EXTENDED INFORMATION PURSUANT TO ARTICLES 12, 13 AND, WHERE APPLICABLE, 14 OF THE GDPR – REGULATION (EU) 2016/679 ON THE PROTECTION OF NATURAL PERSONS WITH REGARD TO THE PROCESSING OF PERSONAL DATA (HEREINAFTER THE GDPR)
The data controller provides, below, the information pursuant to Articles 12, 13 and, where applicable, 14 of the GDPR regarding the processing of personal data provided by the Customer/data subject by completing and signing the Contract to purchase the products/services offered for sale by the data controller, by spontaneously uploading personal data to this website (in particular by filling out forms) or simply by browsing the site.
1. Data Controller and Contact Information
The data controller is ISEM s.r.l. with registered office in Argelato (BO), Via della Tecnica 20, VAT No. IT02266870183, Tax Code 02266870183, Tel. +39 0381 874711 info@isempackaginggroup.it, website https://www.isempackaginggroup.it/
2. Principles applicable to processing
In accordance with the GDPR, the data controller works consistently to ensure that personal data are:
processed lawfully, fairly, and in a transparent manner;
collected for specified, explicit, and legitimate purposes, and not further processed in a manner that is incompatible with those purposes;
adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
accurate and, where necessary, kept up to date;
kept for no longer than is necessary for the purposes for which they are processed;
Processed using appropriate technical and organizational measures to ensure their security;
Processed, if based on consent, by freely chosen decision of the Customer/Data Subject, on the basis of a request presented in a manner clearly distinguishable from other forms of processing, in an intelligible and easily accessible form, using clear and plain language.
The data controller adopts appropriate technical and organizational measures to ensure the protection of personal data by design and to guarantee that, by default, only data necessary for each specific processing purpose is processed.
The data controller collects and takes utmost account of the Customer/Data Subject’s suggestions, observations, and opinions sent to the contact details above, in order to implement a dynamic privacy management system that ensures effective protection of individuals with regard to the processing of their data.
This Privacy Policy may be subject to changes in line with developments in the relevant legislation and the technical and organizational measures adopted by the data controller. The Customer/Data Subject is therefore requested to periodically visit this section of the Site to review any updates and the Privacy Policy in effect from time to time.
3. Methods of Processing Personal Data
Personal data is processed manually and electronically, using methods strictly related to the purposes indicated below and, in any case, in a manner that guarantees the security and confidentiality of the data.
4. Purposes of Processing Personal Data
(4a) Purposes for which data processing is necessary
The personal data provided by the Customer/Data Subject are primarily processed for the performance of the Contract and credit management and, more generally, the relationship arising from the Contract itself.
The provision of data in the Contract or subsequently, during the contractual relationship, for the processing purposes in question is mandatory; Therefore, failure to provide such data, or the partial or inaccurate provision of such data, makes it impossible to enter into and/or execute the Contract and, for the Customer/Data Subject, to use the products/services offered by the Data Controller, potentially exposing the Customer/Data Subject to liability for breach of contract.
The personal data provided by the Customer/Data Subject may also be processed if this is necessary to comply with a legal obligation to which the Data Controller is subject, to protect the vital interests of the Customer/Data Subject or another natural person, to perform a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or to pursue the legitimate interests of the Data Controller or of third parties, provided that the interests or fundamental rights and freedoms of the Customer/Data Subject do not prevail. Even in these cases, the provision of data is mandatory and, therefore, failure to provide, partial or inaccurate data may expose the Customer/interested party to potential liability and sanctions under the legal system.
(4b) Further information