ON-LINE REPAIR REQUEST

Information provided pursuant to art. 13, GDPR

Data controller’s identity and contacts

SMZ Italia srl – Via Brandizzo 184, 10088 Volpiano (TO – Italy), P.I. 07528190075, phone +39 011.99.53.534 e-mail smz@smzitalia.com (hereinafter: “SMZ” o “Controller”).

Source of data and purposes of processing

Personal data are provided directly by the data subject (“customer”). They are processed for the following purposes:

1. to take steps at the request of the data subject prior to entering into a contract, to provide information about the quotation of interest.
2. accounting, administrative, balance sheet purposes and to comply with national and UE rules and regulations.
3. information, business and marketing contacts.

Means of processing

1. Personal data are processed by the Controller mainly with electronic means and are stored in his filing systems. Preventative secure measures are applied to prevent data from loss, destruction, alteration (whether by accident or not), unlawful or unauthorised access.
2. Contacts referred to in point 3, “Source of data and purposes of processing”, will be carried out with both through postal address, phone and by e-mail.

Legal basis of processing

1. For the purposes referred to in point 1, “Source of data and purposes of processing”, the legal basis is art. 6, par. 1, letter b), GDPR, since data processing is necessary to take steps at the request of the data subject prior to entering into a contract.
2. For the purposes referred to in point 2, “Source of data and purposes of processing”, the legal basis is art. 6, par. 1, letter c), GDPR, since processing is carried out to comply with legal obligations to which the Controller is subject.
3. For the purposes referred to in point 3, “Source of data and purposes of processing”, the legal basis is the legitimate interest (art. 6, par. 1, letter f, GDPR) of SMZ to contact customers who have already shown their interest in our commercial activity. This legitimate interest of SMZ in counterbalanced by the interest of the customer to know about services and products which we may provide and in which the customer may be interested.

Criteria of data collection

Identity and contact details and the subject for the quotation request are mandatory: without such data we cannot carry out the quotation. Other data may be omitted, and the request shall be anyway achieved. Data are collected pursuant to art. 25, GDPR – Data protection by design and by default – which requires to implement appropriate technical and organisational measures for ensuring that, by design and by default, only personal data which are necessary for each specific purpose of the processing are processed.

Processors, persons authorised for data processing, other data controllers

1. Data will be processed by the persons authorised for the processing and acting under the authority of the Controller and in charge of administration, commercial activities, customer care, information systems and security measures.
2. Data will be processed also by processors in charge of the services connected to the activities referred to in point 3, “Source of data and purposes of processing”.
3. Data may be communicated to entities and judiciary (autonomous data controller), if required by national and EU laws and regulations.

Communication and dissemination of data

1. Data are not communicated to other companies, bodies or organisations for their marketing and profiling purposes.
2. Data may be communicated to supervisory authorities and judiciary or public bodies for their institutional tasks on their request or to assert, exercise, defend a right in judiciary by SMZ or by a third party.
3. Data are not disseminated.

Period of data storage

1. For the purposes referred to in point 1, “Source of data and purposes of processing”, data will be stored until the request of quotation is not fully fulfilled and for the time of the whole business relationship.
2. For the purposes referred to in point 2, “Source of data and purposes of processing”, data will be stored for the period determined by the single national and EU rules and laws governing legal obligations to which the Controller is subject.
3. For the purposes referred to in point 3, “Source of data and purposes of processing”, data will be stored until SMZ considers that the data subject maintains the interest in our business activity. SMZ will not contact the person anymore if the data subject objects to processing for such contact purposes.

Where data are processed and data transfer to third Countries

Data processing and storage will be carried out on the Controller’s server and /or of companies in charge of processing and designated as processors, located in EU territory. No transfer to third Countries is intended so far. If need be, data will be transferred to third Country pursuant to applicable law provisions (arts. 45, 46, 47 e 49, GDPR).

Data subjects’ rights

Pursuant to articles 15-22, GDPR, writing to the data controller at the postal address of the Controller or by e-mail smz@smzitalia.com, you may request the list of data processors and exercise your right of access, rectification, right to be forgotten, restriction of processing, data portability, and you can object to the processing of your data on legitimate grounds or for promotional business contacts.

How to lodge a complaint with the supervisory authority

The data subject has the right to lodge a complaint with the supervisory authority (Garante per la Protezione dei Dati Personali – Piazza Venezia 11, 00187 Roma (RM – Italy) – www.garanteprivacy.it, e-mail protocollo@pec.gpdp.it, format https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524&zx=e0yn0riezmmw) to exercise and defend the right of data protection.