GREENPROJECT ITALIA SRL, located in Via Massari,42 – Resana 31023 TV as the legal address, (“Data Controller”), acts as the “Data Controller”, informs you (Data Subject) that in accordance with the Article 13 and 14 of the European Regulation n. 2016/679 (EU GDPR) will be collecting your personal information for the purposes and through the means described in this sections.
1. Purpose of Processing The Data Controller processes personal and identifying data (such as name, surname, company name, address, telephone number, email, bank details, and payment information)—hereinafter referred to as “personal data”—when provided by you, for the purpose of carrying out services related to the Data Controller's activities.
2. Purpose of Processing
Your personal data is processed:
A) Without your express consent (Article 6(b), (e) GDPR), for the following Service Purposes:
- conclude contracts for the Data Controller's services;
- fulfill pre-contractual, contractual, and tax obligations arising from existing relationships with you;
- fulfill obligations established by law, regulations, EU legislation, or an order from authorities (such as anti-money laundering regulations);
- exercise the rights of the Data Controller, such as the right to defend themselves in legal proceedings;
B) Only with your specific and separate consent (art. 7 GDPR), for the following marketing purposes:
- sending you via email, mail, and/or SMS and/or phone contacts, newsletters, commercial communications and/or promotional material about products or services offered by the Data Controller, and conducting satisfaction surveys regarding the quality of services;
3. Methods of processing
The processing of your personal data is carried out through the operations indicated in Article 4, No. 2) of the GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data may be processed either manually or electronically and/or automatically.
The Data Controller will process personal data for the time necessary to fulfill the purposes outlined above, and in any case, for no longer than 10 years after the termination of the relationship for the Service Purposes, and no longer than 2 years from the data collection for the Marketing Purposes.
4. Access to Data
Your data may be made accessible for the purposes set out in Article 2.A) and 2.B):
- to employees, collaborators, and companies of the Data Controller, both in Italy and abroad, in their capacity as internal data processors and/or system administrators;
- to third-party companies or other entities (including, but not limited to, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) performing outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
5. Data Communication
Without the need for express consent (art. 6 letter b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law, in order to carry out the aforementioned purposes.
These subjects will process the data in their capacity as independent Data Controllers.
Your data will not be disclosed in any other way.
6. Data Transfer
Personal data are stored on servers located within the European Union. However, the Data Controller reserves the right to move the servers outside the EU if necessary. In such cases, the Data Controller ensures that the transfer of data outside the EU will comply with applicable legal provisions, subject to the signing of the standard contractual clauses provided by the European Commission.
7. Nature of data provision and consequences of refusal to respond
The provision of data for the purposes referred to in Article 2.A) is mandatory. Without this data, we will not be able to provide you with the Services mentioned in Article 2.A).
The provision of data for the purposes referred to in Article 2.B) is instead optional. You can choose not to provide any data or to later deny the possibility of processing data already provided.
In that case, you will not receive newsletters, commercial communications, or promotional material related to the services offered by the Data Controller.
However, you will still be entitled to the services referred to in Article 2.A).
8. Rights of the Data Subject
As the data subject, you have the rights set out in Article 15 of the GDPR, specifically the rights to:
i. obtain confirmation as to whether or not personal data concerning you exists, even if not yet recorded, and to have the data communicated to you in an intelligible form;
ii. obtain the following information:
a) the origin of the personal data;
b) the purposes and methods of the processing;
c) the logic applied in case of processing carried out with the help of electronic tools;
d) the identifying details of the data controller, the processors, and the representative designated under Article 3, paragraph 1, of the GDPR;
e) the entities or categories of entities to whom personal data may be communicated or who may become aware of it as designated representatives within the state, processors, or persons in charge.
iii. obtain:
a) the update, correction, or, when relevant, the integration of data;
b) the deletion, anonymization, or blocking of data processed in violation of the law, including data that is no longer necessary for the purposes for which it was collected or subsequently processed;
c) confirmation that the actions mentioned in points a) and b) have been communicated, including their content, to those to whom the data has been disclosed or distributed, unless this requirement is impossible or would involve the use of disproportionate means in relation to the protected right.
iv. object, in whole or in part:
a) for legitimate reasons, to the processing of personal data concerning you, even if relevant to the purpose of the collection;
b) to the processing of personal data concerning you for the purpose of sending advertising materials, direct sales, or for market research or commercial communication, using automated calling systems without operator intervention via email and/or traditional marketing methods such as phone and/or postal mail.
It is noted that the data subject's right to object, as outlined in the previous point b), for direct marketing purposes through automated methods extends to traditional methods as well. Furthermore, the data subject retains the right to exercise the right to object, even partially. Therefore, the data subject can choose to receive only communications through traditional methods, only automated communications, or none of the two types of communication.
Where applicable, the data subject also has the rights provided in Articles 16-21 of the GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Data Protection Authority.
9. How to Exercise Your Rights You can exercise your rights at any time by sending: A registered letter with acknowledgment of receipt to the Data Controller's address; An email to the Data Controller at: commerciale1@greenprojectitalia.com
COOKIES
