1) Purposes relating to establishing and executing the contractual relationship between the Customer and the Company.
2) Execution of the contract with regard to data on legal representatives. Legitimate interest with regard to data on Customer employees/consultants involved in contract activities.
3) Contractual term and, after expiry, for the standard limitation period of 10 years.
1) Participation in any loyalty programs and/or recording of data in the Company’s CRM.
2) Performance of a contract to which the data subject is a party.
3) Contractual term and, after expiry, for the standard limitation period of 10 years.
1) Carrying out administrative and accounting tasks – such as accounting and treasury management, as well as invoicing (for example, checking and recording invoices), in compliance with the requirements of current legislation.
2) Need to comply with a legal obligation to which the Company is subject.
3) Retention period required by law (10 years for administrative and accounting purposes).
1) Out-of-court debt recovery.
2) Legitimate interest (legal protection).
3) In case of litigation, for the entire duration of the same, until the time limit for appeal has expired.
1) If necessary, in order to establish, exercise or defend the rights of the Data Controller in legal proceedings.
2) Legitimate interest (legal protection).
3) In case of litigation, for the entire duration of the same, until the time limit for appeal has expired.
1) Marketing purposes (sending commercial/promotional communications), by means of automated contact methods (such as text messages, mms, e-mail, social networks, instant messaging apps) and traditional methods (such as telephone calls with operators and traditional mail) on the Company’s products/services, reporting of company events as well as customer satisfaction surveys, market surveys and statistical analyses.
2) Consent of Customer legal representative (which is optional and can be withdrawn at any time).
3) Personal data and contact data: until revocation of consent.
Once the aforementioned retention period has lapsed the data will be destroyed or made anonymous.
DATA PROVISION
Personal and contact data are mandatory for the conclusion of the agreement.
DATA RECIPIENTS
The data may be processed by external parties operating as data controllers such as, by way of example, supervisory and control authorities and, in general, public or private parties entitled to request the data. The data may be communicated to public notaries and law firms as well as to accountants.
The data may also be processed, on behalf of the Company, by external parties designated as processor, who are given adequate operating instructions. These subjects are essentially included in the following categories:
a. Companies offering email services;
b. Companies offering website maintenance services;
c. Companies offering support in carrying out market research;
d. Companies and agencies in the field of event management and trade fairs;
e. Companies that offer services instrumental to the pursuit of the purposes set out in this information notice (media agencies, IT suppliers, freight forwarders, softwarehouse & system integrators, e-commerce companies, consulting companies, etc.);
f. Companies offering call center and customer care services;
g. information provider companies.
SUBJECTS AUTHORIZED TO PROCESSING DATA
Data may be processed by employees in company departments who are responsible for carrying out the activities outlined above and have been authorised to process the data and have received suitable operating instructions.
PERSONAL DATA TRANSFERS OUTSIDE THE EU
The data may be transferred abroad to non-European countries whose level of data protection has been deemed appropriate by the European Commission pursuant to art. 45 of the GDPR.
Whether such data will be transferred to non-European countries whose level of data protection has not been deemed appropriate by the European Commission, will be applied the Standard Clauses in compliance with European Commission dated February 5th, 2010.
DATA PROTECTION OFFICER (DPO)
Data Protection Officer (“DPO”) appointed by Data Controller pursuant to Art. 37 and following of the GDPR is Mr. Gabriele Faggioli.
It is possible to contact the Data Protection Officer (“DPO”) via e-mail at: DPO.Thermowatt@thermowatt.com
DATA SUBJECTS’ RIGHTS - COMPLAINT TO THE SUPERVISORY BODY
By contacting Thermowatt S.p.A. via mail address to Via S. Giovanni Battista 21 - 60011 Arcevia (AN), via e-mail sent to info@thermowatt.com, certified email thermowatt@legalmail.it and Thermowatt Professional S.r.l. via mail address to Via Fossa 22 - 31051 Follina (TV), via e-mail sent to info.professional@thermowatt.com, certified email thermowattprofessional@legalmail.it, data subjects can ask the Company for access to personal data, or the correction or deletion of personal data, and also have the right to restrict processing of the data in the cases set out in article 18 of the GDPR, and object to processing in the case of legitimate interests of the controller.
Furthermore, in the case where processing is based on consent or a contract and carried out with automated tools, data subjects have the right to receive the personal data in a structured, commonly used and machine-readable format, and to transmit the data to another data controller without obstruction.
