ASTRA VERNICI S.r.l. takes in high respect the privacy of the users (customers, suppliers, consultants, institutions, third parties, employees, etc.) and undertakes to protect the personal data on the basis of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Your personal data is recorded in our database and IT system, in relation to our activity. According to the said legislation, it is not necessary for you to express your agreement for your data to keep on being registered in our database, as this is the legitimate interest of the processing itself.
ASTRA VERNICI S.r.l. guarantees each individual to express his rights:
• to access the personal data;
• to obtain the correction or cancellation or the limitation of the treatment related to him;
• to oppose the treatment;
• data portability;
• to revoke the consent, where provided the withdrawal of consent does not affect the lawfulness of the treatment based on the consent granted before the revocation;
• propose a complaint to the supervisory authority (Data Protection Authority).
The rights can be exercised by sending a request to the email address: firstname.lastname@example.org as specified in the chapter 15) below
It also makes the user aware of his rights related to the privacy and the protection offered by the legal system.
We ask the user to carefully read these privacy rules to be informed about the use of his personal data on our part.
For any questions or use of a right related to privacy, please follow the instructions indicated at chapter 15).
In these document we refer to "ASTRA VERNICI S.R.L.", "we" or "us" to indicate ASTRA VERNICI S.R.L. responsible for the processing of user data.
2. Data controller
The holder of the data processing carried out by or on behalf of ASTRA VERNICI S.R.L. is ASTRA VERNICI S.R.L. - Via Dell'Industria, 4 - 24052 Azzano San Paolo (Bergamo) - Italy, in the person of the managing Director Mr. Gianfranco Oberti.
Treatment Managers have also been appointed.
The complete and updated list of data processors can be requested by sending an express request to the e-mail address: email@example.com.
3. Institutional website
Our website www.astravernici.it is meant to be a presentation of our company and our products.
The use of the website is free for everyone and we do not track or collect data during the browsing.
ASTRA VERNICI S.R.L. is the data controller of this site and the processing of any personal data made by or on behalf of ASTRA VERNICI S.R.L.
4. Personal data that we can collect
Personal data, or personal information, is information related to any subject from which one can profile him and derive its identity. The anonymous data is therefore excluded in such case.
We collect a series of information about our customers / suppliers. These personal data are attributable to the following categories.
• Contact details: company details, zip code, telephone numbers, e-mail addresses, billing addresses.
• User identification codes or keys.
• Data relating to personal features: date of birth, tax code, gender, nationality.
• Identification data: given name, family name and if the user interacts with us via social media, this category of data also includes the username used on said social media
• Transaction data: includes information relating to payments by the user and in his favour as well as additional information relating to products and services purchased by us.
We do not collect sensitive data (they include data revealing racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, health status information, and genetic and biometric data). Furthermore, we do not collect the judicial data concerning the user.
5. How do we collection personal data
Normally, we use the direct interaction: the user decides to provide us with identification, contact and financial data by completing a form or by communicating said data by post, telephone, e-mail or via chat or social media.
This includes personal data provided by the user when he:
• Request an offer for one of our products;
• Submit requests or solicit the receipt of information;
• Requires an appointment / meeting / visit by a representative;
• Sends a resume to our email adress;
• Contacts us on social media;
• Signs up for our Newsletter;
6. How we use the user's personal data
We use personal data within the limits set by law. In general, we use personal data in the following circumstances:
• To execute a contract that is being concluded or already concluded with the user. For example, issue a delivery note or an invoice of our products or for a service given to the user.
• If it is necessary to pursue our legitimate interests (or those of third parties) provided that the interests and fundamental rights of the user do not prevail over them. • Should we comply with obligations imposed by laws or regulations.
In general, the legal basis on which we base the processing of personal data of the user does not include the consent of the same except where expressly provided for by law, for example for sending certain direct marketing communications. In cases where the legal basis is based on consent, the user has the right to withdraw consent at any time.
For more information please compare the legal bases on which we base ourselves for the processing of personal data with the legal basis on which we base the processing of personal data.
7. The legal bases on which we rely for the processing of personal data
The user must be aware of the fact that we may process his personal data based on different legal bases depending on the specific purpose of using the data. Our decision-making process is not automated. We invite the user to ask any questions about it. See section 16
8. Advertising, marketing and user preferences in communications
In case of specific permission, we could use direct marketing strategies through e-mail, telephone, SMS or mail. For example, the user could receive our newsletter via e-mail. We’ll make every effort to ensure that our site always clearly communicates our activities and the meaning of messages we want to delivered to the user, both when the user himself decides to receive our newsletter or when filling out the contact form. The user can change his mind at any time and decide to unsubscribe.
