Data privacy is of high importance for Zoo Assets S.r.l. and we want to be open and transparent with our processing of your personal data. We therefore have a policy setting out how your personal data will be processed and protected in full compliance with the EU Regulation n. 679/2016.
We invite you to read this notice, and give your consent to the processing of personal data for the purposes indicated therein.
1. Data Controller
The Data Controller is ZOO ASSETS S.R.L., P.IVA 02139000208, with registered office in Via Guelfa n. 76 – 40138 Bologna – Bo – Italy, in the person of its current legal representative. Within our company, data may be known only by specifically appointed delegates such as employees or commercial agents. We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of Zoo Assets services, such as e.g. accounting firms, IT managers, suppliers, outsources.
The Data Controller’s contact information are as follows: Secreterial and Administration Office ZOO ASSETS srl, Via Guelfa 76 – 40138 Bologna – Bo – Italy, tel. 051.533525 fax 051.534291, firstname.lastname@example.org; email@example.com.
2. Information We Collect
In the context of our contractual relationship, Zoo Assets S.r.l. will process some of your personal details, including: postal address, fiscal code, P.IVA, images depicting the status of places, personal images, corporate or personal videos.
Personal data are processed with the explicit consent of the data subject.
3. Legal Basis and Purpose of the Processing
We will process your personal data:
– for contractual, commercial, administrative, accounting and statistical purposes and for the establishment of ordinary commercial contacts;
– for marketing purposes (brochure, posters or flyers, website);
– to comply with a legal obligation to which the controller is subject;
– to manage the relationships with vendors, sales agents and contractors;
– to manage business relationships where it is necessary for the performance of a contract or for compliance with a legal obligation to which the controller is subject;
– to ensure the protection of rights and duties arising from a contract to which the data subject is party;
– to conduct internal statistical analysis;
– to use your personal data for marketing purposes or to involve you in other commercial or promotional campaigns relating to products and services offered by Zoo Assets S.r.l. or to products and services in some way similar to those object of the contractual relationship.
This list is intended to be illustrative and not limiting. However, any processing of personal data are carried out in accordance with the EU Regulation.
Legal Basis of The Processing. The Processing is based on the consent or on the contract to which the data subject is party.
4. Recipients of Your Personal Data
In relation to the purposes referenced in point 3, your personal data may be known and processed by:
– Companies, contractors and service providers, third parties to whom the Data Controller has entrusted specific activities connected and instrumental to the processing or the supply of provided services;
– Banking institutions for the management of receipts and payments;
– Financial administrations and other establishments or public agencies in order to fulfil legal obligations;
– Law firms, Accounting firms, job agency consultants, professionals and consultants (Marketing, production, sales), factoring companies, debt collection agencies, insurance companies;
– Business agents and project brokers.
Currently, personal data are carried out by employees and collaborators of the Data Controller expressly appointed as persons in charge of processing or data processors such as: sales agents; IT support (Infotrek); service providers (NTS per gestionale, Studio Commercialista Gualandi, Studio Legale Barducci, studio Montanari Tommasi, employment consultant, debt collection agency, Cribis, logistic services, Data Analysis laboratory, Chelab, Mancinelli, Usarci, quality adviser, Studio Trucco).
5. How We Use Your Information
We process your personal data on paper or electronic form and enter your data into relevant databases that may be accessed – hence your data be disclosed to – our employees and other authorised individuals who may consult, use, process the data as well as carry out any other appropriate action, including using automated means, always in compliance with legal requirements and in relation to the purposes for which the data is collected and used, as stated above (see point 3).
All types of personal data processing are carried out in such a way to guarantee integrity, confidentiality and availability of personal data.
Personal Data are processed in accordance with art. 5 of the EU Reg. 679/16 and therefore:
– processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
– collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
– adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
– accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
– kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
– processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
6. Data Retention
The personal information will be retained for the entire period of validity of the contractual relationship and/or for the time period necessary to fulfill our obligations to the data subject, and for the purposes of satisfying any legal, accounting, or reporting requirements.
7. Data Subject Rights
Every data subject shall have the right to lodge a complaint with the competent supervisory authority and to exercise the rights of a data subject under the GDPR (EU Regulation 2016/79) as indicated below:
– Art. 15 – Right of access by the data subject _ The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and to the personal information.
– Art. 16 – Right to Rectification_ The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
– Art. 17 – Right to erasure (‘right to be forgotten’)_ The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay when the data subjet has requeste the erasure.
– Art. 18 – Right to restriction of processing. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
– Art. 20 – Right to data portability. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: (a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is carried out by automated means. 2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
– Art. 21 – Right to object_The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
– Art. 22 – Automated individual decision-making, including profiling_The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
The rights set out above can be exercised in writing by sending an email to: firstname.lastname@example.org.