Information TO USERS OF THE WEB

SITE

on the protection of personal data

pursuant to art. 13 of the EU Regulation 2016/679

Dear Users,

in compliance with the provisions of art. 13 of the EU Regulation 2016/679 (the “GDPR”) and in application of the principles set by the GDPR itself, we invite you, before starting to browse our web site (the “Website”), to read the this information on the processing of personal data, in order to make you aware of the characteristics and methods of processing (the “Processing”) that we will operate with respect to any information acquired by us following navigation by any subject (the ” User”) on the Website, as well as provided by it through the Website itself and concerning an identified or identifiable natural person (the “Data Subject”) (the “Personal Data”. Pursuant to Article 4.1. GDPR, “< em> an identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more elements of his physical, physiological, genetic, psychic, economic, cultural or social identity”.

  1. Data Controller (the “Data Controller”).

The Data Controller is Texapel S.p.a. tax code and VAT number 01443570484, in the person of the legal representative pro tempore, with registered office in Prato (PO) at Via Rimini n. 49 – 59100, tel. 0574/62561, fax 0574/020142, PEC: texap-el@pec.texnet.it, e-mail: info@texapel.it, website: http://www.texapel.it/.

Any communication concerning the Processing, also pursuant to the following articles, must be sent, by you and/or by the interested party, by registered mail, PEC or email to the addresses indicated above.

  1. Purpose of Processing (the “Purposes”) and legal basis.

The personal data collected, from the interested party (art. 13 GDPR) or otherwise (art. 14 GDPR), will be used by us exclusively for the purpose of:

  • allow the use of the Website;
  • respond to User requests (including, by way of example, requests for quotes and spontaneous applications);
  • fulfil the pre-contractual and contractual obligations towards you;
  • fulfil and demand the fulfillment of specific obligations deriving from laws and regulations;
  • sending commercial offers for the purpose of selling products and/or services similar to those already purchased (softspam);

The legal basis of the Processing is constituted by:

  • from the need on our part to execute a contract of which the interested party is a party or to pre-contractual measures adopted at the request of the same;
  • from our need to comply with a legal obligation;
  • legitimate interest of the Data Controller (art. 6 letter f) GDPR);

With reference to point (v), the Owner specifies that in the context of the sale of a product or service, the e-mail coordinates of the interested party may be used by the Owner, without prior request for consent from the interested party, for the purpose of offering and selling services similar to those already sold (art. 130, 4 Legislative Decree 196/2003). The interested party may object to said Treatment at any time, free of charge, by means of a simple written request to the addresses indicated above.

  1. Mandatory or optional nature of the provision of Personal Data.

Your communication – also by sending e-mail, filling in the appropriate form and affixing the requested flags – of the Data personal data is optional, but necessary, since any refusal to release it, as well as the incorrect communication of the same data, makes it impossible for the Data Controller to establish the relationship or to implement the various Purposes for which the Personal Data are collected.

For the same reasons, as well as for the purpose of correct management of the existing relationship, we also ask you to inform us of any changes to the Personal Data already collected, as soon as they have occurred.

  1. Communication of Personal Data.

Personal data is processed internally by persons authorized to process it (the “Authorised”) under the responsibility of the Data Controller for the purposes indicated above.

Personal data may be communicated to subjects external to us, in charge of carrying out instrumental and/or accessory functions for the performance of our corporate activity, who will process said data on our behalf. These subjects will be appointed by us as External Data Processors (the “External Managers”), in accordance with the provisions of art. 28 GDPR. An updated list of External Managers is available at the Data Controller’s registered office, which will be provided to the Data Subject upon written request to the aforementioned addresses.

Except for the above cases, Personal Data may also be communicated to additional recipients and/or categories of recipients (the “Recipients” and the “Categories of Recipients”), only for the performance of the activities inherent to the pre-contractual and/or contractual relationship established between us and/or to fulfill legal obligations and/or orders from the Authorities, and in any case always in compliance with the guarantees provided by the GDPR and by the guidelines of the Italian Guarantor Authority, as well as by the Commission established in compliance with the aforementioned GDPR.

Without prejudice to the foregoing, Personal Data will in no case be disclosed and/or communicated to third parties, unless specifically consented to by the Data Subject and in any case always only where necessary for the accomplishment of the Purposes.

  1. Processing of “special categories of personal data” and of “personal data relating to criminal convictions and offences”.

If, as part of the Processing, the Data Controller becomes aware of Personal Data belonging to:

(i) to “particular categories” pursuant to art. 9 GDPR (i.e. those “that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as process genetic data, biometric data intended to uniquely identify a natural person , data relating to the person’s health or sex life or sexual orientation“), said data will be processed, always exclusively for the purposes indicated, only with the consent of the interested party or, in any case, as long as the treatment is necessary to fulfill the obligations and exercise the specific rights of the Data Controller or the Data Subject in the field of labor law and social security and social protection, to the extent that it is authorized by European Union or Member State law or by a contract collective under the law of the Member States, in the presence of appropriate guarantees for the fundamental rights and interests of the interested party;

(ii) to “criminal sentences and crimes or related security measures” pursuant to art. 10 GDPR, the Processing will take place only under the control of the Public Authority or if the Processing is authorized by the law of the European Union or of the Member States which provides appropriate guarantees for the rights and freedoms of the interested parties. Any complete register of criminal convictions must only be kept under the control of the public authority.

