COMPLETE POLICY

Data Controller

Personal Protective Equipment PPE srl
Via di Cervara, 42 – 00155 Rome – Italy

Owner contact email: dpi@dpisekur.com

Types of data collected

Among the Personal Data collected by this Application, either independently or through third parties, there are: Cookies, Usage data and email.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data is collected.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically during the use of this Application.
Unless otherwise specified, all data required by this application are mandatory. If the User refuses to communicate them, it may be impossible for this Application to provide the Service. In cases where this Application indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or on its operation.
Users who have doubts about which data are mandatory are encouraged to contact the owner.
Any use of Cookies – or of other tracking tools – by this Application or by the owners of third party services used by this Application, unless otherwise specified, has the purpose of providing the Service requested by the User, in addition to further purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Application and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.

Method and place of processing of the collected data

1. Introduction

This information on the processing of personal data is provided by Personal Protection Devices DPI srl Srl in compliance with the obligations established by EU Regulation no. 679 of 2016 (in short, “GDPR”).

2. Why Personal Protection Devices DPI srl processes the personal data of its customers

Personal Protection Devices DPI srl processes the personal data of its Customers (who purchase directly or through ecommerce) in order to administer and fulfill the agreements and contracts with them and to satisfy the requests and needs proposed by them, as well as to fulfill legal obligations and to respect the rules and regulations that apply to the activity carried out.
Customers’ personal data may be processed for marketing purposes, including by e-mail, for market analysis, as well as for statistical purposes and for monitoring customer satisfaction in order to improve the products and services offered and to keep voluntary certifications. quality.
Each processing of personal data has a precise legal basis and a specific purpose.

3. Which categories of personal data Personal Protection Devices DPI srl processes and how the data is collected

Personal Protection Devices DPI srl processes only the information necessary and sufficient for the purposes indicated in point 4 of this Notice.
In cases where Personal Protection Devices DPI srl receives personal information that it does not need, it will delete or make such data unidentified, so that they cannot be traced back to the Customer and / or the interested party.
Personal Protection Devices DPI srl does not receive personal data from third parties.
Personal data provided to us by Customers may include, but are not limited to:

• contact details, such as: name, e-mail address, landline and mobile phone number, billing address;
• tax code, VAT number or other personal identification codes;
• information for payment purposes, for example: bank data, billing data;
• contact details and address where the goods must be sent;
• Customer Satisfaction, i.e. data relating to customer satisfaction / opinion in relation to the product / service received;

4. Legal basis and purpose of the processing

The processing of personal data is carried out by Personal Protection Devices DPI srl as and to the extent that at least one of the following conditions is met:

• the interested party has given consent to the processing of their personal data for one or more specific purposes;
• the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same;
• the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
• the processing is necessary for the pursuit of a legitimate interest of the Data Controller or of third parties, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail, in particular if the data subject is a minor. This hypothesis includes, among others:
  1. or the ascertainment, exercise or defense of one’s own right;
  2. o monitoring of Customer satisfaction, for example for ISO 9001 certification (quality) and service improvement purposes;
  3. or statistical processing in anonymous form and / or with aggregated data, necessary for the general analysis of the business;

The purpose of the processing is determined on this legal basis.
It should be noted that, among the treatments carried out on the basis of the consent given by the interested party, those for marketing purposes are included, by which we mean the activities of commercial promotion, surveys and market research, statistical processing in clear form.

5. Refusal by the interested party to provide their personal data or to consent to the processing

The refusal by the interested party to provide their personal data has different consequences depending on the case, as specified below.
Refusal to provide data necessary for the performance of the requested service (Article 13, paragraph 2, letter e of the GDPR).
The collection and processing of certain personal data are necessary to follow up on the requested services as well as the provision of the Service and / or the supply of the requested Product. If the interested party refuses to communicate or in any case does not provide the personal data indicated as indispensable to the satisfaction of the request made, Personal Protection Devices DPI srl will not be able to follow up on it as it is unable to carry out the processing operations relating to it.
Refusal to consent to the processing of personal data for marketing purposes.
In the event that the interested party does not consent to the processing of their personal data for marketing purposes, the processing will not take place for these purposes.
The above does NOT affect the provision of the requested services, nor on those for which the interested party has already given his consent, where required.
In the event that the interested party has given consent and subsequently revokes it or opposes the processing for marketing purposes, Personal Protection Devices DPI srl will suspend the processing for these activities, without this entailing consequences or prejudicial effects for the interested party and for the required performance.

6. Period of storage of personal data

Once the purpose for which the data was collected is no longer current, the personal data is deleted. This means that the personal data of the Customers are archived, on paper and / or electronic media, only for the time necessary for the stated purpose, after which they are eliminated or made anonymous in compliance with the procedures defined by Personal Protection Devices DPI srl in compliance with the provisions of the GDPR.
Personal data will not be deleted if there are regulatory provisions that require its conservation. More specifically:

• Data will be kept only for the time necessary for the purposes for which they were collected, respecting the conservation limitation principle referred to in Article 5, paragraph 1, letter e) of the Regulations;
• Data will be kept to fulfill regulatory obligations and pursue the aforementioned purposes, in compliance with the principles of indispensability, non-excess and relevance;
• Personal Protection Devices DPI srl may keep some data after the termination of the contractual relationship to fulfill regulatory and / or post-contractual obligations and / or to ascertain, exercise or defend a right; subsequently, when the aforementioned reasons for the processing cease to exist, the data will be deleted, destroyed or stored anonymously;
• The customer satisfaction data, collected in any way, is kept for a maximum of five years, in order to improve and implement the services in line with the feedback received from the Customers. The retention period is also defined in agreement with the Customer Satisfaction service provider.

