INFORMATION ON THE PROCESSING OF PERSONAL DATA
(artt. 13 e 14 Reg. EU 2016/679 and current italian law – D.lgs 196/2003) CUSTOMER Dears, we would like to […]
(artt. 13 e 14 Reg. EU 2016/679 and current italian law – D.lgs 196/2003)
CUSTOMER
Dears,
we would like to give you an overview of the way in which we process your personal data, not only to comply with legal obligations, but also because transparency and fairness towards data subjects is a fundamental part of our activity.
Data Controller
The Data Controller of your personal data is Labo International Srl responsible towards you for the legitimate and correct use of your personal data and that you can contact for any information or request at the following addresses:
| VAT NUMBER | IT04656360288 |
| Registered office: | Piazza Zanellato 5, 35131, Padova |
| Phone | +39 049 8078172 |
| privacy@labosuisse.com |
Data Protection Officer
The Data Protection Officer (DPO) can be contacted at the following addresses:
| dpo@labosuisse.com | |
| PEC | dataprotectionofficer@pec.it |
Categories of data processed and data source
For the processing activities the Data Controller will process:
- personal data, such as personal details (as name, surname, date of birth, …), fiscal code and other identification codes, addresses, contact data, payment data or data regarding economic, commercial, financial or insurance activities
- special categories of personal data, such as data suitable to reveal the state of health.
The processed data are communicated by you and/or by third parties, such as authorities and public bodies (e.g., Chamber of Commerce) or they are collected from publicly accessible sources
Processing activities Your personal data are collected and processed using automated, semi-automated and non-automated methods, as specified below
| Processing | Purposes | Legal basis | Data retention * |
| Customer management | Managing customers’ needs and requests | Performance of a contract or pre-contractual measures | 10 years from the year of termination of the last contract |
| Control of entry to company in relation to COVID-19 emergency | Preventing the infection by Covid-19 | Limited to the fulfillment of legal obligations related to the containment of COVID-19 pandemic | Retention period imposed by regulations regarding the fulfillment of legal obligations related to the containment of COVID-19 pandemic |
| Marketing | Marketing (market analysis and surveys); Sending of informative and/or advertising materials, also by telephone or Internet | Consent by data subject | Until consent is revoked. Then processing will be limited to storage for 10 years from the year in which consent has been revoked |
| Customer Service | Monitoring customer satisfaction; Customer Support | Performance of a contract or pre-contractual measures | 10 years from the year of termination of the last contract |
| Reception | Monitoring people entering the company and managing calls | Pursuit of legitimate interest of the Controller to protect company assets/employees’ safety/organization and production needs | 1 year from the year of data acquisition |
| Sale and pre-sale business activity | Promoting activities; Offering of goods and services | Legitimate interest of the Controller to promote goods and services; Performance of a contract or pre-contractual measures | 10 years from the year of competence |
| Quality of service | Checking the quality of the service | Legitimate interest of the Controller to check compliance with internal procedures | 10 years from the year of termination of the last contract |
| Contests | Management of prize competitions; Participant publication or winner | Consent by data subject. Performance of a contract or pre-contractual measures. Fulfillment of a legal obligation | 10 years from the year the competition was awarded. For non-disseminated data: until consent is revoked, then processing will be limited to storage for 10 years from the year in which consent has been revoked |
| Guarantee | Fulfillment of product warranty obligations | Fulfillment of a legal obligation Performance of contract or pre-contractual measures For special categories of data: consent | 10 years from the year of exercise of the right |
| Billing and DDT | Shipping of goods | Performance of contract or pre-contractual measures | 10 years from the year of termination of the last contract |
| Accounting | Keeping of accounting records; Tax compliance | Legal obligation | 10 years from the accounting year |
| Management control | Internal business management control | Legitimate interest of the Controller to pursue business activity | 10 years from the year of competence |
| Management and maintenance of IT systems | Management and maintenance of network and computer systems | Legitimate interest of the Controller to protect the functionality and security of the systems; Fulfillment of a legal obligation (limited to the provisions of the regulations regarding system administrators). | 10 years from the year of termination of the contractual relationship for accounts, passwords, and usernames; 13 months for system administrator compliance |
| Defense of interests and rights of the Controller | Prevent and/or detect possible abuse and defend the rights and interests of the Controller | Legitimate interest of the Controller in protecting its rights and interests in court or in the stages preparatory to its possible establishment | 10 years from the year the data was given |
* In addition to the time related to prescriptive periods of mutual rights and the retention time of backups.
