Privacy Policy Company
Duty of information under Article 13
of the REGULATION (EU) 2016/679 (GDPR)
GDPR protects the confidentiality of personal data in
order to ensure the data subject’s rights and freedoms and therefore places a
number of obligations to who “processes” personal information of other
subjects. One of the most important duties that law requires to observe is to
provide information to data subjects and to get their consent for processing in
cases where it’s required, especially for those processing activities that
require data to be communicated to other entities.
On this basis, in accordance with Article 13 of GDPR please be advised that Ferrari International collects and processes data of your company without your explicit consent (Art. 24 point a), b), c) of PERSONAL DATA PROTECTION CODE and Art. 6 point b), e) of GDPR) for purposes such as management of business relations and, precisely, completion of customers/suppliers lists, keeping the accounts, invoicing, management of creditors in order to meet all obligations laid down in current rules.
Furthermore your data may be processed for internal statistical and market research purposes and only with your prior specific consent (Art. 23 and 130 “Codice Privacy”) and Art. 7 GDPR) for the following marketing purposes:
-sending
you by e-mail, post, text or telephone newsletters, commercial communications
and/or advertising material relating to products or services provided by Data
Controller and the degree of satisfaction of the quality of services.;
-sending you by e-mail, post, text and telephone
commercial and promotional communications of external third parties.
The processing of your personal data is performed by
means of operations specified in Art. 4 of PERSONAL DATA PROTECTION CODE and in
Art. 4 n. 2) of GDPR and precisely: data collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available,
alignment or combination, restriction, erasure or destruction. Your personal
data is processed whether or not by automated means.
Data Controller shall process personal data for as
long as necessary to comply with the same purposes as above. Personal data
shall not be processed for no more than 10 years after the cessation of the
relation with regard to administrative and accounting purposes and for no more
than 2 years from the data collection with regard to marketing purposes.
Data may be processed whether or not by computerised
means, in compliance with all precautions needed to ensure data security and
confidentiality.
Only beyond technical and operational necessities
closely related to the same purposes as above, your data may be disclosed to
third parties and in particular to the following entities:
a) institutions, specialists, companies or other
actors that support us in carrying out administrative, accounting and
management requirements of the ordinary duties of our business, and in
collecting debts;
b) public authorities and administrations for purposes
such as fulfilment of legal obligations;
c) banks, financial institutions or other actors to
which we must transfer data in order to fulfil contractual obligations towards
you.
As data subject, you have the right as set out in Art.
7 of PERSONAL DATA PROTECTION CODE and
Art. 15 of GDPR and precisely to:
i. obtain confirmation as to whether or not personal
data concerning him exist, regardless of their being already recorded, and
communication of such data in intelligible form;
ii. to be informed a) of the source of the personal
data; b) of the purposes and methods of the processing; c) of the logic applied
to the processing, if the latter is carried out with the help of electronic
means; d) of the identification data concerning data controller, data
processors and the representative designated as per Section 5(2) PERSONAL DATA
PROTECTION CODE and Art. 3 paragraph 1 of GDPR; and e) of the entities or
categories of entity to whom or which the personal data may be communicated and
who or which may get to know said data in their capacity as designated
representative(s) in the State’s territory, data processor(s) or person(s) in
charge of the processing;
iii. to obtain a)updating, rectification or, where
interested therein, integration of the data; b) to obtain erasure,
anonymization or blocking of data that have been processed unlawfully,
including data whose retention is unnecessary for the purposes for which they
have been collected or subsequently processed; c) to obtain certification to
the effect that the operations as per letters a) and b) have been notified, as
also related to their contents, to the entities to whom or which the data were
communicated or disseminated, unless this requirement proves impossible or
involves a manifestly disproportionate effort compared with the right that is
to be protected;
iv. to object, in whole or in part, a) on legitimate
grounds, to the processing of personal data concerning him/her, even though
they are relevant to the purpose of the collection; b) to the processing of
personal data concerning him/her, where it is carried out for the purpose of
sending advertising materials or direct selling or else for the performance of
market or commercial communication surveys, through the use of automated
calling systems without human intervention, or through traditional systems such
as email, telephone and/or post. Please note that the right to object, with
regards to point b) above, referred to direct marketing purposes through
automated systems extends to the traditional one and that the data subject has
the possibility to exercise its right to object even partially. Therefore, data
subject may decide to receive communications either through traditional methods
or through automated systems or neither of them.
How to exercise your rights:
You may exercise your rights at any time:
- by registered post with a form of acknowledgment of receipt to Ferrari International SpA via Emore Tirelli 26/A – 42122 Reggio Emilia
- emailing: [email protected]
Data Controller is Ferrari International SpA with
the registered office in via Emore Tirelli 26/A 42122 Reggio Emilia
The updated list of processors and persons in charge
of the processing is kept at the registered office by Data Controller.