INFORMATION ON THE PROCESSING
OF PERSONAL DATA
of the users visiting the websites of the Italian data protection authority
Reg. UE 679/2016
Pursuant to Article 13 of the EU Regulation 2016/679 (hereinafter GDPR), we inform you that our company processes your personal data in compliance with the principles of lawfulness, fairness and transparency. Personal data (will be processed for example: name/surname, tax code, tax data, contact details, billing address, etc.) is collected directly through our website directly from the data subject. Below we provide you the required information regarding the treatment.

Lawfulness of processing

We indicate below the purposes for which we process your personal data, indicating for each of these, the relevant legal bases (or conditions of lawfulness) as set out in art. 6 of the GDPR:
1 – PROCESSING NOT SUBJECT TO CONSENT

a) specifically functional activities to satisfy requests of information related to goods and/or services that are the typical object of our company’s activity, sent by the interested party either by e-mail or by filling in a special form. The legal basis for the processing of personal data for the abovementioned purposes is the executing pre-contractual measures undertaken at the request of the party concerned. (art. 6.1 letter b, GDPR)
b) activities related to the stipulation and execution of contract, to which you are or become a party, also in case of exchange of information at a distance, in the event of reached supply agreement (examples of activities are the acquisition of preliminary information to entering into a contract and/or the need to undertake contracts, management of the business correspondence, website’s registration). The legal basis for these purposes are performing a contract and pre-contract actions (art. 6.1 lettera b, GDPR);
c) activities that, related to the occurrence of the contractual/business relationship, are functional to the direct needs of the owner to guarantee the optimal management of the customers relationship. Included in these activities, by mere way of example and not limited to:
• the internal organization of the data management activities (including through CRM systems: customer relationship management; phone numbers; internal corporate communications; etc.) functional to the best management supplies of products and/or services;
• management of possible claims and controversies and possible assignments of credit claims
• process data for statistical purposes.
The legal basis for these purposes is to be found in the legitimate interest of the Owner (art. 6.1, lettera f, GDPR);

2 – PROCESSING SUBJECT TO CONSENT
– functional activities to send commercial information as newsletter (through e-mail and other communication system) , advertising, informative and promotional materials related to the products and/or services offered by our company. The legal basis is based on consent provision by the interested party (art. 6.1, lettera a, GDPR).
The processing covered by this Information notice do not use automated decision-making processes or forms of profiling.
With reference to the specific data processing related to the use of cookies: we inform you that this website does not use profiling cookies, but only technical cookies.

Term of conservation of data
The Owner will process personal data for the time necessary to fulfil the purposes for which they were collected pursuant to point 1 lettera a) above. Personal data are stored for a period of time compatible with the establishment of an efficient exchange of requests/information. Personal data is handled and stored for a period no longer than 6 months from the last communication (expect different times on base of the nature of the information required).
The data processed for the purposes referred to in point 1 letters b), and c) are kept until the end of the contractual relationship and also later for mandatory period for tax and administrative purposes, and until the statutes of limitation expire in order to be able to enforce any existing legal claims.
In the event that a dispute arises between the Owner/data controller and the data subject, the retention period will be extended for the entire duration of this dispute and for the 10 years following its definitive resolution (es. settlement agreements or a judgement that has become final).
Personal data processed according to the point 2, regarding the purposes for which such data have been collected, will cease after two years and however immediately upon request.

Optional/ obligatory nature of the provision of data:
As above mentioned, for the data processing according to the point 1, consent from data subject is not required.
In any case, the provision of data is mandatory to perform services and contractual requirements from the data subject, as well as to fulfill the consequent obligations established by law and regulations.
Any failure to provide the data or in any case the refusal to treat them in whole or in part will result in the impossibility of conducting contractual relations or follow-up on requests submitted.
The consent is instead required to process data specified in point 2 (such as sending commercial information and communications, including newsletter).
For this purpose, will be required an express consent through the subscription in the appropriate box in the dedicate website section (“Newletter Komet” “Subscribe”).
Please note that, the required consent and the processing data specified in point 2 are optional and will not be in any way prejudiced the possibility to receive commercial communications and eventual contract establishment.