7. Transfer of personal data outside the company

Personal Protection Devices DPI srl will not sell, disclose or distribute personal data to Third Parties, except as specified in this Notice.
As part of the service, the personal data of Customers may be forwarded to agents, suppliers and / or partners of Personal Protection Devices DPI srl, if this is necessary for the performance and supply of the service or to support commercial, technical or operational or management of IT systems.
Some personal data may also be disclosed to other companies of the Individual Protection Devices DPI srl Group for the purposes referred to in point 4.
The parties to which Personal Protection Devices DPI srl may transfer personal data may in some cases be located in a third country to the European Union (non-EU), meaning a country located outside the European Economic Area (in short EEA), where the GDPR applies territorially. This means that personal data can be transferred to countries not subject to the provisions of the latter. In cases where it transfers personal data to non-EU suppliers, such as in the case of use of Microsoft Services, Device Protection Individual DPI srl undertakes to adopt adequate measures to ensure that personal data continue to be protected and processed in compliance with the provisions of the GDPR.
To guarantee the lawfulness and correctness of the processing of personal data, Personal Protection Devices DPI srl has entered into specific Agreements, including a commitment to confidentiality, with all suppliers who process personal data on behalf of the same.
Personal Protection Devices DPI srl may also disclose personal data in compliance with a legal obligation or if ordered by the competent authorities, or even if such disclosure is otherwise necessary to cooperate with a legal investigation.
In the event that Personal Protection Devices DPI srl is part of extraordinary corporate operations, such as mergers or acquisitions, the same may transfer personal data to the relevant third party, provided that the third party undertakes to process the personal data in accordance with this Information and in any case in compliance with the GDPR.

8. Security of personal data

Personal Protection Devices DPI srl adopts appropriate technical and organizational measures to guarantee the protection of personal data from loss, misuse, unauthorized access, disclosure, alteration and / or destruction.

9. Rights of the interested party

The interested party has the right to obtain the following from Personal Protective Equipment DPI srl, as Data Controller.
a) Confirmation that your personal data is being processed or not and, if so, to obtain access to your personal data and to the following information:
1. the purposes of the processing;
2. the categories of personal data processed;
3. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
4. when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period;
5. the existence of the right of the interested party to ask the Data Controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
6. the right to lodge a complaint with a supervisory authority;
7. if the data are not collected from the interested party, all available information on their origin;
8. the existence of an automated decision-making process and, if so, information on the logic behind it, as well as the relevance and consequences of such processing for the data subject;
9. the guarantees provided by the Third Country (non-EU) or the international organization for the protection of any data transferred.
b) The right to obtain a copy of the personal data being processed. For any copies requested by the interested party further to the first, Personal Protection Devices DPI srl has the right to charge a reasonable fee, based on the administrative costs incurred. Unless otherwise agreed with the interested party, the information will be provided in a commonly used electronic format.
c) The right to obtain from the Data Controller, without undue delay, the correction of their inaccurate personal data.
d) The right to obtain from the Data Controller the cancellation of personal data concerning him without undue delay, for the reasons provided for by the GDPR in art. 17 – including, for example, the case in which they are no longer necessary for the purposes for which they were collected – under the conditions provided for by the GDPR, provided that the processing is not required by law or in any case justified by another equally legitimate reason.
e) The right to obtain the limitation of the processing, in the cases provided for by art. 18 of the GDPR, for example in the event that the accuracy of the same is disputed, for the period necessary for the Data Controller for the consequent checks.
f) The right to obtain from the owner the indication of the recipients to whom the requests for any corrections or cancellations or limitations of the processing carried out have been transmitted, unless this proves impossible or involves a disproportionate effort.
g) The right to data portability, in the cases provided for by art. 20 of the GDPR, with the methods and forms established by the latter.

In order to ensure that the rights listed above are exercised by the interested party and not by unauthorized third parties, before complying with the request, Personal Protection Devices DPI srl provides for forms of verification of the applicant’s identity and specific methods of delivery of personal data to person entitled to receive them.

10. Links to other sites

This Notice relates to the processing of data carried out through the company website and does not extend to websites owned by third parties.
That said, on the internet site of the Personal Protection Devices DPI srl there may be links to other websites of possible interest to our visitors.

11. Availability of the information and changes thereto

This information is always made available to interested parties through publication on the internet site of Personal Protection Devices DPI srl (www.dpisekur.com) in the section dedicated to Privacy. Any changes or additions to this information will also be published in the same section.

12. Data Controller and contacts

The Data Controller is Personal Protection Devices DPI srl Srl, with registered office in Rome, Via di Cervara 42 00155.
For further information regarding the policies and practices of Personal Protection Devices DPI srl in the processing of personal data, as well as to exercise the aforementioned rights and in any case provided for in the matter by the GDPR Regulation, please write to the dedicated e-mail address : dpi@dpisekur.com.

Details on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Newsletter

MailUp
MailUp is an address management and email message sending service provided by MailUp SpA
Personal data collected:

• First name
• Last name
• E-mail
• Tongue
• Country
• Market segment / interest

Place of processing: Italy – Privacy Policy .

Contact the user