling of disputes; the provision of, support for, updating and information on the Products offered.
The legal basis of such processing is fulfilment of the services inherent to the contractual relationship and compliance with the legal obligations set out in Art. 6(1)(b) of the Regulation.
c) Purposes relating to promotional activities
The data shall be processed for the purpose of sending informative/promotional material and information on the activities and events in which BDF Digital participates, or which it organises.
This processing shall be automated, using the following means:
- telephone contact.
The legal basis of the processing is pursuant to Art. 6(1)(f) “lawfulness of processing based on the legitimate interest of the Data Controller”.
d) Fulfilment of legal obligations
The data shall be processed in order to fulfil legal obligations to which the Data Controller is subject (for example, accounting, payroll and social security obligations, anti-terrorism checks).
The legal basis of such processing is fulfilment of the services inherent to the contractual relationship and compliance with the legal obligations set out in Art. 6(1)(c) of the GDPR.
PROVISION OF DATA AND CONSEQUENCES OF NON-PROVISION.
The provision of Data for the purposes set out in a), b) and d) is optional but necessary in order to fulfil legal and contractual obligations and to pursue the legitimate interests of the Data Controller indicated above. In all these cases, failure to provide the Data shall make it impossible for the Data Controller to establish commercial relations with the Client. The provision of Data for the purposes set out in c) is optional and its non-provision shall make it impossible for the Data Controller to fulfil the activities necessary to achieve the purpose in question.
DATA PROCESSING METHODS
It is in the primary interest of BDF DIGITAL S.P.A. to protect its Clients’ data, carrying out said processing in accordance with principles of fairness, lawfulness and transparency. Therefore, personal data shall be processed using tools and procedures able to ensure utmost security and confidentiality, using paper-based archives and media, with the aid of digital media, computerised and telematic means.
STORAGE PERIOD
The Data shall be retained for a maximum period equal to the statute of limitations applicable to the rights enforceable by the Controller, as applicable from time to time.
Notwithstanding the Client’s determination to have it removed, personal data shall in any case be retained in accordance with the terms provided by applicable laws and/or national regulations, solely to ensure compliance with obligations.
Furthermore, personal data shall in any case be retained to fulfil obligations (e.g., tax and accounting) that remain in effect even after the termination of the agreement (Art. 2220 of the Italian Civil Code); for these purposes, the Data Controller shall retain only the data necessary for such fulfilment.
This is without prejudice to cases where it becomes necessary to assert rights arising from the agreement and/or registration in court, in which case the Client’s personal data, exclusively those necessary for such purposes, shall be processed for the time strictly necessary to achieve them.
RECIPIENTS OR CATEGORIES OF RECIPIENTS
The Client’s personal data are disclosed primarily to third parties and/or recipients whose activities are necessary to fulfil the activities inherent to the relationship established and to comply with certain legal obligations, including:
Categories of recipients | Purposes |
Group Companies | Administrative, accounting obligations and those related to contractual performance, |
Group Companies and third-party suppliers* | Service, maintenance, delivery/shipping of products, provision of additional services related to the requested service |
Credit and digital payment institutions,Banking/postal institutions | Management of takings, payments, reimbursements related to contractual performance |
External professionals/consultants and Consulting companies | Fulfilment of legal obligations, exercise of rights, protection of contractual rights, debt collection |
Financial administration,Public authorities, Judicial authorities,Supervisory and control authorities | Fulfilment of legal obligations, defence of rights; lists and registers held by Public authorities or similar bodies in accordance with specific regulations related to contractual performance |
Persons officially delegated or having recognised legal title | Legal representatives, curators, guardians, etc. |
*The Data Controller requires its Third-Party suppliers and Data Processors to adhere to security measures pursuant to Art. 32 GDPR.
Client data shall not be subject to disclosure, however, shall remain within the BDF Group for the above-mentioned purposes.
The Data Controller shall not transfer the Client’s personal data to third countries in which the GDPR is not applied (non-EU countries) unless specifically stated otherwise, in which case the Client shall be informed and their express authorisation requested.
RIGHTS OF THE CLIENT
Clients are granted the rights, within the limits and in the cases provided for by the Regulation, under Articles 15 to 20. By way of example, each Client may:
- obtain confirmation of whether his or her personal data are being processed;
- if data processing is underway, obtain access to the personal data and information in relation to the processing, and request a copy of the personal data;
- have the personal data concerning him or her rectified and incomplete personal data completed;
- obtain, in the event one of the conditions set out in Art. 17 GDPR applies, the deletion of personal data concerning him or her;
- obtain, in the cases provided for in Art. 18 GDPR, the restriction of processing;
- receive personal data concerning him or her in a structured, commonly used and machine-readable format and request that those data be transmitted to another controller, where technically feasible.
OBJECTION TO PROCESSING
The Client may revoke his or her consent for the processing of his or her data at any time by sending a request to info@bdfdigital.it. Doing so, however, shall not:
- compromise the lawfulness of processing based on the consent provided prior to the revocation;
- compromise further processing of such data based on other legal bases (for example, contractual obligations or legal obligations to which BDF DIGITAL S.P.A. is subject).
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Moreover, each Client shall have the right to lodge a complaint with the Data Protection Authority if he or she deems that his or her rights under the GDPR have been violated, following the procedures set out in the Data Protection Authority’s website at: www.garanteprivacy.it.