Data subjects have the right to lodge a complaint to the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.
Data subjects have the right to withdraw consent at any time in relation to data processed for marketing purposes, and object to data being processed for these purposes. Data subjects have the possibility of stating a preference for being contacted for the aforementioned purposes through conventional methods and objecting to receiving communication through automatic methods only.
“Data” means data relating to consultants/suppliers natural persons processed by the Company for the purpose of entering into and executing contractual relationships (“Suppliers”).
1) DATA PROCESSING PURPOSES
2) LEGAL BASIS FOR PROCESSING DATA
3) DATA RETENTION PERIOD
1) Purposes relating to establishing and executing the contractual relationship between the Supplier and the Company.
2) Executing the contract.
3) Contractual term and, after expiry, 10 years (standard statute of limitations).
1) To fulfill administration/accounting requirements, such as accounts and treasury management, invoicing (e.g. logging and checking invoices) in accordance with legislation.
2) Requirement to meet the Company’s legal obligations.
3) 10 years.
1) If necessary to ascertain, exercise and/or safeguard Company rights in legal proceedings.
2) Legitimate interest (legal protection).
3) In the case of litigation, for the entire duration of the same, until the time limit for appeal has expired.
1) Marketing purposes: sending of communications for invitations/planning/execution of business events and fairs by automated (such as e-mail, sms or mms) and traditional means of contact (such as telephone calls with operator and traditional mail).
2) Consent (which is optional and can be withdrawn at any time).
3) Personal data and contact data: until revocation of consent.
Once the aforementioned retention period has lapsed the Data will be destroyed or made anonymous.
DATA PROVISION
Data must be provided to agree and/or execute the contract. Refusing to provide Data means it will not be possible to establish the contractual relationship and/or fulfil the resulting contractual obligations.
DATA RECIPIENTS
Data may be communicated to external parties operating as data controllers, by way of example, authorities and supervisory and control bodies and, in general, public or private parties entitled to request Data. Law firms and notaries, insurance and insurance brokers.
Data may be processed, on behalf of the controller, by external subjects appointed as data processors, who carry out specific activities, by way of example, accounting, tax and insurance requirements, dispatch of correspondence, management of receipts and payments, agencies of events management, media relations agencies, consulting companies, audit firms.
SUBJECTS AUTHORIZED TO PROCESSING DATA
Data may be processed by employees in Company departments that are responsible for carrying out the activities outlined above and have been authorized to process the Data and have received suitable operating instructions.
PERSONAL DATA TRANSFERS OUTSIDE THE EU
The data may be transferred abroad to non-European countries whose level of data protection has been deemed appropriate by the European Commission pursuant to art. 45 of the GDPR.
Whether such data will be transferred to non-European countries whose level of data protection has not been deemed appropriate by the European Commission, will be applied the Standard Clauses in compliance with European Commission dated February 5th, 2010.
DATA PROTECTION OFFICER (DPO)
Data Protection Officer (“DPO”) appointed by Data Controller pursuant to Art. 37 and following of the GDPR is Mr. Gabriele Faggioli.
It is possible to contact the Data Protection Officer (“DPO”) via e-mail at: DPO.Thermowatt@thermowatt.com
DATA SUBJECTS’ RIGHTS - COMPLAINT TO THE SUPERVISORY BODY
By contacting Thermowatt S.p.A. via mail address to Via S. Giovanni Battista 21 - 60011 Arcevia (AN), via e-mail sent to info@thermowatt.com, certified email thermowatt@legalmail.it and Thermowatt Professional S.r.l. via mail address to Via Fossa 22 - 31051 Follina (TV), via e-mail sent to info.professional@thermowatt.com, certified email thermowattprofessional@legalmail.it, data subjects can ask the Company for access to personal data, or the correction or deletion of personal data, and also have the right to restrict processing of the data in the cases set out in article 18 of the GDPR, and object to processing in the case of legitimate interests of the controller.
Furthermore, in the case where processing is based on consent or a contract and carried out with automated tools, data subjects have the right to receive the personal data in a structured, commonly used and machine-readable format, and to transmit the data to another data controller without obstruction.
Data subjects have the right to lodge a complaint with the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.
Data subjects have the right to withdraw consent at any time in relation to data processed for marketing purposes, and object to data being processed for these purposes. Data subjects have the possibility of stating a preference for being contacted for the aforementioned purposes through conventional methods and objecting to receiving communication through automatic methods only.