Information for the
processing of personal data
pursuant to art. 13 Legislative Decree 30/06/2003 n. 196 and art. 13 EU Regulation no. 2016/679 and of the Council of 27 April 2016
Geo Seed Srl, with registered office in ITALY in Via Maestra, 25 - 12040 Grinzano di Cervere (CN) Fiscal Code 01542300460, VAT number IT 02641830043 (hereinafter referred to as "OWNER"), as data controller, informs you pursuant to of the art. 13 Legislative Decree 30/06/2003 n. 196 (hereinafter referred to as the "Privacy Code") and art. 13 EU Regulation no. 2016/679 and of the Council of 27 April 2016 (hereinafter initialed "GDPR") which will come into force in Italy on 25 May 2018, that your data will be processed with the following methods and purposes:
1.Object of treatment
The Data Controller processes personal, identification data (for example name, surname, company name, address, telephone number, e-mail address, bank and payment details) (hereinafter "personal data" or "Data") communicated by you on the occasion of the conclusion of contracts for the services of the Owner.
2. Purpose of the processing
Your personal data are processed:
-
without your express consent (Article 24 letter a) b) c) Privacy Code and art. 6 lett. b) e) GDPR), for the following service purposes:
-
Conclude contracts for the Controller's services;
-
Fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you;
-
Personal data are processed within the normal activity of the company Geo Seed Srl for administrative and accounting purposes
-
Fulfillment of tax or accounting obligations
-
Customer management (customer administration, administration of contracts, orders, shipments and invoices, reliability and solvency check)
-
Supplier management (administration of suppliers administration of contracts, orders, arrivals, invoices, selection in relation to the needs of the company)
-
Legal and economic treatment of personnel to exercise the rights of the Data Controller, for example the right to defense in court;
-
Management of commercial relationships to the extent necessary to best perform the requested service.
-
-
Only with your specific and distinct consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR) for the following marketing purposes:
- send them via e-mail, post and / or text message and / or telephone contacts, news letters, commercial communications and / or advertising material on products or services offered by the Data Controller; Send you commercial and / or promotional communications from third parties via e-mail, post and / or sms and / or telephone contacts.
We inform you that if you are already our customers, we will be able to send you commercial communications relating to the Controller's services and products similar to those you have already used, unless you disagree (Article 130 c.4 of the Privacy Code).
3. Method of treatment
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n.2) GDPR and precisely:
collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic and / or automated processing.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purpose and in any case for no more than 10 years from the termination of the relationship for the purpose of the service and for no more than 2 years from the collection of data for the marketing purpose.
4. Access to data
Your data may be made accessible for the purposes referred to in art. 2A) and 2B):
to employees and collaborators of the Data Controller;
to third-party companies or other subjects (example: credit institutions, lawyers, professional firms, consultants, etc.) who participate in the performance of the activities of the Data Controller in the various sectors, for needs strictly connected to the aforementioned purposes, in their capacity as external data processors .
5.Communication of data
Without the need for express consent (pursuant to Article 24 letter a) b) d) Privacy Code and art. 6 lett. b) c) GDPR) the Data Controller may communicate your data for the purposes referred to in art. 2A) to Supervisory Bodies, Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom communication is mandatory by law for the accomplishment of said purposes.
These subjects will process the data in their capacity as independent data controllers.
Your information will not be disseminated.
6.Data transfer
Personal data is stored on the Server / NAS
Our servers are located within the European community.
The location address is Via Mastra 25, 12040 Grinzano di Cervere CN IT
The servers are protected by firewalls and ant-visus (NOD32)
The management program has the following functional-technological security features, thus implementing the technical security measures provided for by the GDPR.
We list some of the security measures:
-
User-id for users and administrators: the administrator user can independently assign credentials and access privileges to the various operators; the management of user groups allows assignment by homogeneous categories.
-
Password strength: by raising the “Privacy Level” a password strength check is activated which requires its length to be at least 8 characters.
-
Password masking: Passwords are not visible as you type.
-
Authentication errors: in the case of an attempted access with incorrect credentials, the error message returned is generic, without providing information that could facilitate unauthorized access; after 3 attempts the input window closes.
-
Password check on the server: passwords are saved encrypted on the server database.
-
Changing the password by the user: all users can change their password and, if the "Privacy Level" is set to high, they are forced to change it at first access and then at least every 6 months.
-
Permissions Review: The administrator can run the “Print Settings” to periodically check the status of the policies assigned to users.
-
Log: the application generates different types of logs related to both user activities and those of the server administration.
-
Anonymization of outputs: management data can be exported in formats (csv, xls, txt) on which it is easy to remove unnecessary data (eg removal of columns containing personal data)
-
Deletion of data: o accounting and warehouse movements are automatically removed in the eleventh year from their entry; the removal can also be performed in advance or all data relating to a single "company" can be removed at any time and in full.
-
Minimization of mandatory data: the management system is set up to collect only the necessary data.
-
Encryption of transmissions: The conversation between client and server uses the TLS cryptographic protocol.
