European Regulation 2016/679 (hereinafter, "GDPR")
Subject matter of the processing
The Controller processes the personal, identifying, and non-sensitive data (including but not limited to, contact details, such as name, surname, company name, tax identification number, VAT number, e-mail, mailing address, telephone number, account registration and profile information, such as date of birth, and gender – hereinafter, the “personal data” or also the “data”) that you have provided or otherwise communicated to us, whether upon the request for information about the products or services offered by the Controller, through the compilation of the contact form on our Website, through events and registration forms, event related apps or through any other means.
The data are to be processed for purposes related to the performance of the following formalities, in relation to legislative or contractual obligations and for other purposes:
- Provision of products and services, and maintenance, processing, and servicing of accounts and orders (“Service Purposes”);
- Web Shop order information;
- Marketing and advertising of the Controller’s products and services (“Marketing Purposes”);
- Mandatory legal compliance formalities regarding taxation and accounting;
- Management of customers and suppliers;
- Planning of activity;
- Historical records on customer and supplier invoicing;
- Post-sale assistance;
- Management of disputes;
- Credit recovery activities;
- Quality management;
- Measurement of customer satisfaction;
- Communication of new services and/or products offered by the Controller.
The processing of the data for the fulfilment of such obligations is necessary for proper management of the relationship, and the submission of the data is mandatory for achieving the purposes indicated above. Any non-communication or erroneous communication of one of the mandatory data elements may entail the Controller’s impossibility to ensure the consistency of the processing.
Processing: procedures and methods
The processing of your personal data is done in accordance with the GDPR and may consist of the following activities:
- the collection, recording, organization, storage, consultation, electronic processing, modification, selection, retrieval, alignment, usage, combination, blocking, communication, erasure, and destruction of the data.
Your personal data are subject to paper and electronic processing. The Controller will process and store the personal data only for the time necessary for fulfilling the purposes set forth above, and in any event, for no more than 10 years from the termination of the relationship for Service Purposes. All processing will be done in compliance with the procedures and methods set forth in the GDPR, and through the adoption of the appropriate security measures contemplated.
The data will be processed only by personnel expressly authorized by the Controller and by external parties expressly commissioned by the Controller of the processing. The personal data are processed with automated means strictly for the time needed to achieve the purposes for which the data have been collected. Specific security measures are maintained to prevent the loss of the data, illegal or improper uses of the data, and unauthorized access to the data.
Access to the data
For the purposes set forth in the section entitled “Purposes”, the data may be made accessible:
- to the Controller’s employees and consultants, in their role as persons in charge and/or internal processors and/or system administrators;
- to the Controller’s partners or suppliers (for example, for activities relating to the technical management of the services, for the storage of the personal data, etc.) or third parties (for example, providers for web-site management and maintenance, suppliers, credit institutions, professional firms, etc.) that carry out activities under outsourcing arrangements for the account of the Controller, as external processors.
Communication to third parties
- Consulting firms, regarding accounting, administrative, tax matters;
- Nominated dealer, with your consent, to process you order through the Web Shop;
- Companies managing information technology (IT) systems;
- Consultants and freelance professionals, including in the form of partnerships;
- Banks and credit institutions;
- Other public and/or private parties with your consent, or for whom communication of the data is mandatory or necessary for compliance with the law, to establish or exercise our legal rights (including to assert and defend against legal claims, or if we believe such communication or disclosure is necessary to investigate, prevent, or take other action regarding actual or suspected illegal or fraudulent activities or potential threats to the safety or well-being of any person), in the event that the Controller is sold, merged, or otherwise transferred to another entity, or is nonetheless functional to the administration of the relationship.
The personal data will be managed and stored on servers located in the European Union operated by the Controller and/or third-parties commissioned and duly appointed as Processors.
The servers are currently located in Germany.
The data will not be transferred outside of the European Union.
In addition, it remains understood that, if deemed necessary, the Controller shall also have the option of moving the location of the servers in Italy and/or in the EEA and/or in non-EEA countries. In any such case, the Controller hereby ensures that the transfer of the data to a location outside of the European Union will be done in accordance with the provisions of applicable laws, signing, if necessary, agreements that will ensure a level of adequate protection and/or adopting the standard contractual clauses provided by the European Commission.
Data supplied by the user
The optional, explicit, and voluntary sending of electronic mail to the address indicated on this Website entails the subsequent acquisition of the sender’s address necessary for responding to requests, as well as any other personal data included in the electronic mail message. Specific summary information will be regularly reported or displayed on the pages of the site prepared for particular services on request.
Optional nature of the conferral of the data
The user has the option of providing the personal data required for sending informational material, except as necessary for navigation. However, the user’s failure to provide the data may make it impossible for the user to obtain what has been requested.
Rights of the Data Subject
As the Data Subject, you have certain rights under the GDPR, and precisely, the right:
- to obtain the confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and the communication of the data in an intelligible form;
- to obtain the indication of:
- a) the origin of the personal data;
- b) the purposes and means of the processing;
- c) the logic applied in the event of processing effected with the aid of electronic means;
- d) the data identifying the controller, the processors and the designated representative;
- e)the persons or the categories of persons to whom the personal data may be communicated or who may obtain knowledge of the personal data in their role as the designated representative in the State territory, the processors or persons in charge;
- to obtain:
- a) the updating, the rectification or, if applicable, the supplementation of the data;
- b) the cancellation, the transformation into anonymous form, or the blocking of the data processed in violation of law, including those data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
- c) the certification that the procedures referenced in letters a) and b) have been made known, including with regard to their content, to the persons to whom the data have been communicated or distributed, except in the case in which such compliance proves to be impossible or entails a manifestly disproportionate use of resources with respect to the protected right;
- to object, in whole or in part:
- a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose for which the data were collected;
- b) to the processing of your personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator, by email and / or through traditional marketing methods by telephone and / or paper mail.
It should be noted that the Data Subject’s right to object, as set out in the preceding point b), to the purpose of direct marketing through automated methods extends to traditional methods, and that, in any case, the possibility remains for the Data Subject to exercise the right to object even only partially; therefore, the Data Subject can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
Where applicable, the Data Subject may also have the right to rectification, right to erasure, right of restriction of processing, right to data portability, and right to object to processing. To exercise any of your rights in this paragraph, please write to us or send us an email using the contact information below. Please remember that if you delete or limit the use of your personal data, you may not be able to use the services provided through the Website.
The Controller’s sites and services are not targeted to persons under the age of 18, and the Controller does not intentionally collect personal information referring to minors. Should information on minors be involuntarily registered, the Controller shall promptly cancel such information at the request of the users.
Questions and Contact Information
Via e-mail, at the following address: firstname.lastname@example.org
Via return-receipt, registered letter, at the following address:
Hu-Friedy Mfg. Co., LLC
European Headquarters | Lyoner Straße 9 | 60528 Frankfurt/Main
The Hessian Commissioner for Data Protection and Freedom of Information
PO Box 3163
Telephone: +49 611 1408 - 0
Fax: +49 611 1408 – 900
Last updated: 27 February 2019