Consent Supplier and Customer Personal Data Processing

(UE law 2016/679)

MICHELAZZO PAOLO, CEO of company MIXER SRL, with headquarter in VIA DEL LAVORO, 25 – 36047 MONTEGALDA – VICENZA (hereafter referred to as “the Controller”), in accordance with art. 13 of UE Regulation n. 2016/679 (hereinafter the “GDPR”) (hereafter referred to as “Privacy Code”) informs that your data will be processed with the following modalities:

1. Object of the processing

The Controller processes personal and identity data (such as name, surname, society denomination, address, phone number, e-mail, bank and payment reference codes), hereafter referreas “personal data” or just “data”) that you provide when you sign contracts of service with the Controller.

2. Purpose of the processing

You personal data will be treated:

A. without your explicit consent (art. 24 letters a), b), c) of the Privacy Code and art. 6 letters b), e) GDPR) for the following Service modalities:
• signature of contracts for services provided by the Controller;
• comply with pre-contractual, contractual and fiscal obligations deriving from existing relationships with you;
• comply with legal obligations or those deriving from regulations, from EU legislation or from Authority prescription (such as anti- money laundering);
• avail the Controller’s rights such as the right to defence in court;

B. Only by previous specific and direct consent (art. 23 and 130 of the Privacy Code and art .7 of GDPR) for the following marketing purposes:

• Sending of email/postal/texting/telephone newsletters, commercial communications, advertisements on products or services offered by the Controller and monitoring of satisfaction about the quality of the provided services;

We highlight that if you are already our customers, we may send you commercial communications referring to Controller’s services or products similar to those already provided to you, except you disagree to this (art. 130 par. 4 Privacy Code).

3. Processing modality

The treatment of your personal data is carried out through the operations as specified in art. 4 of the Privacy Code and art. 4 n. 2) of the GDPR, and precisely: reception, recording, organization, storage, recall, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Your personal data are processed both electronically and on paper.

The Controller will process personal data for the time necessary to pursue the above mentioned purposes and in any case not beyond 10 years from the ceasing of the relationship deriving from the service purposes with administrative, commercial, marketing and technical purposes.

4. Access to data

Your data may be disclosed for the purposes mentioned in art. 2.A) and 2.B) to:
• Personnel and collaborators of the Controller as internal processors or recipients or system administrators;

5. Communication of data

Without your explicit consent, according to art. 24 letters a), b), d) of the Privacy Code and art. 6 letters b) and c) of the GDPR, the Controller may disclose your data for the purposes mentioned in art. 2.A) to Surveillance Authorities (ex. IVASS), Judicial Authorities, Insurance Companies for the provision of insurance services, Subjects to whom such communication is compulsory by law in relation to the above mentioned purposes.
The above mentioned subjects will process data as autonomous Controllers.
Your data will not be made public.

6. Data transfer

Personal data are stored on servers located within the company headquarter in VIA DEL LAVORO, 25 – 36047 MONTEGALDA (VI), ITALIA, within the European Union. It is in any case understood that the Controller, where it become necessary, will be free to move the serves even outside the EU. In that case, the Controller assures that the transfer of date outside the EU will be done in accordance with the applicable laws, following the signing of standard contractual clauses provided by the European Commission.

7. Data provision Origin and Consequences of provision refusal

The provision of data is compulsory for the purposes mentioned in art. 2.A). The refusal to provide data prevents the provision of services mentioned in art. 2.A).
The provision of data for the purposes mentioned in art. 2.B) is optional. You may decide not to provide any data or to withdraw consent to process data that you already provided at a later time: in this case, you will not be enabled to receive newsletters, commercial communications and advertisements regarding the services offered by the Controller. You will still be entitled to the services mentioned in art. 2.A).

8. Rights of the data subject

As a data subject, you have the rights listed in art. 7 of the Privacy Code and art. 15 of the GDPR, and precisely the right to:
i. Obtain a confirmation that personal data regarding you are being held or not, even if not yet registered, and their communication in an intelligible way;

ii. Obtain indications about: a) the origin of personal data; b) the purposes and modalities of the processing; c) the procedures applied in case of electronic processing; d) the identification data of the Controller, of the processors and of the representative according to art. 5, par. 2 of the Privacy Code and Art. 3, par. 1, of the GDPR; e) of the subjects and subject categories to whom personal data may be disclosed or that may receive them as representative in the territory of the State, of processors or recipients;

iii. Obtain: a) the updating, the rectification or, if desired, the integration of data; b) erasure, anonymization or block of data processed in an unlawful way, including those for which filing is not necessary for the stated purposes; c) proof that the operations mentioned in letters a) and b) have been communicated to any third party recipients, except in the case in which it is impossible or disproportionately too complex to perform in relation to the right under consideration;

iv. Oppose, totally or partially: a) for legitimate reasons to the processing of your personal data, even if related to the purpose of processing; b) to the processing of your personal data for the purpose of sending advertising material, or direct sale, or marketing analysis or communication, by means of automated calling systems without a human operator, email or conventional marketing procedures by telephone or paper mail. We underline that the subject’s right to opposition, as previously stated, to direct marketing purposes by automated means is extended to the conventional ones, and that the subject may always request a partial opposition. Therefore, the subject may decide to receive communication only through conventional modalities or only through automated modalities or none of the above.

Where applicable, the subject has also the rights stated in art. 16-21 of the GDPR (right to rectification, right to erasure, right to restriction of processing, right to data portability and right to object), in addition to the right to appeal to the Supervisory Authority, with headquarter in PALAZZO MONTE CITORIO, 121, – ROMA.

9. Modalities of exercise of rights

You may exercise your rights at any moment by sending:
– Registered mail with acknowledgement of receipt to MIXER SRL, VIA DEL LAVORO, 25 – 36047 MONTEGALDA (VI)
– Email to mixerit@legalmail.it

11. Controller, processor

The Controller of data processing is MIXER SRL, with headquarter in VIA DEL LAVORO 25, 36047 MONTEGALDA – VICENZA – ITALY.
An updated list of processors is kept at the Controller’s headquarters.