Tamai srl, with registered office in Via Dell’ Artigiano, 10 in Caorle (Province of Udine), VAT no. 00626670277, in the person of its legal representative, in its capacity as data controller (hereinafter “Controller”), informs you, pursuant to art. 13 of Leg. Decree no. 196 of 30.6.2003 (hereinafter, “Privacy Code”) and art. 13 EU Regulation no. 2016/679 (hereinafter, “GDP”) that your personal data shall be processed according to the following methods and for the following purposes:
1) Data subject to processing
The Controller processes the personal, identification and non-sensitive data (in particular, first name, last name, tax code, VAT number, email, phone number – hereinafter, “personal data” or just “data”) provided by you during registration on the website of the Controller and/or during subscription to the newsletter offered by the Controller.
2) Purpose of data processing
Your personal data shall be processed:
- A) Without your consent (art. 24, letters a, b, c of the Privacy Code and art. 6, lett. b and e of the GDPR), for the following Service Purposes:
- Allowing you to register on the website – Managing and maintaining the website;
- Responding to queries made via the website
- checking the availability of the services requested via the website
- Allowing you to subscribe to the newsletter provided by the Controller and access any additional services you may request;
- Fulfilling pre-contractual, contractual and tax obligations arising from our existing relationship with you;
- Fulfilling legal and regulatory obligations and complying with the provisions of EU legislation or orders issued by the Authorities;
- Preventing or identifying fraudulent activities or abuse harmful to the website;
- Exercising the rights of Controller, for example the right of defence in legal proceedings.
- B) Only with your prior specific and express consent (arts. 23 and 130 of the Privacy Code and art. 7 of the GDPR), for the following Marketing Purposes:
- Sending you commercial offers or advertising material via email or newsletter about the products or services offered by the Controller. Please note that if you are already our customer, we may send you commercial offers relating to services and products of the Controller similar to those which you have already used, unless you disagree (art. 130, par. 4 of the Privacy Code).
3) Methods of processing and data retention times
The processing of your personal data shall be performed according to the operations indicated in art. 4 of the Privacy Code and art. 4, 2) of the GDPR and specifically: the collection, recording, organisation, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Your personal data shall be processed both on paper, electronically and via automation.
The Controller shall process the personal data for the time necessary to fulfil the purposes referred to above and in any case for no longer than 10 years after the termination of the relationship for Service Purposes and for no longer than 2 years after the collection of the data for Marketing Purposes, without prejudice to rights of the party concerned and/or other legal obligations.
4) Data access and communication
You can access your data at any time by sending a simple request to the addresses indicated in this privacy statement.
5) Data communication
Your data may be made accessible and/or communicated for the purposes referred to in art. 2.A) and 2.B):
Without prejudice to the communication and dissemination performed in fulfilment of legal obligations, the Controller may communicate your data, in Italy and/or abroad (as indicated in the successive points) to:
- Employees and collaborators of the Controller, in their capacity as data processors and/or system administrators;
- Technicians and/or collaborators for the management of administration, tax and accounting and/or to fulfil specific legal obligations or for which external suppliers have been identified.
- Our network of agents; factoring companies; banks; debt recovery companies; credit insurance companies; commercial information companies for the requested services; professionals and consultants; companies operating in the transport sector; technicians and collaborators responsible for delivering the services/products requested; supervisory bodies, judicial authorities, as well as all other parties to whom the transfer is required by law for the fulfilment of the aforementioned purposes. Legal entities that are entrusted with the services referred to in this privacy statement.
- Companies or other legal entities, qualified and commissioned pursuant to art. 28 of Regulation 679/16, for support activities including: communication management and development, management and development of company processes and projects, communication and promotion systems, for storage of personal data. Access may be granted to third parties and to related companies that provide services deemed necessary and/or useful by the Controller for the management of the activities of the company and of the related or requested support processes. Suppliers include computer maintenance companies, banks, professional firms, companies that provide services on computer systems/platforms that the Controller considers useful, companies that perform outsourced activities on behalf of the Controller, in their capacity as external data processors.
