Privacy Policy & General Data Protection Regulation (GDPR)

PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679

The Data Controller
A.T.I.B. S.r.l.
Via Quinzanese snc, 25020 Dello (BS)
Phone: (+39) 030 9771711
Mail: info@atib.com

Purposes of Processing
By means of this information notice (“Notice”), the Data Controller, as defined below, wishes to inform you on the purposes and methods of the processing of your personal data and on the rights that Regulation (UE) 2016/679 on the protection of natural persons with regard to the processing of personal
data and on the free movement of such data (“GDPR”) entrust you.

This Notice pertains exclusively to the data processing performed within the website www.atib.com (the “Website”); any third-party website accessible by the data subject via links remains subjects to the privacy policy provided by the website manager of the relevant website. We recommend data
subjects to inspect those documents before browsing on third-party websites.

Which personal data we process

Specific requests
Pursuant to a specific request by you, and for the purposes set below this Notice, the Data Controller processes the following personal data: common
data and contact details, such as the name, surname, job title, customer code, customer name, e-mail address and other addresses, costumer code.
Cookies
In some cases, personal data are collected by A.T.I.B. S.r.l. with the use of different technologies, including that of “cookies”. Cookies are made up of a series
of data that a website sends to a “browser” (which could be your browser). Those information can then be stored on a computer (even your computer) through a tag that identifies the computer but not the user.

Methods by which your personal data will be processed
Your personal data will be processed, pursuant to the provisions of the GDPR, by means of paper, digital and electronic tools, for the purposes indicated above and with adequate methods to guarantee their security and confidentiality in accordance to Article 32 of the GDPR.

Legal basis of the processing
The legal basis for the processing is therefore the execution of your request, pursuant to Article 6, first paragraph, letter b), of the GDPR; therefore, your
consent is not necessary to allow the processing.

Legitimate interests pursued by the Data Controller
The legitimate interests pursued by the Data Controller in the processing of data is given by having to respect and honor the contractual obligations signed between the parties. The lawfulness of the processing is based on the consent manifestly expressed by the interested party, documented in writing.

Nature of the personal data processing and consequences of a refusal
The processing of your personal data is a mandatory requirement for the management of your request, and therefore if you refuse to provide the personal data requested as mandatory, A.T.I.B. S.r.l. will not be able to fulfil your request.

Disclosure of data to third parties
Your personal data will be disclosed to employees, external consultants and, in general, A.T.I.B. S.r.l. personnel, who will act as person authorized to the
processing of personal data, specifically appointed as internal delegates.
In addition, your personal data will be processed, inside and outside the European Economic Area, by the following third parties:

  • other companies of the Data Controller’s group;
  • service providers for the management of the IT system;
  • legal and consulting services providers;
  • public authorities;
  • other service providers.

Your personal data will not be disclosed to the public.

Data Retention
The Data Controller will process your personal data, for the purposes indicated above, only for the time necessary for the management of your request,
as well as for the fulfillment of any legal obligation provided by any applicable European and/or Member State’s laws and/or regulations.
Your personal data will be subsequently retained by the Data Controller for a period equal to 10 years and then deleted.

Existence of automated decision-making
There is no automated decision-making.

Security
The Data Controller has taken appropriate security measures to protect your data against the risk of loss, abuse or alteration.

Intention of the Data Controller to process personal data
The Data Controller will not transfer your personal data to a third country or to an international organisation.

Data Controller and Data Protection Officer
The Data Controller is: A.T.I.B. S.r.l. – Via Quinzanese snc, Dello (BS) – Phone: (+39) 030 9771711 – Fax: 030 9719432 – Mail: info@atib.srl – Pec: amministrazione.atib@securmail.eu.
The Data Protection Officer has not been designated.

Your rights as data subject
The interested party has the right to:

  • Managing your Information – Right of access – Article 15 of the GDPR: right to obtain from the data controller confirmation as to whether or not your
    personal data are being processed, and, where that is the case, access to the personal data and the following information (also by receiving a copy of the
    same):

    • the purposes of the processing;
    • categories of personal data concerned;
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed;
    • the envisaged period for which the personal data will be stored or the criteria used to determine such period;
    • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning
      the data subject or to object to such processing;
    • the right to lodge a complaint with the supervisory authority;
    • the source of the persona data, if not collected directly;
    • the existence of automated decision-making, including profiling;
  • Rectification of Inaccurate or Incomplete Information – Right of rectification – Article 16 of the GDPR: the right to obtain, without undue delay, the
    rectification of inaccurate personal data or the integration of the same;
  • Erasure – Right to erasure – Article of the 17 GDPR: the right to obtain from the controller the erasure of your personal data without undue delay, if:
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • you withdraw your consent, and there is no other legal basis for the processing;
    • you object to the processing of your personal data on legitimate grounds;
    • the personal data have been unlawfully processed;
    • the personal data have to be erased for compliance with a legal obligation;
    • the personal data have been collected in relation to the offer of information society services referred to in Article 8, first paragraph, of the GDPR. If you no longer want us to use your information, you can request that we erase your personal information. Please note that if you request the erasure of your personal data, we may retain and use your personal data to the extent necessary to comply with our legal obligations or for the performance of a duty carried out in the public interest or in the exercise of official authority vested in the Data Controller, or for the establishment, exercise or defense of legal claims. For example, we may keep some of your information for tax, legal reporting and auditing obligations.
  • Restriction of processing – Right to restriction on processing – Article 18 of the GDPR: right to obtain from the controller restriction of processing if:
    • the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
    • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
    • the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or
      defense of legal claims;
    • you have objected to processing pursuant to Article 21, first paragraph, of the GDPR pending the verification whether the legitimate grounds of the
      controller override yours.
  • Data Access and Portability – Right of portability – Article 20 of the GDPR: the right to receive, in a structured format, commonly used and readable by
    an automatic device the personal data concerning yourself provided to the Data Controller and the right to transmit the same to another data controller
    without impediment, if the processing is based on consent and is made with automated means. Furthermore, the right to obtain that your personal data
    are transmitted directly from the Data Controller to another data controller, if this is technically feasible;
  • Complaints – file a complaint to the competent data protection authority by sending a notice to the Data Protection Supervisory Authority of your
    Country of residence.

Managing your Information
With regard to the processing described in this Notice, you may exercise any of the rights described in this section in accordance with Articles 15 through
21 of the GDPR: Right of access – right to obtain from the data controller confirmation as to whether or not your personal data are being processed, and,
where that is the case, access to the personal data and the above information.
You can exercise your rights by writing to the following e-mail address:

info@atib.com
amministrazione.atib@securmail.eu

The full text of Regulation (EU) 2016/679 is available on the website www.garanteprivacy.it