Categories of personal data recipients
The data gathered by website are exclusively intended in dealing with information requests and will not be diffused or communicated to third parties, as well as the data processed to send commercial information and communications, including newsletter.
Your personal data may be communicated to external subjects whose assistance is necessary and functional to the provision of the purpose at point 1, specifically, data may be transmitted to the following categories of external parties:
• bodies, professionals, companies or other structures appointed by us in charge of processing related to the fulfilment of administrative, accounting and management obligations related to the ordinary conduct of our economic activity, also for purposes of credit recovery;
• suppliers of services for installation, assistance and maintenance of IT and telematic systems and systems and of all services functionally connected and necessary for the performance of the services covered by the contract.
In this case the involved subjects will act like independent owners or will be defined as “in charge of” or “appointed with” the processing.
Personal Data may also be processed by third parties – such as Komet staff – duly appointed by the owner as data processors. By accepting their nomination, these individuals are committed to confidentiality and have an appropriate legal obligation of confidentiality (for example, Company employees), as well as subjects in charge that have relevant instructions, with particular reference to safety measures, in order to guarantee data privacy and safety.

Data transfer
The personal data collected shall not be transferred to third countries located outside the European Union.
In the event that such a transfer must take place, the owner will provide adequate information and the transfer shall be carried out in accordance with the provisions of Chapter V of the GDPR.

Data processing methods
The data will be processed by electronics means, in compliance of all precautionary security measures and with the confidentiality foreseen by norms in force.
With reference to the sending of the newsletter: this will take place via automated tools simultaneously to all subscribed to the service by blocking of the email address of the third party (Bcc-blind carbon copy)
In any case, the personal data are protected by technical security measures, computer, organizational, logistical and procedural, against the risk of loss, even accidental, misuse, illegal and unauthorized access or treatment not allowed.

Subject’s rights and complaints to Garante Privacy.
Any data subject may exercise, at any time, all follows rights:
• Right of access by the data subject (Article 15 of the GDPR): at any time, you can contact us to confirm whether or not a personal data treatment is being processed for you and, if so, to obtain access and copy. You can get information regarding the origin of the data, the purposes of the processing, the categories of personal data processed, and other information. And also, the existence of an automated decision-making procedure, including profiling, including information about time and criteria of Data Retention;
• Right of rectification (Article 16 of the GDPR): you have the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you ;
• Right to cancel (Article 17 GDPR): you have the right to demand that the respective data be deleted immediately, provided that the conditions required by law exist;
• Right to restriction of processing (art.18 GDPR): you may have, provided that the conditions required by law exist, the right to obtain restriction of processing of the personal data concerning you (specially for complaint regarding the accuracy of the personal data, unlawful processing of data with opposition by the Data Subject to cancellation, exercise of a right in court, the opposition action during the period of the verification of prevalence of the owner legal reasons towards those of the interested party) ;
• Right to data portability (Art. 20 GDPR): you have the right to receive in a current, structured and machine-readable form the personal data that you have provided to the data controller and the right to transfer this data to another responsible party without obstruction by the owner. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
• Right of opposition (Art. 21 GDPR): you have the right to oppose processing data for reasons connected with your own particular situation; unless we can demonstrate compelling legitimate grounds for the processing, provided that the conditions required by law exist;
• Right to revoke the consent (art. 7.3 GDPR): you are entitled to revoke consent that you have issued for the processing of the data at any time, effective from that time. The revocation doesn’t prejudice the legality of the treatment carried out before the revocation itself.

The data subject can exercise his/her rights listed here below at any time by writing to the contacts of the owner provided on this information sheet and, if wished, follow the downloadable track from the Guarantor’s website at the link indicated below: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.
Finally, we inform you of your right to file a claim with a competent control authority whenever you consider it necessary or appropriate. Also in this case, you can follow the downloadable track from the Guarantor’s website at the link indicated below: https://www.garanteprivacy.it/en/home/docweb/-/docweb-display/docweb/9041356.
We remind you that the complaint may be lodged by the data subject to the Supervisory Authority of his/her place of residence or where he/she works or where the alleged breach occurred ( in compliance to art. 77.1 GDPR).

Owner
The owner of the data processing of this site is KOMET SRL, domiciled at the legal headquarters of Via dell’Artigianato n. 63 – 36070 Trissino (VI), c.f. P/Iva 02213310242, e-mail: privacy@kometsrl.it tel: 0445-490595.