Privacy Policy

CUSTOMER PRIVACY NOTICE
Articles 13 - 14 of EU Regulation 2016/679 “GDPR”

WHO IS THE DATA CONTROLLER?
The data controller is C.M.T. Utensili SPA, via della Meccanica, 61122, Pesaro Urbino (PU), Fraz. Chiusa di Ginestreto,
Tel. +39 0721 48571, email: privacy@cmtorangetools.com,

WHAT IS THE PURPOSE OF THE DATA PROCESSING?
In accordance with EU Regulation 2016/679 on the processing of personal data and their free movement, and with Legislative Decree 196/2003 and subsequent amendments, "Personal Data Protection Code", we inform you, as the "Data Subject", that we process your data for the following purposes:
a) contractual, administrative purposes, and to respond to information requests sent or otherwise required by law;
b) purposes related to the management of the reserved web area or technical management of profiles linked to the website;
If the need arises to pursue further data processing purposes not mentioned in this notice, we will inform you in advance about the new processing methods.

ON WHAT LEGAL BASIS DO WE PROCESS THE DATA?
The legal bases vary depending on the purposes pursued, as mentioned above. Therefore, in relation to point:
a) Under Article 6 of the GDPR, letter b) and c), the processing is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures taken at the request of the data subject, as well as to comply with legal obligations to which the data controller is subject.
b) Under Article 6 of the GDPR, letter b) and f), the processing is necessary for the execution of a contract to which the data subject is a party and for the pursuit of the legitimate interests of the data controller.

FROM WHOM DO WE COLLECT THE DATA?
We always collect personal data directly from the Data Subject, where possible. Alternatively, some data may be provided by family members.

WHAT CATEGORIES OF DATA DO WE PROCESS?
We mainly request and process only personal data classified as "common", such as name, surname, tax code, VAT number, email, phone number. In some cases, however, it may be essential to process data classified as "sensitive". In these cases, it is our responsibility to inform you about the specific use, legal basis, and purposes of the processing.
The provision of common personal data (appropriately specified when the relationship is established) is mandatory in order to benefit from our services. Without it, we may not be able to provide an adequate service, provide it within the requested time, or it could result in partial or total non-performance of the assigned task.

TO WHOM DO WE COMMUNICATE PERSONAL DATA?
Data are processed at the legal and operational headquarters of the Data Controller and any other location where the parties involved in the processing may be located. Your personal data may be communicated to public entities and institutions for the purpose of complying with legal obligations, as well as to external companies that carry out outsourcing activities on behalf of the Data Controller, in their capacity as data processors. These data processors are accredited and authorized by us to process the data exclusively for the above-mentioned purposes, including the correct management of the contractual relationship established between the parties. All data processors have been individually identified within our management system and have received appropriate instructions to guarantee the rights of data subjects, as well as the obligation to respect the right to confidentiality.

HOW DO WE PROCESS THE DATA?
Your personal data will be processed by the Data Controller using both paper and digital formats. Only authorized personnel from the Data Controller will have access to the data to perform processing or system maintenance operations. We adopt all technical and organizational measures to prevent unauthorized access, disclosure, alteration, or destruction. Additionally, we do not use automated decision-making processes within our organization.

ARE THE DATA TRANSFERRED TO NON-EU COUNTRIES?
Your data will not be transferred to third countries outside the European Union with data protection laws not aligned with the GDPR; furthermore, they will not be disseminated to unauthorized third parties for purposes other than those described in this notice.

HOW LONG DO WE KEEP THE DATA?
We will process your data for as long as necessary to achieve the purposes for which it was collected and will keep it for the entire duration of the contractual relationship. It may also be retained after the termination of the relationship for the entire duration necessary for the fulfillment of contractual obligations and for compliance with relevant legislative provisions. At the end of the retention period, the data will be destroyed, returned, or processed while ensuring compliance with the principle of minimization, protecting the rights and freedoms of the data subject and maintaining appropriate technical and organizational security measures.

