Am Instruments S.r.l. considers attaches the utmost importance to the protection of the Personal Data of its customers and suppliers, guaranteeing that the processing of Personal Data, carried out with whatever means, both automated and manual, takes place in full respect of the protections and rights acknowledged by EU Regulation 2016/679 (General Data Protection Regulation, hereunder also “GDPR”), on the protection of individuals, with respect to the processing of Personal Data, and on the free circulation of such data, and of the further applicable rules on Personal Data protection.
The definition of “Personal Data” is as per Article 4, point 1), of the GDPR, i.e. “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person” (hereunder also “Personal Data”).
Your Personal Data are:
- Name and address;
- Mail address;
- Organisation (for instance: employer; etc..);
- e-mail address;
The GDPR imposes that, before proceeding to the processing of Personal Data, defined in Article 4, point 2) as “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction” (hereunder “Processing”) the person to which the Personal Data belong (hereunder also “Data Subjects”), be informed on the reasons for which the data are requested, and how they will be used.
This document, therefore, has the aim of providing you, in a simple and intuitive form, with all the useful and necessary information you need to confer your Personal Data in an aware and informed manner and, where necessary, request and obtain clarifications and/orr adjustments concerning the data.
- Who will process your Personal Data?
The company that will process your Personal Data for the purposes indicated in Sections 2 and 3 below, and therefore which will act as Data Processing Controller, is Am Instruments S.r.l., located in Limbiate, Via Isonzo, 1/C, Italy, email: firstname.lastname@example.org (hereunder “Controller”).
- For what main purposes will your Personal Data be processed?
The Controller needs to collect some of your Personal Data for the following purposes:
- To respond to requests for information and/or offers made directly and spontaneously by the Data Subject, also by means of the contact form on the website https://www.aminstruments.com/(the Website);
- To fulfil obligations tied to the contracts signed;
- To establish a contact to offer any clarifications on the purposes described in points a) and b) above;
- To meet legal requirements, in particular in terms of accounting and fiscal obligations.
Furthermore, the Controller will process your Personal Data in order to carry out customer care and telephone assistance activities in response to requests for quotes or contacts, also when made through the website.
In order to provide the services indicated above, we need you to confer your personal data for the aforementioned needs.
Should you decide not to, therefore, you will not be able to access the services mentioned above.
- Further purposes
The Controller, on condition of receiving your explicit, free and unequivocal consent, as per Article 6, section 1, point a) of the GDPR,may use your Personal Data for the following, further purposes:
- To verify customer satisfaction levels in relation to the service provided;
- To measure the effectiveness and adequacy of the service offered, even through theWebsite;
- To sends newsletters to keep you up to date with news and with the activities of the Controller.
The Processing of your Personal Data for the purposes described in points e), f) and g) is optional and necessarily requires your consent, which will mandatorily have to be in respect of the conditions described in Article 7 of the GDPR, thus determining the lawfulness of the Processing of your Personal Data.
The contact channels used for the activities indicate in the points e), f) and g) above may be both automated (email) and traditional (telephone calls with operators, mail correspondence). In any case, and as specified more in detail in Section 7 below, you may revoke your consent at any time, even only in part, for instance accepting only the use of the traditional contact channels.
- To whom may your Personal Data be transmitted?
Your Personal Data may be transmitted to specific entities considered as the recipient of said Personal Data. On this aspect, Article 4, point 9) of the GDPR, defines the “recipient” of Personal Data as “the natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not” (hereunder “Recipients”).
In this perspective, in order to carry out correctly all the Processing activities required for the purposes described in this info sheet, the following Recipients may find themselves in the condition to process your Personal Data
- Individuals, employees and/or collaborators of the Controller, tasked with specific and/or general Personal Data Processing activities: these persons will have been given specific instructions on the security and correct use of your Personal Data(hereunder “Authorised Persons”);
- When required by the Law, or to prevent or repress the perpetration of a crime, your Personal Data may be disclosed to public agencies or to the judicial authorities.
- For how long will your Personal Data be processed?
Your Personal Data will be processed by the Controller for a period no longer than necessary for the purposes for which the data were collected and subsequently processed.
In any case, you may at any time contact us, in una delle modalità previste dalla in this info sheet, to inform us of your decision to revoke consent relating to one or all the purposes for which you had previously been asked for consent. Any revocation of consent will effectively impose on the Controller to cease the Processing of your Personal Data for these purposes.
- Is it possible to revoke consent, and how?
As provided for by the GDPR, if you have consented to the Processing of your Personal Data for one or more of the purposes for which they were required, you may at any time revoke your consent, in full and/or in part, with no prejudice to the lawfulness of Processing based on the consent expressed before the revocation.
Consent revocation modalities are very simple and intuitive: all you need to do is contact the Controller using the contact channels indicated in Section 7 of this info sheet.
- What are your rights?