6) Data transfer
Your personal data shall be managed and stored on servers that are located within the European Union owned by the Controller and/or third party companies commissioned and duly appointed as Data Processors. Currently, our internal servers are located in Europe. Data will not be transferred outside the European Union. It remains in any case understood that the Controller, where necessary, shall have the right to change the location of the server in Italy and/or the European Union and/or non-EU countries. In this case, the Controller shall ensure as of now that the transfer of data outside the EU shall be in accordance with the provisions of applicable law, stipulating, where necessary, agreements to guarantee an adequate level of protection and/or adopting the standard contract terms envisaged by the European Commission. For some mailing or storage services, we rely on in-cloud platforms that may have servers in non-EU countries, but the data is deposited only temporarily for the requested service.
7) Compulsory or optional nature of data provision and consequences of refusal
The provision of data for the purposes referred to in art. 2. A) is compulsory. In the absence of such data, we cannot guarantee you registration on the website nor the Services referred to in art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is optional.
Therefore, you can decide not to provide any data or subsequently object to the processing of data already provided: in this case, the services referred to in part 2.B cannot be provided. In any case, you shall continue to be entitled to the services referred to in art. 2.A).
8) Rights of the person concerned
In your capacity as person concerned, you have the rights referred to in art. 7 of the Privacy Code and art. 15 of the GDPR and more specifically, the following rights:
- A) To obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
- B) To obtain the following information: the origin of the personal data; the purposes and methods of processing; the logic applied in case of processing performed using electronic instruments; the identification of the Controller, the data processors and the appointed representative pursuant to art. 5, par. 2 of the Privacy Code and art. 3, par. 1 of the GDPR; and the parties or categories of parties to whom the personal data may be communicated or who may become aware of such data in their capacity as appointed national representative or data processor;
- C) To obtain: the updating, rectification or, where it is in your interests, completion of incomplete data; the erasure, transformation into anonymous form or the blocking of data processed unlawfully, including that for which retention is not necessary in relation to the purposes for which the data was collected or subsequently processed; certification that the operations referred to in art. 8. A) and B) have been brought to the attention, including with regard to their content, of those to whom the data was communicated or disseminated, unless this proves impossible or involves a manifestly disproportionate effort as compared to the right that is to be protected;
- D) To object, in whole or in part: to the processing of personal data concerning you, for legitimate reasons, even though relevant to the purpose of the data collection; to the processing of personal data that concern you for the purposes of sending advertising material or direct sales or for market research or commercial offers, through the use of automated contacting systems without the intervention of an operator by email and/or by means of traditional marketing via telephone and/or standard mail. It should be noted that the right of opposition of the person concerned, explained above in part B), for the purposes of direct marketing via automated methods, is extended to traditional methods and that this right remains in any case without prejudice to the right of the person concerned to oppose the processing even only in part. Therefore, the person concerned may decide to receive notifications via traditional methods only or via automated methods only or neither of the two types of communication.
Where applicable, you shall also have the rights referred to in arts. 16-21 of the GDPR (right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint to a Supervisory Authority.
9) How to exercise your rights
You may at any time exercise your rights by sending:
- A letter with signed-for delivery addressed to: Tamai srl, with registered address in Caorle (Province of Venice) in Via Dell’ Artigiano, 10
- An email to [email protected] or a certified email (PEC) to [email protected]
10) Children under 18
This website and the services of the Controller are not intended for use by children under 18 years of age and the Controller does not knowingly collect the personal data of children. In the event that personal information about children is accidentally recorded, the Controller shall erase it in a timely manner, upon the request of the user.
11) Data Controller and Data Processor
The Data Controller is TAMAI SRL in the person of the pro tempore Legal Representative, with registered address in Via Dell’ Artigiano, 10 in Caorle (Province of Venice). An updated list of Data Processors is kept at the registered address of the Data Controller.
12) Data Protection Officer
The Data Protection Officer (D.P.O.) is not applicable to our organisation.
13) Changes to this Privacy Statement
This Privacy Statement may be subject to changes. It is therefore recommended that you check this Privacy Statement regularly and refer to the most up-to-date version available on the website indicated above