  1. Methods of Treatment.

The Processing takes place with the aid of electronic and/or paper instruments and, in any case, by adopting suitable organizational and IT procedures and measures to protect its security, confidentiality, relevance and non-excess.

  1. Territorial scope.

Personal data will be processed within the territory of the European Union.

If, for technical and/or operational reasons, it becomes necessary to make use of subjects located outside the aforementioned territory, they will be appointed as External Managers and the transfer of Personal Data to them, limited to the performance of specific Treatment, will be regulated in accordance with the provisions of the GDPR, adopting all the necessary precautions in order to guarantee the total protection of Personal Data and basing this transfer on the evaluation of appropriate guarantees (including, by way of example, adequacy decisions of the Countries third-party recipients expressed by the European Commission, adequate guarantees expressed by the third-party recipient pursuant to Article 46 of the GDPR, etc.).

In any case, the interested party may request more details from the Data Controller if the personal data have been processed outside the European Union, requesting evidence of the specific guarantees adopted.

  1. Period of retention.

Personal data will be kept by the Data Controller for the period strictly necessary for the pursuit of the Purposes, and in particular until the termination of the pre-contractual and contractual relationships in place between us, without prejudice to the additional retention period that may be imposed by regulations of law.

As regards the spontaneously transmitted CVs, they will be kept for a period not exceeding 3 years from sending, or the different maximum period indicated by the Guarantor Authority for the protection of personal data.

In order to manage any disputes or disputes, and in any case for the assessment, exercise or defense of a right in court, the Personal Data may be kept for a further period, equal to that of the limitation period of the right same.

  1. How to release the information and its subsequent amendments.

This information is provided exclusively with reference to the Website and not also with regard to other websites that may be consulted by the User via link or which can be accessed via the social button</em > present on the Website, with respect to which the Owner assumes no responsibility.

Any change or update to this information will be available to Users in the appropriate section of the Website and will apply from the date of its publication. If the interested party does not intend to accept any changes, he can stop using the Website. Therefore, interested parties are invited to periodically consult the aforementioned section.

  1. Rights of the interested party and methods of exercise.

The interested party, at any time, may exercise the rights recognized by the GDPR (the “Rights of the interested party”), and in particular:

  • 15 – Right of access of the interested party: the interested party has the right to access their data and the related treatments. This right consists in the possibility of obtaining confirmation as to whether or not personal data is being processed, or in the possibility of requesting and receiving a copy of the data being processed;
  • 16 – Right of rectification: the interested party has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the Purposes, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration;
  • 17 – Right to cancellation (“right to be forgotten”): the interested party has the right to request the Data Controller that the personal data concerning him be canceled and no longer subjected to processing and in some cases, where there are extremes, to obtain cancellation without unjustified delay when the purpose of the Treatment has been fulfilled, consent has been revoked, opposition has been made to the Treatment or when the Treatment of your Personal Data is not otherwise compliant to the GDPR;
  • 18 – Right to limit processing: the interested party has the right to limit the processing of their personal data in the event of inaccuracies, disputes or as an alternative measure to cancellation;
  • 20 – Right to data portability: the interested party, with the exception of the hypothesis in which the data are stored through non-automated processing (e.g. in paper format), has the right to receive in a structured format, commonly used and readable by an automatic device, the Personal Data concerning him, where reference is made to data provided directly by the interested party, with express consent or on the basis of a contract, and to request that the same be transmitted to another data controller, if technically feasible;
  • 21 – Right to object: the interested party has the right to object at any time, for reasons connected with his particular situation, to the processing of personal data concerning him.

If the interested party wants to exercise one of the rights listed above, he must address his request directly to the Data Controller at the addresses indicated above, except for the right to lodge a complaint to be sent to the Guarantor Authority or to lodge an appeal before the competent Judicial Authority.

The deadline for responding to the interested party by the Data Controller is, for all rights (including the right of access) and also in the event of refusal, 1 month, which can be extended up to 3 months in particularly complex cases.< /p>

However, the art. 12 GDPR.

  1. Minors.

The Data Controller does not process Personal Data relating to minors. By accessing the Website and using the services, the User declares to have reached the age of majority.

  1. Withdrawal of consent.

In cases where the processing must take place only following the consent of the interested party and the latter has provided it, he has the right to revoke the consent given at any time by sending a written request to the Data Controller at the addresses indicated above .

The withdrawal of consent does not affect the lawfulness of the treatment based on the consent given before the revocation.

  1. Right to object

The interested party has the right to object at any time to the processing of personal data for direct marketing purposes, including profiling to the extent that it is connected to such marketing > directly, by means of a simple written request to the addresses indicated above.