Privacy Policy – AMARC srl

Privacy Policy

PERSONAL DATA PROCESSING POLICY

AMARC SRL

Amarc Srl, with registered office in Via degli Artigiani, no. 37, in Montevecchia (LC), tax code and VAT number 02545640969 (hereinafter, “Controller”), as the controller, informs you that, pursuant to Art. 13 of Italian Legislative Decree no. 196 of 30.6.2003 (hereinafter, “Privacy Code”) and Art. 13 of Regulation EU no. 2016/679 (hereinafter, “GDPR”) your data will be processed with the following methods and for the following purposes:

1. Object of the treatment
The Controller processes the personal data, which is identification data and not sensitive (in detail, name, surname, telephone, e-mail, telephone number – hereinafter, “personal data” or also “data”) you communicate during the personal data registration phase on the Controller’s website for sales, technical support and consultancy requests.

2. Purposes of processing
Your personal data will be processed:

  • A) without your express consent (Art. 24 letters a, b, c, Privacy Code and Art. 6(b)(e) GDPR), for the following service purposes:
    • satisfying the obligations of a law, regulation, EU regulation or order of the Authority;
    • preventing or revealing fraudulent activity or abuses damaging for the website;
    • exercising rights of the Controller, such as the right to legal defence.
  • B) Only with your specific and direct consent (Arts. 23 and 130 Privacy Code and Art. 7 GDPR), for the following marketing purposes:
    • sending newsletters, sales communications and/or advertising material on the products or services offered by the Controller via e-mail

We also inform you that, if you are already our customer, we may send you sales communications on similar services and products of the Controller to those you have already used, unless you object (Art. 130 p. 4 Privacy Code).

3. Processing methods
Your personal data is processed through the operations indicated in Art. 4 Privacy Code and Art. 4(2) GDPR, and specifically: collection, recording, organisation, storage, consultation, processing, alteration, selection, extraction, comparison, use, interconnection, blocking, disclosure, erasure or destruction of the data. Your personal data is processed both manually and using electronic and/or automated means.

The Controller will process the personal data for the time strictly necessary to achieve the above purposes and, in any case, for no longer than 10 years after termination of the relationship for service purposes and for no longer than 2 years after collection of the data for marketing purposes.

4. Access to the data
Your data may be made accessible for the purposes of Art 2.A) and 2.B):

  • to employees and collaborators of the Controller, as the processors and/or internal processing officers and/or system administrators.

5. Communication of the data
Without your express consent (pursuant to Art. 24 letters a), b), d) Privacy Code and Art. 6(b) and (c) GDPR), the Controller may communicate your data for the purposes of Art. 2.A) to supervisory authorities, the judicial authorities and to all other subjects to whom communication for fulfilment of said purposes is obligatory by law. Your data will not be disclosed.

6. Transfer of the data
The personal data will be managed and stored on servers located within the European Union, belonging to the Controller and/or third parties assigned and duly appointed as Processors. The servers are currently located in Italy. The data will not be transferred outside the European Union.

7. Nature of providing the data and consequences of refusing to respond
Providing the data for the purposes of Art. 2.A) is obligatory. In its absence, we cannot guarantee that you will be able to register with the website or for the Services of Art. 2.A).
Providing the data for the purposes of Art. 2.B) is optional. You can therefore decide whether to provide certain data or subsequently to deny consent to processing of data already provided: in this case, you will not be able to receive sales communications and advertising material relating to the services offered by the Controller. You will continue to be entitled to the services of Art. 2.A) in all cases.

8. Rights of the data subject
As the data subject, you have the rights indicated in Art. 7 Privacy Code and Art. 15 GDPR, and specifically to rights to:

i. obtain confirmation of whether or not your personal data exists, even if not registered, and whether it is disclosed in intelligible form;

ii. obtain the following information: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied if the data is processed electronically; d) the identification details of the controller, the processors and the data protection officer appointed pursuant to Art. 5, paragraph 2, Privacy Code, and Art. 3(1) GDPR; e) the parties or the categories of parties to whom the personal data may be communicated or who may learn it as the appointed representative in the territory of the State, managers or processors;

iii. obtain: a) revision, correction or, when interested, supplementing of the data; b) erasure, conversion into anonymous form or blocking of data processed illegally, including data which it is not mandatory to keep in relation to the purposes for which it has been collected or subsequently processed; c) certification that the operations of letters a) and b) have been explained, even only in terms of their content, to anyone to whom the data itself has been communicated or disclosed, unless this proves impossible or involves disproportionate effort;

iv. object, in full or in part: a) for legitimate reasons, to processing of your personal data, even when pertinent to the purpose of collection; b) to processing of your personal data to send advertising or direct sales material or to conduct market surveys or make business communications, using automated call systems without an operator, via e-mail and/or with traditional marketing methods by telephone and/or ordinary mail. The data subject’s right to object according to point b) above, for direct marketing purposes using automated means, is also extended to traditional methods and, in any case, the data subject’s right to object even only in part remains in all cases. The data subject may therefore decide to receive only communications through traditional methods or only automated communications or neither of the two types of communication.

Where applicable, you also have the rights indicated in Arts. 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), and also the right to lodge a complaint with the Supervisory Authority.

9. Methods of exercising rights
You may exercise your rights at any moment by sending a registered letter with acknowledgement of receipt to Via Artigiani 37
23874 Montevecchia (LC) – Italy or e-mail to amarc@pec.amarc.com

10. Minors
This website and the Controller’s services are not intended for minors under 18 years of age and the Controller does not intentionally collect personal information on minors. If information on minors is unintentionally registered, the Controller will erase it promptly, on users’ request.

11. Controller, processor and sub-processors
The Controller is Amarc Srl.
An up-to-date list of the processors and the sub-processors is kept at the Controller’s offices.

12. Amendments to this Policy
This Policy may be amended. It is therefore recommended to check the Policy regularly and refer to the most recently revised version.