NORD OVEST SPA, Tax Code/VAT N. 00455030049, in the person of its Legal Representative, is the Data Controller of your personal data.
As interested party we inform you that:
The Data Controller’s registered office is in Via Motorizzazione n.19,21,29, 12100, Cuneo, CN, Italy.
Personal data are collected and processed by NORD OVEST SPA in an adequate, pertinent, legitimate, appropriate and transparent manner, for limited purposes.
The defined, explicit and legitimate collection and processing purposes are:
- Fulfilment of contract obligations;
- Fulfilment of accounting, administration and other obligations set by laws, regulations and circulars for tax purposes;
- Administration and accounting;
- Fulfilment of obligations set by national laws;
- Fulfilment of obligations set by EU laws, rules and regulations;
- Protection of the legitimate interest of the Data Controller or third parties, in a fair balance of the parties rights and as long as they override the interests, rights and freedoms of the Data Subjects;
|Personal data||Legal basis|
|(1) Corporate Name||
|(3) Email Address|
|(4) Copy of an identity document of the legal representative|
|(5) Payment details (IBAN)|
Should the Data Controller require to treat personal data for additional purposes other than those for which the data were collected, data subjects will be informed by integrating this policy or publishing a new edition of the information note.
In the event of additional processing of data for public interest, scientific or historic research, or for statistical purposes (guarantees and exceptions – art. 89), should communication to the data subjects be impossible or require a disproportional effort, the Data Controller may carry out the additional processing without notification until the information is made public, as long as appropriate measures are adopted to protect the rights, freedom and legitimate interests of the data subjects.
Personal data will be processed exclusively by authorised subjects, under the authority of the Data Controller and based on the regulatory principles and logical and technological security procedures (art 32, paragraph 4).
The Data Controller may transfer, transmit or communicate personal data only to the following categories of subjects (recipients):
|Inland Revenue Agency||Fulfilment of tax obligations|
|Customs Agency||Fulfilment of tax obligations|
|Insurance Companies||Fulfilment of contract obligations|
|Law Firms||Exercise of rights|
|Customs Agents/Customs Assistance Centre||Fulfilment of contract obligations|
|Shipping Companies||Fulfilment of contract obligations|
|Airlines||Fulfilment of contract obligations|
|Transport Companies||Fulfilment of contract obligations|
|Carriers||Fulfilment of contract obligations|
|Chamber of Commerce||Fulfilment of contract obligations|
|Local Health Service||Fulfilment of contract obligations|
|Credit Rating Agencies||Exercise of rights|
|ITC Providers||Fulfilment of contract obligations|
Third parties may process data as designated Data Processors (art. 28).
The Data Controller does not intend to disclose personal data to third-party countries or international organizations.
The data collected for the purposes mentioned in points 1), 2), 3), 4), 5) will be stored, as required by the law, for at least 10 years from the date in which they were last used for accountancy purposes. The Data Controller may extend the retention period beyond 10 years from the last time the data was used, to keep a comprehensive record of all company activities and provide proof in the event of tax, company or commercial disputes. The Data Controller may not extend the data processing period beyond the period of time required for the purposes for which the data were collected and processed.
Additionally, Data Subjects have the right to:
- access the personal data concerning them;
- request the rectification and erasure of their personal data;
- request to limit the purposes for which the Data Controller can process their data
- object to the processing;
- receive the personal data concerning them in order to transmit them to another Data Controller (data portability);
- revoke their consent to data processing when it is based on consent (art. 6, paragraph 1, letter a); art. 9, paragraph 2, letter a));
- complain with the Data Protection Authority;
- be informed as to whether the provision of their data is a legal or contractual obligation, or a necessary requirement.
Data are acquired directly from data subjects