GDPR Information

Information on the processing of personal data pursuant to Articles 13 and 14 of EU Regulation 2016/679 (“GDPR”) for the various interested parties.

Dear customers, suppliers, potential customers and website users,

Foreword / Introduction

Below you will find information about our privacy policy, which describes how we collect and process your personal data.

Furthermore, we would like to inform you that the Company’s privacy policy may be subject to change as a result of the issuance of new regulations and/or the introduction of new services. We therefore invite you to periodically check for any changes/updates to the privacy policy on our website.

Who is the data controller?

The data controller is TSE s.r.l., with registered office in Viale Filippo Turati, 25, 05100 TERNI (TR) – Italy, E-mail: info@tsesrl.it

How your personal data is collected by the Company and why

The Company collects Personal Data provided directly by the interested party (i.e. the owner of the personal data):

  • When it is necessary for the performance and/or management of a contract to which the data subject is party;
  • Where it is necessary to take steps at the request of the data subject before entering into a contract relating to the Company’s products and services or to the Company’s organisation;
  • When it is necessary to respond to requests voluntarily sent by the sender, for example, to the email address indicated on the website. In such circumstances, it will involve the acquisition of the sender’s address, as well as the acquisition of any other personal data included in the communication.
How your personal data is processed

Your personal data will be processed by the Company according to the principles set out in art. 5 of the New Regulation, namely: lawfulness, correctness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality.

The Company processes data in both paper and electronic form. In this context, the Company will ensure the logistical and physical security of the Data and, in general, the confidentiality of the Data processed, adopting all necessary technical and organizational measures, in order to reduce the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed pursuant to Art. 6 and Art. 32 of the new regulation.

Why we process your data

The Company collects and processes your personal data, without specific consent, for the following purposes:

  1. Complete necessary pre-contractual activities (e.g. sending quotes, checking creditworthiness and solvency);
  2. To fulfill contractual and tax obligations towards themselves;
  3. Protect our assets and/or defend our rights based on our legitimate interests;
  4. To comply with legal requirements and meet requests from authorities, as well as to comply with fraud and money laundering prevention provisions, etc.;
  5. To respond to requests sent by email or via the website form.

Please note that you may revoke, at any time, any consent already expressed, by contacting the Data Controller via email.

The following table describes the lawfulness of the processing declared by the New Regulation, according to which the data are processed.

ProcessLawfulness of processing
Sending a quoteExecution of pre-contractual activities
Provision of services, purchase of products and servicesPerformance of the contractual obligation
Protection of assets – defense of rightsLegitimate interest pursued by the Data Controller
Sending information to public authoritiesLegal obligation to which the Data Controller is subject
Responding to requests sent via email or via the website formExecution of pre-contractual activities
Is it necessary to provide my personal data or my consent?

The provision of data for the purposes referred to in the previous points 1) – 4) is mandatory. Otherwise, the execution of the contract cannot be guaranteed.

The provision of data for the purposes indicated in the previous point 5) is optional. Therefore, it is possible to decide not to provide data or to subsequently deny the possibility of processing data previously provided: in this case, failure to provide data may make it impossible to satisfy requests or evaluate potential candidates.

In relation to the purposes for which your explicit consent is requested, failure to provide consent does not constitute a valid reason for the Data Controller to withdraw from a contract or not to satisfy your requests in relation to other purposes.

Who your data is communicated to

Without having to obtain explicit consent, the Company may communicate your Data, for the purposes indicated above, to prefectures, insurance supervisory institutions (such as IVASS), judicial authorities, insurance companies (for the provision of insurance services), as well as to the parties to whom such communication is required by law for the fulfillment of the purposes indicated above. These parties will process the Data as independent data controllers.

Who can access your data

Your data may be made accessible for the purposes indicated above:

  • To employees and collaborators of the Data Controller, in their role as data controllers and/or internal processors and/or system administrators;
  • Third parties or other parties (such as, for example, credit institutions, professional offices, consultants, insurance companies for the provision of insurance services, etc.) who carry out activities that have been outsourced by the Company, in their role as external data controllers or co-controllers should process the data for their own purposes.
Where is your data stored and where is it transferred?

The data is processed at the Company’s operational headquarters, at the Aruba Servers, as well as in any other place where the parties involved in the processing are located.

Your data will be stored in accordance with the principles of proportionality and necessity and until the purposes for which they were collected have been achieved.

In any case, the storage time differs depending on the purpose of the processing, as described in the following table.

ProcessDuration
Sending a quoteSix months
Provision of services, purchase of products and services11 years after the end of the business relationship
Protection of assets – defense of rights11 years after the end of the business relationship
Sending information to public authorities11 years after the end of the business relationship
Responding to requests sent via email or via the website formSix months

Once the above terms have expired, your data will be automatically deleted.

What are your rights?

As a data subject, you have the right to:

  1. Know if the Data Controller holds and/or processes your Data, obtaining information relating to: origin, category, purpose and method of processing, the recipients to whom such data may be communicated, the logic applied in the event of processing carried out electronically, indicates the period for which the data are retained; as well as the right to access it in its entirety and obtain a copy (art. 15 Right of access);
  2. Rectify data concerning you and complete incomplete data (art. 16 Right to rectification);
  3. Obtain the deletion of the Data held by the Data Controller if such deletion is provided for by the New Regulation (art. 17 Right to deletion – Right “to be forgotten”);
  4. Request the Data Controller to limit the processing only to certain Data, where provided for by the New Regulation (Art. 18 Right to limit processing);
  5. Be informed of who the recipients are to whom any corrections, deletions or restrictions on processing have been communicated (art. 19 Notification obligation);
  6. Request and receive all your Data, in a structured, commonly used and machine-readable format or to request its transmission to another controller without hindrance (Art. 20 Right to portability);
  7. To object in whole or in part to the processing of Data for marketing purposes (sending advertising material, direct sales, market research and commercial communications) and for the purposes of profiling connected to such marketing (art. 21 Right to object).

Finally, you have the right to lodge a complaint / petition directly with the Data Protection Authority, located in Piazza di Montecitorio n °. 121 – 00186 ROME, Italy – phone (+39) 06.696771 and Fax: (+39) 06.69677.3785.

The exercise of the rights referred to in this paragraph is completely free.

How you can exercise your rights

At any time, you can exercise your rights by sending:

  • A registered letter with return receipt addressed to the Company, Viale Filippo Turati, 25, 05100 TERNI (TR) – Italy;
  • or an email to info@tsesrl.it