10. Disclosure of personal data
Your personal data will not be shared with third parties, except with external auditors and professional consultants such as bank, legal, accounting and insurance consultants and administrative, regulatory and law enforcement agencies.
Furthermore, if the activity for which it was requested to request the intervention of an external inspector or collaborator, the data could be shared with the last. We require all third parties to respect the security of the user's personal data and to manage them in accordance with the current legislation. We do not allow third party service providers to use your personal data for their specific purposes, but we only allow them to process your personal data for the specified purposes and in accordance with our instructions.
11. Data security
We have established appropriate security measures to prevent the accidental loss of your personal data, as well as their use or access by unauthorized parties, their alteration or dissemination. Furthermore, access to personal data of the user is limited to our collaborators and other third parties who, for reasons connected with the business only, must necessarily know. The user's personal data will be processed exclusively upon our instructions and these subjects are bound by the obligation of confidentiality.
We have set up procedures for the management of any personal data breaches and will take care to communicate such violations to you and to any supervisory authority if required by law.
12. Third party links
13. Data retention
We will keep your personal data only for the time necessary to fulfil the purposes for which the data were collected, including the purposes related to the satisfaction of any legal, accounting or reporting obligation.
To determine the correct retention period of personal data, we consider the quantity, nature and degree of sensitivity of personal data, the potential risk related to possible damages due to unauthorized use or for the diffusion of personal data of the user, the purposes for which the treatment and the possible existence of alternatives take place, together with the applicable legal obligations.
In certain circumstances, the user can ask us to delete data concerning him. For more information, see the "Rights guaranteed by law" section below at chapter 14)
14. Rights guaranteed by the law
The European Regulation on the personal data protection is applied to the user who is the owner of the rights ensured by the privacy protection legislation in relation to his personal data.
• Right to information - we have the obligation to inform you about the use of your personal data on our part (obligation that we are fulfilling with these privacy information and regulation);
• Right of access - right to submit a "request for data access by the interested party" to obtain a copy of the personal data of the interested subject filed by ASTRA VERNICI S.R.L.;
• Right of modification - right to demand correction of personal data if they are incomplete or incorrect;
• Right of cancellation - also known as "right to be forgotten" when, under certain circumstances, the user can request to delete personal data concerning him (provided there is no provision for their maintenance and which prevails over the request);
• Right to limit the processing - right to request, in certain circumstances, the suspension of the processing of personal data;
• Right to portability - the right to request a copy of the user's personal data in a commonly used format (for example a “.csv” file)
• Right of opposition - right to object to the processing of personal data of the user (for example, if the user does not allow the processing of data for direct marketing purposes);
These rights are subject to certain rules that determine their exercise. For more information, you can consult the Guide to the application of the European Regulation on the protection of personal data.
There are no costs for access to the user's personal data (or for the exercise of the rights). Nevertheless, we reserve the right to apply substantial costs if the request is clearly unsupported, repetitive or excessive. Alternatively, and under these circumstances, we may refuse to comply with the user's request. We may request the user specific information to help us to confirm his identity and to ensure the correct access to your personal data (or to exercise any of your rights). This security measures are necessary to ensure that personal data are not disclosed to any third party that does not have the right to receive them. We may also contact you to request additional information related to your request to speed up the process.
We’ll do our best to reply to all legitimate requests within 2 working weeks. Sometimes, it may take longer if the request is particularly complex or the user has submitted numerous requests. In these cases, it will be our concern to communicate the timing to the user and keep it updated.
If the user has further questions relating to these privacy regulations or intends to submit a request to exercise one of the rights guaranteed by law, he can contact the RDP Working Group through the contact information in section 15 "How to contact ASTRA VERNICI SRL" for privacy questions.
15. How to contact ASTRA VERNICI S.R.L. for questions and to express the privacy rights
For any questions related to the privacy regulations, or if you intend to exercise any of your rights, you can contact us as follows:
or via written request to the address:
ASTRA VERNICI S.R.L.
Via Dell'Industria, 4
24052 Azzano San Paolo (BG)