** if you do not provide consent, personal data will not be processed for specific purposes. The consent can be withdrawn at any time by contacting the owner at the contact details indicated above.
Provision of data
For the aforementioned purposes, the provision of your data is a necessary requirement, in case of denial to provide your personal data, it may not be possible to carry out the processing activites.
Data recipients
Your data may be communicated exclusively for technical and operational needs strictly related to the aforementioned purposes, to subjects who process the data on behalf of the owner, appointed as data processors pursuant to art. 28 of the EU Reg. 2016/679 as well as to public bodies with respect to which there is a legal obligation to communicate (by way of example and not limited to the Chamber of Commerce, Revenue Agency).
Data transfer outside the EU
The processing of personal data (e.g. storage, archiving and retention of data on its servers or in the cloud) will be limited to the areas of circulation and processing of personal data of the countries belonging to the European Union, with the express prohibition of transferring them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or, in the absence of protection tools provided for by EU Regulation 2016/679 (adequacy decision by the European Commission, group BCR, model contractual clauses, consent of the data subjects, etc.).
Rights of the data subjects
- You have the right, according to the provisions of art. 15 and following of EU Reg. 2016/679 to request the Data Controller to access your personal data, as well as their rectification or erasure.
- You also have the right to request data portability or restriction of processing;
- You have the right, on grounds related to your particular situation, to object to processing based on the legitimate interest;
- For processing based on consent, you have the right to withdrawn at any time the consent, without affecting the lawfulness of processing based on consent before its withdrawal;
- You can also lodge a complaint with the supervisory authority, Autorità Garante per la Protezione dei Dati Personali, based in Piazza Venezia 11, 00187 – Rome – protocol@pec.gdpd.it
To exercise your rights or to request additional information, you can contact the Data Controller using the contact information above.
Policy updates
The Data Controller is entitled to make changes to this privacy policy at any time by updating the documents on this page. Therefore, visitors are invited to consult this link often, keeping as a reference the date of the last update indicated below.
Last update 29/08/2022
SUPPLIER
Dears,
below we provide you with some information that you need to bring to your knowledge, not only to comply with legal obligations, but also because transparency and fairness towards the interested parties is a fundamental part of our business.
Data Controller
The Data Controller of your personal data is Labo International Srl responsible towards you for the legitimate and correct use of your personal data and that you can contact for any information or request at the following addresses:
| VAT NUMBER | IT04656360288 |
| Registered office: | Piazza Zanellato 5, 35131, Padova |
| Phone | +39 0498078172 |
| privacy@labosuisse.com |
Data Protection Officer
The Data Protection Officer (DPO) can be contacted at the following addresses:
| dpo@labosuisse.com | |
| PEC | dataprotectionofficer@pec.it |
Categories of data processed and data source
For the processing activities the Data Controller will process data such as: personal details (as name, surname, date of birth, …), fiscal code and other personal identification numbers, contact data, data regarding economic, commercial, financial or insurance activities.
The processed data are communicated by you and/or by third parties such as other suppliers and/or they are collected from publicly accessible sources.
