Avis de confidentialité – Clients

pursuant to art. 13 of Regulation (EU) 2016/679 (GDPR)

SERRAVALLE COPPER TUBES S.R.L. (hereinafter referred to as the « Company »), with registered office in Via di Cassano 113

– 15069 Serravalle Scrivia (AL), which can be contacted at ktubes@legalmail.it, intends to inform you that is the Data Controller of your personal data processed for the establishment, management and/or execution of the contract and the fulfilment of legal and regulatory obligations to which the Company is subject. The Company may also process personal data relating to your employees and / or collaborators only as necessary for the same purposes.

In view of the importance accorded to the protection and security of the individuals to whom such data refers, the Data Controller has appointed a Data Protection Officer (hereinafter referred to as the « DPO”), according to art. 37-39 of the European Regulation 2016/679 (hereinafter referred to as the « GDPR”). The DPO may be contacted for matters relating to the data processing, including the exercise of data subject’s rights, at dpo.sct@sctubes.com.

1.  Purposes and legal basis of the data processing

Pursuant to art. 6, paragraph 1, lett. b), c) and f) of the GDPR and art. 5 of the GDPR, the processing of personal data is limited to the contract management, including all operational/managerial requirements (e.g. accounting and taxation, credit management, etc.), and

/ or to the fulfilment of all obligations arising from the contract, and/or the exercise of rights and legitimate legal interests.

The legal basis for the data processing, as mentioned above, are identified in the establishment, execution and eventual termination of the contract between you and the Company as well as in the obligations to the same contract related and/or directly and/or indirectly arising therefrom.

Pursuant to art. 130 paragraph 4 of Italian Legislative Decree 196/2003 (« Privacy Code », amended by Legislative Decree 101/2018), the e-mail contacts you provide may be used in the future to offer you goods or services that are similar to those you have already purchased (so-called « soft spam »), without prejudice to your right to object at any time, easily and free of charge.

The legal basis for this purpose is our legitimate interest (Article 6, paragraph 1, letter f) of the GDPR). Your possible opposition will not affect the lawfulness of the treatments carried out prior to the opposition.

2.  Categories of personal data processed and data processing methods

For the purposes described above, the Data Controller will collect and process certain common personal data (name, surname, residential address, e-mail, telephone number, identification code), possibly also of your directors, employees and / or collaborators.

Your personal data will be processed in full compliance with Chapter II (Principles) and Chapter IV (Controller and processor) of the GDPR. In particular, personal data will be processed in a lawful, correct and transparent way towards the data subject, collected for the above-mentioned purposes, explicit and legitimate, as well as adequate, relevant and limited to what is necessary with respect to the purposes for which they are processed. Furthermore, the data may be accessible to employees and collaborators of the Company adequately trained, in their capacity as authorized subjects to process within the Company (Article 28, paragraph 3, letter b) and 29 of the GDPR and Article 2 quaterdecies of the Privacy Code) or by external parties appointed as Data Processors (Article 28 of the GDPR).

3.  Mandatory or optional nature of providing personal data and consequences of a refusal

Personal data provision is mandatory for the purposes specified above. Therefore, your possible refusal to provide personal data may lead to the result that is not possible for the Data Controller to:

  • ensure the proper management of the contractual relationship;
  • fulfil the regulatory obligations, also in the legal matter, arising from the contractual

4.  Data retention period

Personal data processed by the Data Controller is kept for the time necessary to complete the activities connected with the performance of the contract and for up to ten years after its conclusion or from when the rights depending on it can be enforced (in accordance with Art. 2935 and Art. 2946 of the Italian Civil Code); as well as for the fulfilment of obligations (e.g. tax or financial obligations) that remain even after conclusion of the contract (Art. 2220 of the Italian Civil Code), processing and storing only the data necessary for these purposes.

This is without prejudice to any cases where the rights deriving from the contract must be enforced before the court; in these cases, personal data, only that necessary to this end, will be processed for the time strictly necessary.

Personal data processed by the Company for soft spam purposes, based on what we reasonably believe to be your expectations, will be kept up to ten years after the conclusion of the contractual relationship or your possible exercise of the right to object to data processing.

5.  Personal data communication

Your personal data could be communicated, for the above-mentioned purposes, to:

  • other companies of the KME Group and all other subjects whose communication is necessary for purposes strictly connected and instrumental to the management and execution of the obligations arising from contractual and pre- contractual relations with the Company (for example, financial operators; IT services providers), who act as Data Processors by virtue of written agreements entered into with the Data Controller;
  • subjects duly authorized by the Data Controller and committed to confidentiality, in their capacity as authorized subjects to process (e.g. employees and collaborators of the Company).

Your personal data may be disclosed to third parties (including Judicial or Administrative Authorities) only to the extent strictly necessary in relation to the aforementioned purposes, or in any case only for legal obligations or by order of the Authority.

Your personal data will not be disseminated indiscriminately.

6.  Data Transfer to Third Countries

Management and storage of personal data shall be in servers located in European Union belonging to the Data Controller or to third- party companies duly appointed as data processors.

7.  Data subject rights

Your rights pursuant to articles 15-22 GDPR encompass the following:

  • Right to access
  • Right to rectification
  • Right to withdraw consent
  • Right to erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability
  • Rights in relation to automated decision-making and

At any time and free of charge, with no particular formalities for your request, you can:

  • obtain confirmation of the data processing performed by the Data Controller;
  • access your personal data and know their origin (when the data is not obtained from you directly), the purposes and aims of the processing, the data of the subjects to which it will be disclosed, the time for which your data will be kept or the criteria useful to determining this;
  • update or rectify your personal data so as to ensure that it is always exact and accurate;
  • erase your personal data from back-up and other databases and/or archives of the Data Controller if, amongst other situations, it is no longer necessary for the purpose of the processing or if this is assumed to be unlawful and as long as the legal conditions are met; and in any case if processing is not justified by another equally legitimate reason;
  • limit the processing of your personal data in some circumstances, for example where you have challenged its exactness, for the period necessary to the Data Controller to verify its accuracy. You must be informed, in time, also of when the suspension period has expired or the cause for the limitation to processing ceased applying and, therefore, said limitation has been revoked;
  • obtain your personal data, if received or processed by the Data Controller with your consent and/or if its processing takes place in accordance with a contract and using automated tools, in electronic format, also so as to send it to another data

 

The Data Controller must proceed in this sense without delay and in any case at the latest within a month of receiving your request. The terms may be extended by two months, if necessary, considering the complexity and number of requests received by the Data Controller. In these cases, the Data Controller shall, within a month of your request, inform you and make you aware of the reasons for the extension.

You can exercise the rights under articles 15-22 of the GDPR in the following ways:

  • sending an e-mail to ktubes@legalmail.it;
  • contacting the DPO at sct@sctubes.com;
  • sending a written request to the Data Controller’s registered

In addition, it is always possible to submit a complaint to the competent Supervisory Authority (art. 77 GDPR).