Privacy Protection

Information on the processing of personal data pursuant to EU Reg. 2016/679 and Italian Legislative Decree 196/03

 

 

A. Who are we and why are we providing this document?

 

SNAP srl has for years considered the protection of personal data of its customers of fundamental importance, ensuring that the processing of personal data, carried out by any means, both automated and manual, takes place in full compliance with the protections and rights recognized by the Regulation (EU ) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, as well as on the free movement of such data (hereinafter the "Regulation") and the other applicable regulations regarding the protection of personal data.

Article 4 of the regulation they are defined:

1. personal data as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (hereinafter “Personal Data”);
2. processing “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (hereinafter “Processing”).

The Regulation states that, before proceeding with the processing of Personal Data, it is necessary that the person to whom such Personal Data belong is informed about the reasons for which such data are requested and how they will be used.

In this regard, the present document aims to provide, in a simple and intuitive way, all the useful and necessary information to be able to be given your Personal Data in a conscious and informed way and, at any time, request and obtain clarifications and / or adjustments.

The present informative note, therefore, has been drawn up on the basis of the principle of transparency and all the elements required by Article 13 of the Rules and is divided into individual sections each of which deals with a specific topic in order to make the reading faster, easier and more perceptible.

 

B. Who is the Controller and Processor of Personal Data?

 

The company that will process the Personal Data for the main purpose referred to in Section C of this Information Notice and that, therefore, will play the role of data controller according to the relative definition contained in Article 4 in point 7) of the Regulation, “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose of the processing of personal data” is:

SNAP s.r.l. located in Via Cap. Luca Mazzella 40/44, 82100 Benevento, registered in the Benevento Commercial Registry, with VAT number 01066160621

Controller

SNAP s.r.l. - Legal and operative site Via Cap. Luca Mazzella 40/44, 82100 Benevento

Tel. 0824 1815960; Tel. 0824 21080; mail: privacy@snapsrl.it

 

Processor

SNAP s.r.l. - Legal and operative site Via Cap. Luca Mazzella 40/44, 82100 Benevento

Tel. 0824 1815960; Tel. 0824 21080; mail: privacy@snapsrl.it

 

Data protection officer

A Data Protection Officer(DPO) has NOT been appointed.

 

C. Purposes of processing Personal Data?

 

Pursuant to the regulation, the Data Controller informs that:

• following a customer order, SNAP s.r.l. will perform all administrative accounting activities related to the economic activity of the company, for the supply of products and \ or services and for the regular performance of the contract such as:
  1. the insertion of personal data into company computer databases; the issuance of transport documents, invoices and credit notes; the issue of quotes and offers to active and / or potential customers;
  2. the issue of requests for offers to active and / or potential suppliers;
  3. the keeping of accounting, VAT and business;
  4. management of receipts and payments;
  5. the management of any disputes;
  6. the development of internal statistics aimed at monitoring the degree of customer satisfaction on the quality of the services and products supplied in order to better align customer needs;
• following an order, SNAP s.r.l. will send general information and / or communications regarding the status of the order received until the delivery of the order;
• use the "Facebook" social network to publish on its own company page, by way of example but not limited to, contents, news, photos, events, aimed at promoting the services offered by SNAP s.r.l. and that could be of interest to the members of the aforementioned page.
  The adherence to the aforementioned page takes place through an explicit and voluntary action of the user "Facebook" through the "like" button on the page; adherence that can be revoked at any time using the same button ("unlike this page"). For the personal data of the Facebook user, who at the time of joining the page become visible also to SNAP s.r.l., the valid guarantees offered are the ones for which the consent has already been given at the time of subscription to the "Facebook" social network;
• uses an automatic mail sending tool to send, by way of example but not limited to, newsletters aimed at promoting the services offered by SNAP s.r.l., to report any events and updates to current legislation.

 

D. Recipients of Personal Data?

 

Personal Data may be disclosed to specific subjects considered as recipients of such Personal Data. In fact, Article 4 in point 9) of the Regulation defines as the recipient of a Personal Data “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not” (hereinafter “Recipients”).

With this in mind, in order to correctly perform all the processing activities necessary to pursue the purposes set out in this Statement, the following Recipients may be in a position to process your Personal Data:

• individuals, employees and / or collaborators of the Data Controller, who have been entrusted with specific and / or more processing activities on your Personal Data. These individuals have been given appropriate instructions on the safety and correct use of Personal Data and are defined, in accordance with Article 4 in point 10) of the Regulation, “persons who, under the direct authority of the controller or processor, are authorized to process personal data” (hereinafter “Authorized persons”);

If required by law or to prevent or suppress the commission of a crime, the Personal Data may be disclosed to public bodies or to the judicial authority without being defined as Recipients. In fact, in accordance with Article 4 in point 9) of the Regulation, “public authorities which may receive personal data in the framework of a particular request in accordance with Union or Member”.

 

E. Time of Retention of Personal Data?

 

One of the principles applicable to the processing of personal data concerns the limitation of the retention period, governed by Article 5, paragraph 1, point e) of the Regulation that is read “Personal Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject”.

In light of this principle, the Personal Data will be processed by the Data Controller only for what is necessary for the pursuit of the purposes referred to in Section C of this Information. In particular, Personal Data will be processed for a period of time equal to the minimum necessary, as indicated in Recital 39 of the Rules, ie until the termination of the contractual relationships between the data subject and the Data Controller without prejudice to a further period of conservation that may be imposed by law as also foreseen by Recital 65 of the Regulation.