As provided for by Article 15 of the GDPR, you may access your Personal Data,ask that they be rectified and updated, if incomplete or incorrect, ask for their erasure if the data were collected in breach of a law or regulation, and object to the Processing for legitimate and specific reasons.
In particular, listed below are all the rights you may exercise, at any time, towards the Controller:
- Right of access:you will have the right, as per Article 15, section 1 of the GDPR, to obtain from the Controller confirmation as to whether or your Personal Data is being processed,and if so, to access your Personal Data and the following information: a) le purposes of the Processing; b)the categories of Personal Data concerned; c)the Recipientsor categories of Recipientsto whom your Personal Datahave been or will be disclosed, in particular Recipients in third countries or international organisations; d)where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine the period; e)the existence of the Data Subject’s right to request from the Controller rectification or erasure of Personal Data or restriction of Processing of Personal Data concerning the Data Subject; f)the right to lodge a complaint with a supervisory authority; g) where the Personal Data are not collected from the Data Subject, any available information as to their source; h)the existence of automated decision-making, including profiling, referred to in Article 22, Sections 1 and 4 of the GDPR, and at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such Processing for the Data Subject. All this information is included in this Info sheet, that will always be at your disposal in the “Privacy” section of the
- Right to rectification:you shall have the right, as per Article 16 of the GDPR, to obtain rectification of your Personal Data when inaccurate. Taking into account the purposes of the Processing, furthermore, you may have incomplete Personal Data completed, including by means of providing a supplementary statement.
- Right to erasure: you shall have the right, as per Article 17, Section 1 of the GDPR, to obtain from the erasure of your Personal Data without undue delay, and the Controller shall have the obligation to erase your Personal Data, where even only one of the following grounds apply: a)the Personal Data are no longer necessary in relation to the purposes for which they were collected, or otherwise processed; b)you have withdrawn consent on which the il Processing of your Personal Data is based, and where there is no other legal ground for Processing; c)you object to the Processing pursuant to Article 21, Section 1 or 2 of the GDPR and there are no overriding legitimate grounds for the Processing of your Personal Data; d)your Personal Data have been unlawfully processed;e)your Personal Data have to be erased for compliance with a legal obligation in Union of Member State law. In some cases, as provided for by Article 17, Section 3 of the GDPR, the Controller is authorised not to erase yourPersonal Data, should their Processing be necessary, for instance, to exercise the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, scientific or historical research purposes, for the establishment, exercise or defence of legal claims.
- Right to restriction of processing: you shall have the right to obtain restriction of Processing, as per Article 18 of the GDPR,where one of the following applies: a)you have contested the accuracy of your Personal Data(the limitation will last for the period of time needed by the Controller to verify the accuracy of the Personal Data); b)the Processing is unlawful but you have opposed the erasure of your Personal Data, requesting the restriction of their use instead; c) although the Controller no longer needs your Personal Data for the purposes of the Processing, they are required for the establishment, exercise or defence of legal claims; d)you have objected to Processing pursuant to Article 21, Section 1 of the GDPR pending the verification of whether the legitimate grounds of the Controller override yours. In case of the restriction of Processing, your Personal Data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will in any case inform you before the restriction is lifted.
- Right to data portability:you shall have the right, at any time, to request and receive, as per Article 20, Section 1 of the GDPR, all your Personal Data processed by the Controller, in a structured, commonly used and readable format, and have the right to request their transmission to another Controller without hindrance. In this case, it will be your responsibility to provide us with all the correct contact information of the new Controller to whom you intend to transfer your Personal Data,providing us with a written authorisation.
- Right to object:as per Article 21, Section 2 of the GDPR, and as also reasserted in Recital 70, you shall have the right to object, at any time, to the Processing of your Personal Data where they are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
- Right to lodge a complaint with a supervisory authority:without prejudice to any other administrative or judicial remedy, should you consider that the Processing of your Personal Data by the Controller infringes the GDPR and/or applicable legislation, you shall have the right to lodge a complaint with the competent Personal Data Protection Authority.
In order to exercise all your rights as listed above, all you need to do is contact the Controller as follows:
- By registered mail letter sent to Am Instruments S.r.l., located in Limbiate, Via Isonzo, 1/C, Italy;
- By sending an email to the address: email@example.com.
- Where will your Personal Data be processed?
Your Personal Data will be processed by the Controller within the territory of the European Union.
Should it be needed, for technical and/or operational reasons, to make use of processors located outside the European Union, it is hereby made clear these processors will be Processing in as per the terms and effects of Article 28 of the GDPR, and the transfer of your Personal Datato these processors, limited to the carrying of specific Processing activities, will be governed by the provisions of Chapter V of the GDPR, and, specifically, all the necessary precautions will be taken to guarantee total protection of your Personal Data, with the transfer being conditioned to:
- a) The recipient third countries being considered adequate by the European Commission;
- b) The guarantees offered by the recipient as per Article 46 of the GDPR.