Privacy Policy

PURSUANT TO ART. 13 EU REG. 2016/679 (GDPR) as amended Mod. Customer Information REV. 02 of 21/10/2024

CASEI ECO-SYSTEM SRL hereby renders the information about the processing of personal data acquired.

1. HOLDER’S IDENTITY AND CONTACT INFORMATION.

The Data Controller is CASEI ECO-SYSTEM SRL (hereafter also “Data Controller” and/or “Company” and/or CASEI ECO-SYSTEM) with registered office in Corso Italia 45 – 20122 Milan and Local Units in Via Sorelle Carena 4 – 15050 Molino dei Torti (AL) and in Via dell’Industria 50 – 63073 Monteprandone (AP), C.F./P.Iva 01971050065 person of the legal representative pro tempore contactable, in addition to c/o the aforementioned registered office, at the following addresses:

• tel: + 39 0131854022,
• email: info@caseiecosystem.com
• Pec: caseiecosystem@pec.it

1. TYPE OF DATA SUBJECT TO PROCESSING

The Holder processes categories of personal data, such as, but not limited to, personal, contact, banking and contact details inherent to natural persons useful for the proper management of the existing relationship, including, where necessary, the data of the legal representative of the Client legal person and/or any referents of the latter.

1. DEFINITION OF TREATMENT

Pursuant to Article 4 (2) of the GDPR, “Processing” means ” any operation or set of operations, whether or not by automated means, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.”

1. PURPOSE OF DATA PROCESSING.

Personal data provided by customers may be processed for the following purposes:

1. Management of the contractual relationship: conclusion and execution of the contract and all related activities, such as billing, credit protection, administrative and management services, in accordance with legal and contractual obligations.
2. Legal compliance: compliance with obligations under laws, regulations and EU regulations on contractual, accounting and taxation matters and to achieve effective management of business relations and other instructions issued by authorities vested by law and supervisory and control bodies.
3. Marketing and promotional communications: sending marketing communications, offers and newsletters, only with the explicit consent of the customer. The data subject has the right to revoke consent at any time without affecting the lawfulness of the processing based on the consent before revocation.

1. LEGAL BASIS FOR PROCESSING.

For the purposes referred to in point 1, the legal basis of the processing is Article 6 paragraph 1 of Regulation 679/2016 Lett. B – fulfillment of a contract. For the purposes referred to in point 2, the legal basis for processing under Article 6 paragraph 1 of Regulation 679/2016 is Lett. C – processing necessary to fulfill a legal obligation to which the data controller is subject. The legal basis for the processing of personal data for marketing purposes, referred to in Section 3, isArticle 6(1)(a) of the GDPR (consent of the data subject). For all other purposes (e.g. contract performance and legal obligations), the legal basis remainsArticle 6(1)(b) and (c) of the GDPR.

1. MODALITIES OF DATA PROCESSING.

The processing will be carried out using electronic, computerized, as well as paper-based tools. The processing is carried out by the Data Controller and by the employees and/or collaborators of the Data Controller in their capacity as data processors, as well as by the data processors specifically identified in writing, within the scope of their respective functions and in accordance with the instructions given by the Data Controller, ensuring the use of appropriate measures for the security of the data processed and guaranteeing its confidentiality. According to the rules of the Regulations, the processing carried out by the Controller will be based on the principles of lawfulness, fairness, transparency, purpose limitation and storage, data minimization, accuracy, integrity and confidentiality. The data will always be processed with the utmost respect for the principle of confidentiality even in the case of data management by third parties expressly appointed by the Controller. The security measures taken include encryption techniques, firewall protections, limited data access and staff training to ensure the protection of the personal data processed. Your data is not subject to any automated decision making or profiling. In the event that automated decision making or profiling is introduced in the future, an updated notice will be provided.

1. RETENTION PERIOD.

The period of retention of personal data begins from the time of their provision, at the same time as the start of the service; personal data will be retained for the time necessary to fulfill the purposes for which they were requested or for the terms provided by national and EU laws, rules and regulations with which the Company must comply.
In particular, we remind you that: – for both personal data and payment data, in compliance with the rules currently in force and in relation to the statute of limitations provided by law for rights arising from the service, the retention period currently applicable and, in the present case, applied, is ten years (starting from the end of the service). This is without prejudice to cases in which rights arising from the contract are to be enforced in court, in which case the Data Subject’s personal data, only those necessary for such purposes, will be processed for the time essential to their pursuit. At the end of this period, the Data Controller will erase the data irreversibly – by means of destruction or secure erasure methods – or store them in an anonymous form that does not allow, even indirectly, identification, consistent with the technical procedures of erasure and backup. Verification on the obsolescence of the retained data in relation to the purposes for which they were collected is carried out periodically. This information will also be considered valid for subsequent services (where similar or analogous) that you should conclude with the Controller. Personal data processed for marketing purposes will be retained until consent is revoked. The customer may revoke consent at any time via the unsubscribe link in the communications or by sending an explicit request to the Data Controller.