-
Data protection: the database, in addition to being proprietary and therefore interrogable only through the management system, is inextricably linked to the unique identification of the installation.
7. Nature of the provision of data and consequence of the refusal to answer
The provision of data for the purposes referred to in art. 2A) is mandatory. In their absence, we will not be able to guarantee the services of art. 2A).
The provision of data for the purposes referred to in art. 2B) is optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing the data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the services offered by the Data Controller.
However, you will continue to be entitled to the services referred to in art. 2A).
8. Rights of the interested party
In your capacity as an interested party, you have the rights referred to in art. 7 of the Privacy Code and art. 15 GDPR and precisely the rights of:
-
obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communications in an understandable and legible form.
-
Obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing;
-
of the logic applied in case of treatment carried out with the aid of electronic instruments; d) the identification details of the Data Controller, of the managers and of the designated representative pursuant to art. 5 paragraph 2 of the Privacy Code and art. 3 paragraph 1 GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or agents to obtain:
-
a) updating, rectification or integration of data;
-
b) the cancellation, transformation or blocking of data processed in violation of the law, including data which need not be kept for the purposes for which the data were collected or subsequently processed;
-
c) certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their
-
content, of those to whom the data have been communicated or disseminated.
To object in whole or in part:
a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection;
b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of authorized call systems without the intervention of an operator through e-mail and / or through traditional marketing methods, by telephone and / or paper mail.
It should be noted that the data subject's right to object set out in point b) above, for direct marketing purposes. through automated methods it extends to the traditional ones and in any case the possibility remains for the interested party to exercise the right to object, even in part. Therefore, the interested party can decide to receive communications through legal methods or only authorized communications or neither of the two types of communication.
Where applicable, it also has the rights referred to in art. 16 - 21 GDPR (right of rectification, right to be forgotten, right to limit the processing, right to data portability, right to object), as well as the right to complain to the Guarantor Authority.
9. Methods of exercising rights
You can exercise your rights at any time by sending a registered letter with return receipt addressed to:
Geo Seed Srl - Privacy Service
Via Maestra 25 - 12040 Grinzano di Cervere CN - IT
OR
An e-mail to the address: info@pec.geoseed.it or privacy@geoseed.it
For any clarification please contact us at the above addresses
1O. Owner, manager, person in charge
The Data Controller is Geo Seed Srl
It is located in Italy
with registered and operational headquarters in: Grinzano di Cervere (CN) Via Maestra 25
The updated list of data processors and persons in charge of processing is kept at the registered office of the Data Controller.
Appendix 1
- More details on third-party cookies
The management of the information collected by "third parties" is governed by the relevant information to which reference should be made. Third parties can make use of profiling cookies.
To ensure greater transparency and convenience, the web addresses of the various information and methods for managing cookies are shown below.
Facebook information: https://www.facebook.com/help/cookies/
Facebook (configuration): log into your account. Privacy section.
Twitter information: https://support.twitter.com/articles/20170514
Twitter (configuration): https://twitter.com/settings/security
Linkedin information: https://www.linkedin.com/legal/cookie-policy
Linkedin (configuration): https://www.linkedin.com/settings/
Google+ information: http://www.google.it/intl/it/policies/technologies/cookies/
Google+ (configuration): http://www.google.it/intl/it/policies/technologies/managing/
Sharethis - plugin for social media buttons, information: http://www.sharethis.com/legal/privacy/
Google Analytics - Web traffic analysis service provided by Google, Inc. ("Google"). Also in this case these are third-party cookies collected and managed anonymously to monitor and improve the performance of the host site (performance cookies). Google Analytics uses "cookies" to collect and analyze anonymous information on the behavior of use of websites (including the user's IP address). This information is collected by Google Analytics, which processes it in order to compile statistical reports. This site does not allow third parties to use the Google analysis tool to monitor or collect personally identifiable information. Google may also communicate this information to third parties where this is required by law or where such third parties process the aforementioned information on behalf of Google. For more information, please refer to the link: https://www.google.it/policies/privacy/partners/ . The user can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on his browser. To disable the action of Google Analytics, please refer to the link: https://tools.google.com/dlpage/gaoptout
Youtube video - movies: http://www.google.it/intl/it/policies/privacy/
For more information on profiling cookies relating to behavioral advertising, and their possible deactivation, please visit the page http://www.youronlinechoices.eu (to start choose the language, for example Italy = Italian).
- Management of cookies (enabling and disabling)
The user can decide whether or not to accept cookies using the settings on his browser. Attention: the total or partial disabling of technical cookies can compromise the use of the site features reserved for registered users. On the contrary, the usability of public content is also possible by completely disabling cookies. Disabling "third party" cookies does not in any way affect the navigability but could reduce the services offered (for example the buttons of the "share" of social media). The setting can be defined specifically for different websites and web applications. In addition, the best browsers allow you to define different settings for "proprietary" and "third party" cookies. You can avoid certain cookies by configuring your browser settings or by directly deactivating the part that manages and controls cookies. Here's how to proceed for the main browsers:
All other browsers
For information on how to manage cookies through other browsers, consult your documentation or online help files.