Processing activities
Your personal data are collected and processed using automated, semi-automated and non-automated methods, as specified below:
| Processing | Purposes | Legal basis | Data retention* |
| Supplier management | Establishment and management of the contractual relationship | Performance of a contract or pre-contractual measures | 10 years from the year of termination of the last contract |
| Reception | Monitoring of people entering the company and managing calls | Pursuit of legitimate interest of the Controller to protect company assets/employees’ safety/organization and production needs | 1 year from the year of data acquisition |
| Accounting | Keeping of accounting records; Tax compliance | Legal obligation | 10 years from the accounting year |
| Activity planning and control | Programming of activities | Legitimate interest of the Controller to pursue business activity | 10 anni dall’anno di acquisizione del dato |
| Purchase | Purchasing of goods or services | Performance of a contract or pre-contractual measures | 10 years from the year of competence |
| Management control | Internal business management control | Legitimate interest of the Controller to pursue business activity | 10 years from the year of competence |
| Acceptance | Acceptance of goods | Performance of a contract or pre-contractual measures | 10 years from the year of competence |
| Access control in relation to emergency COVID-19 | Preventing the infection by Covid-19 | Limited to the fulfillment of legal obligations related to the containment of COVID-19 pandemic | Retention period imposed by regulations regarding the fulfillment of legal obligations related to the containment of COVID-19 pandemic |
| Management and maintenance of IT systems | Management and maintenance of network and computer systems | Legitimate interest of the Controller to protect the functionality and security of the systems; Fulfillment of a legal obligation (limited to the provisions of the regulations regarding system administrators) | 10 years from the year of termination of the contractual relationship for accounts, passwords, and user names; 13 months for system administrator compliance |
| Defense of interests and rights of the Data controller | Prevent and/or detect possible abuse and defend the rights and interests of the Data controller | Legitimate interest of the Data controller in protecting its rights and interests in court or in the stages preparatory to its possible establishment | 10 years from the year the data was granted |
*In addition to the time related to prescriptive periods of mutual rights and the retention time of backups.
** if you do not provide consent, personal data will not be processed for specific purposes. The consent can be withdrawn at any time by contacting the owner at the contact details indicated above.
Provision of data
For the aforementioned purposes, the provision of your data is a necessary requirement, in case of denial to provide your personal data, it may not be possible to carry out the processing activities.
Data recipients
Your data may be communicated exclusively for technical and operational needs strictly related to the aforementioned purposes, to subjects who process the data on behalf of the owner, appointed as data processors pursuant to art. 28 of the EU Reg. 2016/679 as well as to public bodies with respect to which there is a legal obligation to communicate (by way of example and not limited to the Chamber of Commerce, Revenue Agency, etc.).
Data transfer outside the EU
The processing of personal data (e.g. storage, archiving and retention of data on its servers or in the cloud) will be limited to the areas of circulation and processing of personal data of the countries belonging to the European Union, with the express prohibition of transferring them to non-EU countries that do not guarantee (or in the absence of) an adequate level of protection, or, in the absence of protection tools provided for by EU Regulation 2016/( adequacy decision by the European Commission, group BCR, model contractual clauses, consent of the data subjects, etc.).
Rights of the data subjects
- You have the right, according to the provisions of art. 15 and following of EU Reg. 2016/679 to request the Data Controller access to your personal data, as well as their rectification or erasure.
- You also have the right to request data portability, or restriction of processing.
- You have the right, on grounds related to your particular situation, to object to processing based on the legitimate interest.
- For treatments based on consent, you have the right to withdrawn at any time the consent, without affecting the lawfulness of processing based on consent before its withdrawal;
- You can also lodge a complaint with the supervisory authority, Autorità Garante per la Protezione dei Dati Personali, based in Piazza Venezia 11, 00187 – Rome – protocol@pec.gdpd.it
To exercise your rights or to request additional information, you can contact the Data Controller using the contact information above.
Policy updates
The Data Controller is entitled to make changes to this privacy policy at any time by updating the documents on this page. Therefore, visitors are invited to consult this link often, keeping as a reference the date of the last update indicated below.
Last update 29/08/2022