INFORMATIVA PRIVACY CLIENTI

BERARDI BULLONERIE SRL

PRIVACY STATEMENT

DATA CONTROLLER 

Berardi Bullonerie Srl, in the person of its legal representative pt, VAT N. 00628991200, registered office in Castel Guelfo in Bologna (Bologna) – Italy – 1, San Carlo Street, phone nr +39 0542 671911, email privacy@gberardi.com, as Data Controller, (hereinafter, "Data Controller"), 

HEREBY INFORMS YOU 

in accordance with regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter "GDPR"), your data will be processed in compliance with the aforementioned legislation and in the manner and for the purposes specified below:  

1. OBJECT OF THE PROCESSING AND NATURE OF DATA 

The Data Controller, in the course of its activity, processes your personal data (in particular, name, surname, tax code, VAT number, email address, telephone number - later "personal data" or "data") collected on the occasion of the conclusion of commercial relationships and/or requests for commercial information.  

The Data Controller also processes the data provided (personal data and any special categories of data) for the purpose of reporting any alleged unlawful conduct or conduct that fails to comply with the principles of ethics and integrity of which it has become aware (so-called “whistleblowing”). 

2. PURPOSES OF DATA PROCESSING 

Your personal data are processed for the following purposes distinguished by reference legal basis: 

2.1 Execution of the contract - fulfilment of the legal obligation (art.6 lett. b, lett. c) 

Your personal data are processed for the following purposes: 

a) fulfilment of the pre-contractual, contractual and administrative-accounting obligations 

b) fulfilment of the obligations established by the law, by a regulation, by community legislation or by an order of the Authority. 

2.2 Based on your consent (Article 6 letter a). 

Your personal data are processed, for the purpose of sending via sms and/or e-mail information and promotional communications, as well as newsletters from the Data Controller in relation to their own initiatives and/or of their subsidiaries and/or affiliates (Marketing purposes) 

2.3 Compliance with whistleblowing legislation – fulfilment of legal obligations (Legislative Decree 231/2001 and Legislative Decree 24/2023) 

Your personal data is processed for the purpose of managing reports received, and in particular to carry out verification and investigation activities regarding the report, the complaint of alleged unlawful conduct and/or irregularities, and to take the necessary measures. 

3. RECIPIENTS OR CATEGORIES OF RECIPIENTS  

The personal data provided may be disclosed to third parties, in order to comply with contracts or related purposes. More precisely, the data may be disclosed to recipients belonging to the following categories:  

  • Professionals and consultants in legal, labor and tax matters; 
  • Banks; 
  • Competent authorities for the fulfilment of legal obligations and/or provisions dictated by public bodies (Revenue Agency etc.); 
  • external subjects who manage/support/assist, even occasionally, the Controller in the administration of the information system and telecommunications networks (including e-mail); 
  • the Whistleblowing Officer appointed by the Data Controller; 
  • the company responsible for managing the platform, in its capacity as an External Data Processor within the meaning of Article 28 of the GDPR; 
  • external consultants (e.g. law firms) who may be involved in the preliminary investigation of the report; 
  • company departments involved in receiving, examining and assessing reports; 
  • the manager(s) of the department(s) concerned by the report; 
  • organisational positions tasked with investigating the report in cases where their knowledge is essential for understanding the facts reported and/or for conducting the related preliminary investigations and/or processing; 
  • institutions and/or public authorities, judicial authorities, police forces, investigative agencies; 
  • the supervisory body. 

Subjects belonging to the aforementioned categories carry out the function of Processor, or work completely independently as separate Controllers. The list of possible Processors is constantly updated and available at the headquarters of the Data Controller. 

4. PROCESSING METHOD 

The processing will be carried out with manual and/or computerized and telematic tools as well as with organization and processing logics strictly related to the aforementioned purposes and in any case in such a way as to guarantee the security, integrity, availability and confidentiality of personal data. 

In compliance with the provisions of art. 5 paragraph 1 letter e) of the Reg. EU 2016/679, the personal data collected will be stored in a form that allows identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. 

Your data may be processed by the Data Controller using automated tools having mere instrumental and supportive nature (i.e. data organization, preliminarily drafting of texts, translations, documental researches). It is specified that no fully automated decision-making processes are carried out.   

5. PROVISION OF DATA  

Please note that, taking into account the purposes of the processing specified in point 2.1, the provision of data is mandatory and any failure thereto, partial or incorrect provision may have, as a consequence, the inability to perform the professional service. 

Please also note that, given the purposes of the data processing specified in point 2.3, the provision of data is mandatory, and failure to provide such data, or the provision of incomplete or inaccurate data, may result in the company being unable to follow up on the report you have submitted. 

6. DATA TRANSFER TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION  

The personal data provided are not transferred outside the European Union.  

7. DURATION OF THE PROCESSING 

Personal data is kept for the entire duration of the contractual relationship and, in the case of revocation and/or other type of termination of the aforementioned relationship, within the terms established by law for the fulfilment of tax obligations, for example. 

For the marketing purposes, the data will be retained until consent is revoked or for the period established by the regulations or by Measures issued by the Control Authority.  

Personal data collected through the whistleblowing scheme will be retained only for as long as is strictly necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements. Once this period has expired, your personal data will be deleted from our systems.  

8. RIGHTS OF THE DATA SUBJECT 

You can, at any time, exercise the rights expressed by articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, and in particular: 

  • access to your personal data; 
  • to obtain the rectification, or erasure of the same or the blocking of the processing that concerns yourself;  
  • to object to the processing; 
  • to the portability of data;  
  • to withdraw your consent: the withdrawal of consent does not affect the lawfulness of the processing based on the consent granted before the revocation; 
  • to file a complaint with the Italian Data Protection Authority (Garante Privacy). 

You can exercise your rights by sending a request to the following Data Controller’s contacts:  

  • 1, San Carlo Street, 40023 Castel Guelfo – Bologna - Italy 
  • privacy@gberardi.com 
  • +39 0542 671911 

9. DATA PROTECTION OFFICER 

The Data Controller has identified the Data Protection Officer 

The Data Protection Officer can be found at the following e-mail address: privacy@archimedia.it