WHAT ARE YOUR RIGHTS?
You have the right to request access to your personal data and the rectification or deletion of the data, as well as the limitation of processing or to object to the processing, along with the right to data portability, under the GDPR. Therefore, you may request a digital copy of your data or its automatic transfer to other companies at any time. In the cases provided, you can also object to or revoke the consent you have given. The data subject has the right to file a complaint with the Data Protection Authority (www.garanteprivacy.it). Any request to exercise rights will be evaluated in accordance with Articles 23 of the GDPR and 2-undecies and 2-duodecies of the Privacy Code. To exercise these rights or for further information, we invite you to send a request via email to the address of the Data Controller, as indicated above, using the “Data Subject Rights Exercise Form” available on our website.

PRIVACY NOTICE IN ACCORDANCE WITH ARTICLES 13 AND 14 OF THE GDPR FOR DATA COLLECTED DIRECTLY AND INDIRECTLY FROM THE DATA SUBJECT Dear Customer/User, The European Regulation on the protection of personal data (GDPR) under Articles 13 and 14, paragraphs 1, mandates the obligation to inform the data subject, in cases of direct and indirect data collection, about the fundamental elements of processing, specified in Article 1, subparagraphs a/f. Our company fully complies by informing you that: 1-A) The data controller is C.M.T. UTENSILI S.P.A., located at VIA DELLA MECCANICA S.N., CHIUSA DI GINESTRETO, PESARO 61122 (PU), ITALY, with a branch in 46470 Catarroja - VALENCIA (SPAIN), Calle 25/31 Poligono Industrial, Tel. 0034 96 1274500 – EMAIL privacy@cmtorangetools.com 1-B) Data processing methods Data processing may be carried out using both electronic and manual tools, adhering to all necessary precautions to ensure the security and confidentiality of the information. 1-C) Data is collected for the following purposes: • Fulfillment of obligations arising from a contract to which you are a party, or to comply, before the contract, with your specific requests; • Compliance with legal obligations, regulations, and community legislation; • Customer management (administration of clients; contract management, orders, shipments, and invoicing; credit reliability and solvency checks); • Dispute management (contractual non-fulfillments; warnings; settlements; debt recovery; arbitration; litigation); • Sending of advertising material; • Promotional activities (B2B) The legal basis for these activities is: • Your explicit consent for one or more specific purposes; • Contractual or pre-contractual necessity; • Legal obligation to which the company is subject; 1-D) The recipients or possible categories of recipients are: • Banks and credit institutions; • Debt recovery companies; • Law firms; • Insurance companies; • IT equipment maintenance/repair companies; • Professional firms and/or companies and/or associations of companies and entrepreneurs that provide us with specific accounting and/or tax services, professional training, etc.; • Agents and/or representatives of C.M.T. UTENSILI spa. 2-A) The retention period for personal data related to clients, contained in paper and/or electronic databases, for the purposes mentioned in point 1-D), is as follows: • For pre-contractual treatments on request of the data subject aimed at drafting the contract or the commercial offer, it is necessary for the processing and in any case is that required by current legislation (3 years); • For contractual fulfillments, the data retention period is necessary for the processing and in any case is that required by current legislation (10 years); • For data potentially processed in disputes, the data retention period is necessary for processing and in any case that required by current legislation (10 years); • For legal obligations, the retention period is 10 years; • For marketing, promotional purposes, sending of advertising material, the data retention period is necessary for processing and in any case that provided by current legislation (2 years); • For users of telematic services, the data retention period is 12 months. 2-B) You are informed of your right to request access to your personal data, correction, deletion of the same, restriction of processing, to object to their processing, and to data portability. ( art.15-21-22 GDPR) 2-C) Since our processing also has a legal basis on the consent you have provided (art. 9, § 2, lett. a) you are recognized the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent given before the revocation. 2-D) You have the right to lodge a complaint with a supervisory authority. 2-E) The communication of your data: • is a necessary requirement for the conclusion of the contract, therefore your possible refusal to provide the data will result in the inability to fulfill the contract; • could be used for sending advertising material and/or conducting promotional and marketing activities, therefore your possible refusal to provide the data will result in the inability to send such material and/or conduct promotional activities.
4/30/2024 9:40:37 AM