1. RECIPIENTS OF PERSONAL DATA.

The personal data to be provided may come to the attention of the Data Controller, the persons in charge and/or the data processors.
The communication of personal data is mainly to third parties and/or recipients whose activities are necessary for the performance of activities inherent to the execution of the contractual relationship established with the third parties and to respond to certain legal obligations. Possible categories of recipients who may become aware of your personal data during or after the execution of the contract are:

• Individuals who process data in fulfillment of specific legal obligations;
• lending institutions that provide services functional to the purposes described above;
• software and hardware support companies;
• companies or professionals for the judicial or extrajudicial protection of the Holder’s rights;
• external consultants who provide services functional to the above purposes, identified in writing and given specific written instructions with reference to the processing of personal data, including providers of management software and similar;
• suppliers, if they expressly request it functionally to their right and/or legal obligation or it is necessary to fulfill the contract;
• in general, all those public and private entities to which the communication is necessary for the proper and complete fulfillment of the above-mentioned purposes.

1. DATA DISSEMINATION.

Unless specifically requested by you in writing, or specifically ordered by the A.G./regulatory obligation, the personal information you provide is not subject to dissemination.

1. TRANSFER OF DATA ABROAD.

Personal data may be transferred to third countries or international organizations if necessary for the management of marketing services or other stated purposes. In these cases, transfers will take place in compliance with the GDPR, taking appropriate security measures, such as:

• Adequacy decisions of the European Commission;
• Standard contract clauses approved by the European Commission.

Transfer will take place only if essential and with appropriate levels of protection.

1. PLACE OF PHYSICAL STORAGE OF DATA COLLECTED IN PAPER FORM

Personal data will be stored at the registered office of the company.

1. RIGHTS OF THE DATA SUBJECT.

The legislation grants the Data Subject the exercise of specific rights listed in Art. 15 to 22 of the GDPR, including the right to obtain from the Data Controller confirmation, or not, of the existence of one’s personal data (i.e. access), their provision in an intelligible form, as well as their rectification, or cancellation, or to restrict their processing in whole or in part or oppose it for legitimate reasons and/or revoke their consent to their processing at any time (subject to the consequences indicated), or to request the portability of their data with regard to the data subject to specific consent, or even their updating. CASEI ECO-SYSTEM SRL undertakes to respond to such requests within 30 days of their receipt, extendable up to 60 days in case of complexity or large number of requests. Requests may be sent by email to the addresses indicated in point one. The Interested Party also has the right to request the transformation into anonymous form, the limitation or the blocking of data processed in violation of the law; he/she may also lodge a complaint regarding the unauthorized processing of the data conferred to the Guarantor for the Protection of Personal Data in the manner published on the site of said authority(http://www.garanteprivacy.it/).
Requests regarding the exercise of the aforementioned rights may be addressed to the Data Controller, at the contact details indicated above, without formalities or, alternatively, using the form provided by the Guarantor for the Protection of Personal Data available at the Website: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.

1. NATURE OF DATA PROVISION AND CONSEQUENCES OF ITS REFUSAL.

The provision of the requested data is mandatory; the data requested will be those that are strictly indispensable in relation to the expressed purposes. In the event that the provision of personal data is a legal or contractual obligation or a necessary requirement for the conclusion and execution of a contract (purposes 1 to 3), the refusal or failure to provide all or part of the requested personal data may make it impossible for the Data Controller to give exact performance of the contractual and pre-contractual obligations. The Holder specifies that you will only be asked for the data strictly necessary for the conclusion of the contract and the performance of the obligations or legal obligations arising therefrom.

1. COMPLAINT TO THE PERSONAL DATA PROTECTION GUARANTOR

The Interested Party may lodge a complaint in the manner and within the terms set forth at www.garanteprivacy.it

1. SUBMISSION OF THIS INFORMATION TO THE INTERESTED PARTIES

If, for the reasons stated above, data of your employees/partners/directors are also processed, please be sure to provide this notice to them as well.