Information Notice on Personal Data Processing
PRISMA S.p.A. is committed to protecting the rights and fundamental freedoms of data subjects and in particular the right to the protection of the personal data gathered as part of our business activities. The data gathered will be processed in accordance with the principles set out by European and Italian regulations, with particular reference to the General Data Protection Regulation (GDPR).
This document - hereinafter referred to as "statement" - intends to provide complete information on data processing activities carried out by Prisma S.p.A. It may be accompanied by additional specific information relating to special types of processing.
The statement is made up of four parts:
Data controller and contact data
Cookie management and data gathered through the website
Management of personal data concerning customers and suppliers
Rights of the data subjects
1. Data controller and contact information
The data controller (“Controller”) pursuant to art.4, point 7 of the GDPR is: PRISMA S.p.A, Quartiere Artigianale di Casale di Mezzani - 43055 Mezzani (PARMA) - ITALY. Data subjects can send any requests concerning processing of their data to the following email address: firstname.lastname@example.org
2. Cookie management and personal data gathered through the website
For access to the reserved area, the website records some information (login, access and disconnection time, IP used by the connected user, etc.) including personal information, needed to prevent and document any unauthorised access to the reserved area. This information is normally erased after 60 days from access, unless obligations to the contrary are envisaged by national or international regulations.
Third-party cookies can also be installed on the user's device, for example when the website is accessed through a search engine, but the use of these cookies and of the data that may be gathered is beyond the responsibility of Prisma S.p.A.
3. Management of personal data concerning customers and suppliers
In the performance of their business activities, Prisma S.p.A. uses various computer programmes to manage production aspects, tax requirements and to support sales relationships. These programmes use databases that can include personal data concerning customers and suppliers or their representatives and staff. The personal data of potential customers or other companies with whom Prisma has current or prospective business relationships can also be gathered and processed.
The personal data of customers, suppliers and any other subject in a professional relationship, may include:
Personal details such as name, surname, qualification, email, address, country, telephone contact.
Other data required for the commercial relationship (VAT no. or tax ID, sales terms,etc.)
Data relating to purchases made, aggregated and segmented with various techniques.
Any other information concerning suppliers or their staff and representatives, which Prisma is required to gather in accordance with regulatory or disciplinary obligations. If required by the law, Prisma undertakes to obtain the consent of the data subject to processing of said data.
The data provided by the data subjects will be processed for the following purposes and after obtaining consent, if necessary:
Providing information requested by data subjects.
Management of sales or purchases.
Sending of information and/or advertising material
Managing customer relationships.
Provision of maintenance and support services.
Selection and qualification of suppliers.
Managing any disputes that may arise.
Fulfilment of tax-related, bookkeeping and administrative requirements.
Customer satisfaction surveys.
Managing incidents and complaints.
The processing of personal data is necessary for the execution of agreements which the data subject enters into or for the execution of pre-contractual measures. A refusal to provide data could make it impossible to execute the agreement and lead to termination of the relationship.
Moreover, the processing of personal data is necessary for a legitimate interest of the Data controller related to their business activities. If and where requested by applicable laws, Prisma shall duly request the consent of the data subjects to processing of their personal data.
Personal data is normally gathered from the data subject or by consulting publicly accessible lists. Personal data is retained for the period of time needed to attain the purposes for which it was gathered and never more than 5 years from the last commercial contact. After that, personal data is removed or anonymised, unless storage is required by regulatory obligations.
Prisma does not transfer to third parties any personal data concerning subjects with whom they have current or potential professional relationships. All data are processed in the EU.
4. Rights of the data subjects
The data subjects may at any time request access to their personal data. Upon the data subjects' request, Prisma will correct, erase or supplement any personal data that is incorrect or incomplete. Requests can be sent by the data subjects to Prisma by writing to the addresses provided in the first part of this statement.
If personal data processing is based on consent, the data subject has the right to withdraw consent at any time. If personal data processing is based on the legitimate interest of Prisma, as part of their business activity, the data subject may object to said processing on the basis of specific individual circumstances, which must be clearly specified in the notice of objection to processing.
In certain circumstances, the data subjects can request data portability.
The data subjects always have the right to lodge a claim with the relevant supervisory authority (in Italy, the Personal Data Protection Authority) concerning any aspect of the processing performed by Prisma, if they believe that it damages their interests or rights.
Prisma may reject a request, or obtain reasonable compensation for fulfilling a request, if said request is clearly unfounded or excessive or if there is a legitimate reason for rejecting the request. By way of example, inter alia, the removal of personal data can be prevented by regulations on retention of tax-related documents, or by the obligation to fulfil contractual obligations with third parties.
Refusal to data processing may totally or partially prevent the provision of the services requested by the data subject.