Privacy Policy on the Processing of Personal Data
Pursuant to Article 13 of Regulation 2016/679 (also known as GDPR) on the protection of personal data, and in relation to your personal data, their processing will be carried out by the Data Controller, Envirem S.r.l. a socio unico (hereinafter referred to as the “Controller”), in accordance with the principles of fairness, lawfulness, and transparency, as well as in compliance with your privacy and rights. In this regard, we inform you of the following:
a) Identity and Contact Details of the Data Controller
The Data Controller is Envirem S.r.l. a socio unico, with its registered office at Via Dante Alighieri, 11, 40055 CASTENASO (BO), hereinafter referred to as the “Controller”.
The contact email address is: info@envirem.it.
b) Purpose and Legal Basis for Processing, and Obligation or Option to Provide Data
Your data may be processed for the following purposes:
1. Contractual, legal, and internal administrative purposes.
• To enter into a contract and fulfill contractual and pre-contractual obligations, such as economic and financial assessments, requests for documentation proving compliance with specific requirements, or fulfilling your specific requests before contract finalization.
• To perform services agreed upon in the contract, including financial obligations related to banking or other financial institutions, post-sale support, credit recovery, and general legal protection.
The legal basis for processing personal data for this purpose is Article 6.1.b of the GDPR (performance of a contract or pre-contractual measures), and your consent is not required.
• To comply with legal obligations towards public authorities, including anti-money laundering and anti-mafia regulations, as well as corporate and tax accounting, such as bookkeeping, financial reporting, and obligations required by authorized regulatory bodies.
The legal basis for processing personal data for this purpose is Article 6.1.c of the GDPR (legal obligation), and your consent is not required.
• To conduct administrative, financial, and accounting operations necessary for contract execution, internal business organization, credit management, accounting, and potential legal disputes.
The legal basis for processing personal data for this purpose is Article 6.1.f of the GDPR (legitimate interest), which is necessary for the proper functioning of internal organization, core business activities, and statutory obligations.
Providing your data for the above purposes (a, b, c) is optional; however, failure to provide them will make it impossible to execute the contract or provide the requested services.
c) Data Processing Methods and Retention Period
Personal data will be processed both electronically and manually using appropriate security measures to protect against destruction, loss, alteration, unauthorized disclosure, or access.
Data will be stored in compliance with civil and tax regulations and for the time necessary to achieve the purposes for which they were collected, unless additional storage is required by law. After this period, the data will be deleted or anonymized.
d) Recipients of Personal Data – Entities with Access to Data
To fulfill the above-mentioned purposes, your data may be disclosed to:
• Our employees and collaborators in the commercial, marketing, administrative, and technical departments, acting under our authority and authorized to process the data;
• Companies within our corporate group, including parent, subsidiary, or affiliated companies under Article 2359 of the Italian Civil Code, as well as companies in consortiums, business networks, or temporary joint ventures;
• Entities necessary for contract execution or pre-contractual requests (e.g., banking, credit, and insurance institutions, factoring companies, credit purchasers, commercial information providers, postal service providers), as well as legal firms for the Controller’s legal protection;
• Third parties acquiring credits, such as factoring companies, financial institutions, and intermediaries;
• Third-party service providers performing administrative, accounting, tax, auditing, IT management, debt collection, and mass archiving services on our behalf. These third parties act as Data Processors under Article 28 of the GDPR;
• Public authorities, security agencies, and regulatory bodies authorized by law to access the data.
Your data will not be disseminated or made available to unspecified third parties.
e) Your Rights
Under the GDPR, you have the following rights regarding your personal data, which you may exercise within the limits and in accordance with legal requirements:
• Right of access to your personal data (Article 15);
• Right to rectification (Article 16);
• Right to erasure (“right to be forgotten”) (Article 17);
• Right to restrict processing (Article 18);
• Right to data portability (Article 20);
• Right to object to processing (Article 21);
• Right not to be subject to automated decision-making (Article 22);
• Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent given before withdrawal (Article 7.3).
You may exercise these rights by submitting a written request to the Data Controller at the postal or email address provided in section a. Additionally, you have:
• The right to contact the Data Controller for any matters concerning your personal data processing and to exercise the rights granted by the GDPR. The Controller can be contacted as indicated in section a.
• The right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) if you believe that your data processing violates applicable regulations (Article 77), or to take legal action (Article 79).