With regard to the processing carried out to achieve the purposes set out in Section E of this Information, the Data Controller may lawfully process the Personal Data until it receives, in one of the methods provided for in this Notice, the communication relating to the will to revoke consent to one or all the purposes for which it was requested. Any revocation of the consent will, in fact, require the Data Controller to cease the processing of Personal Data for the indicated purpose.

 

F. Withdrawal of consent given

 

As required by the Regulations, if the person concerned has given his consent to the processing of personal data for one or more purposes for which it was requested, may at any time, withdraw it totally and / or partially without prejudice to the lawfulness of the treatment based on the consent given before the revocation.

The methods of revoking consent are very simple and intuitive, just contact the Data Controller using the contact channels reported in this information and respectively in sections B and G.

 

G. Rights of the interested party

 

As required by Article 15 of the Regulation, the person concerned may access Personal Data, request correction and updating, if incomplete or erroneous, request cancellation if the collection has occurred in violation of a law or regulation, as well as object to Treatment for legitimate and specific reasons.

In particular, we report below all the rights that the customer may exercise at any time against the Data Controller:

• Right of access: right, in accordance with Article 15, paragraph 1 of the Rules, to obtain from the Data Controller confirmation that a Personal Data Processing is in progress and, in this case, to obtain access to such Personal Data and to following information:
  1. purpose of Processing;
  2. categories of Personal Data in question;
  3. Recipients or categories of Recipients to whom the Personal Data have been or will be communicated; in particular if Recipients of third countries or international organizations;
  4. when possible, the retention period of the Personal Data provided or, if not possible, the criteria used to determine this period;
  5. existence of the right of the interested party to request the Data Controller to rectify or delete Personal Data or limit the processing of personal data concerning him or to oppose their processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. if the Personal Data are not collected from the interested party, all the information available on their origin; the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4 of the Regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.

All this information you can find in this informative note that will always be available to you within the Privacy section of the website.

• Right to rectification: right to obtain, in accordance with Article 16 of the Regulation, the correction of Personal Data that are incorrect. Taking into account the purposes of the processing, moreover, it may obtain the integration of Personal Data that are incomplete, also by providing an additional declaration;
• Right to erasure: the right to obtain, in accordance with article 17, paragraph 1 of the Regulation, the cancellation of Personal Data without unjustified delay; the Data Controller will have the obligation to delete the Personal Data, if there is even one of the following reasons:
  1. Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. has withdrawn the consent on which the processing of personal data is based and there is no other legal basis for their processing;
  3. has opposed the processing pursuant to article 21, paragraph 1 or 2 of the Regulation and there is no longer any legitimate overriding reason to proceed with the processing of personal data;
  4. Personal Data has been processed unlawfully;
  5. it is necessary to delete the Personal Data in order to comply with a legal obligation provided for by a community or national law.
• Right to restriction of processing: right to obtain the limitation of processing, in accordance with Article 18 of the Rules, if one of the following hypotheses occurs:
  1. contestation of the accuracy of Personal Data (the limitation will continue for the period necessary for the Data Controller to verify the accuracy of such Personal Data);
  2. unlawful processing with opposition to the deletion of Personal Data, asking for limited use;
  3. although the Data Controller no longer needs it for the purposes of processing, Personal Data is used to ascertain, exercise or defend a right in court;
  4. objection to the processing pursuant to article 21, paragraph 1, of the Regulation, pending verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party. In case of limitation of the treatment, the Personal Data will be treated, except for the conservation, only with its consent or for the verification, the exercise or defense of a right in court or to protect the rights of a other natural or legal person or for reasons of significant public interest. In any case, before such limitation is revoked the interested party will be duly informed.
• Right to data portability: right to request and receive, pursuant to Article 20, paragraph 1 of the Regulation, all Personal Data processed by the Data Controller in a structured format, commonly used and readable or request transmission to another holder of the treatment without impediment. In this case, the interested party will be responsible for providing all the exact details of the new data controller to whom he / she intends to transfer the Personal Data by providing written authorization.
• Right to objection: pursuant to article 21, paragraph 2 of the Regulations and as also reiterated by Recital 70, at any time, to the processing of personal data if these are processed for direct marketing purposes, including profiling in so far as it is connected to such direct marketing.
• Right to lodge a complaint with the supervisory authority: the right to lodge a complaint with the competent Data Protection Authority, without prejudice to the right to appeal in any other administrative or jurisdictional seat, if it is considered that the processing of personal data carried out by the Data Controller is in violation of the Rules and / o of the applicable legislation.

To exercise all rights as identified above, simply contact the Data Controller by:

• writing by mail to SNAP s.r.l. - Via Cap. Luca Mazzella 40/44, 82100 Benevento;
• sending an e-mail to privacy@snapsrl.it
• sending a PEC to the certified e-mail address snap@pec.snapsrl.it
• calling the number 0824 1815960

 

H. Where Personal Data will be processed?

 

Personal Data will be processed by the Data Controller within the territory of the European Union.

If for reasons of a technical and / or operational nature it is necessary to make use of subjects located outside the European Union, we communicate from now on that these subjects will be appointed as Data Processors pursuant to and for the purposes of article 28 of the Regulation and the transfer of Personal Data to such subjects, limited to the performance of specific treatment activities, will be regulated in compliance with the provisions of Chapter V of the Regulation. All necessary precautions will therefore be taken to ensure the fullest protection of Personal Data.

In any case it is possible to request more details from the Data Controller if the Personal Data have been processed outside the European Union requesting evidence of the specific guarantees adopted.

 

DISCLAIMER: The English version is a translation of the original in Italian for information purposes only. In case of a discrepancy, the Italian original will prevail.