DEAR CLIENT/SUPPLIER

As you are no doubt aware, art. 13 of the EU General Data Protection Regulation (GDPR) sets forth the obligation to inform the data subject, when his/her data are collected, of the essential elements of the processing carried out by the Data Controller. In this perspective, Gorent SpA is committed to guaranteeing the subject concerned that said processing shall be carried out in accordance with the principles of correctness, lawfulness and transparency and of protection of personal privacy and rights.

Pursuant to article 13 of the GDPR 2016/679, and in the light of the principles of transparency, intelligibility and accessibility set forth in art. 12 del GDPR, we are therefore pleased to provide you with the following summary information:

PROCESSING THIS DISCLOSURE REFERS TO 

Browsing of the Website – Management of Relations with Clients and Suppliers – Newsletters and Direct Marketing

CATEGORIES THE PROCESSING REGARDS

Clients, Suppliers, Consultants and self-employed professionals, both individually and collectively

DATA BANKS AND FIELDS PROCESSED

Website browsing data: IP addresses, type of browser used, operating system, domain name and website addresses from which internet was accessed, information on the pages visited by users (Clients/Suppliers, etc.) within the website, time of access, time spent on individual pages and other parameters regarding the operating system and IT environment of the user.

Clients and Suppliers: Bank data, Clients’ contact data, Clients’ identification details, Suppliers’ contact data, Suppliers’ identification details (also included in the aforementioned databanks are the personal data of the collaborators and /or consultants of Clients and Suppliers).

HOW DATA ARE PROCESSED

Data may be processed on paper or by electronic means, manually or by computer. Data may be collected directly from you, or acquired from public registers, lists, deeds or document that may be consulted by anyone, within the limits and in the ways established by the pertinent regulations.

PURPOSE OF DATA PROCESSING

– Browsing of the Website

The IT systems and software procedures designated for the operation of this website acquire, during the course of their normal operation, certain personal data, the transmission of which is implicit in the use of Internet protocols. This data category includes: IP addresses, type of browser used, operating system, domain name and website addresses from which internet was accessed, information on the pages visited by users (Clients/Suppliers, etc.) within the website, time of access, time spent on individual pages and other parameters regarding the operating system and IT environment of the user. This data is used only in order to gather statistical information on an anonymous basis regarding the use of the site and in order to check that it is working correctly. In any case, please see the separate cookie disclosure.

– Management of Relations with Clients and Suppliers

This regards the personal data (name, surname, contact details: e-mail address, landline/mobile no., etc.) voluntarily provided by the user through the website, for example by writing to an e-mail address of Gorent S.p.a. and/or by direct contact to request information and cost estimates, and, if appropriate, for the formalisation and execution of a contractual relationship.

For the “Management of Clients and Suppliers”, the company processes the aforementioned data for the following purposes:

– the carrying out of all kinds of precontractual activity, such as the sending of cost estimates;

–  the formalisation, management and execution of purchase orders and/or the Services requested.

– billing and payment management;

– dealing with complaints and requests for assistance;

– for any communications (by e-mail, post, SMS, telephone) to the data subject and/or third-party suppliers regarding the provision of the service;

– handling any disputes;

– compliance with accounting and tax obligations;

– compliance with any other obligations deriving from the Contract;

– compliance with any other legal obligations or obligation deriving from any Court Orders or from any other Authority.

– storing of information for records or statistical purposes, in the interest of the company’s business.

– Newsletters and Direct Marketing

The data provided by the User may be employed for the sending – by newsletter, e-mail and/or post – of promotional information regarding projects and services offered by the Data Controller, as well as invitations to events organised by the Data Controller or by third parties.

The processing operations conducted for these purposes may be carried out exclusively with the specific consent of the user, which may be withdrawn at any time. Subscriptions to the newsletter may also be cancelled at any time, using the dedicated link present in each promotional message you receive, or by contacting the Data Controller.

Considering the business carried out by the company, please note that the aforementioned processing operations will be carried out by the persons respectively responsible in the pertinent sector, i.e. by the Vehicle Hire Office, the Used Vehicle Sales Office, the Assistance Service, the Purchasing Office, the Back Office, the Customer Care Service and the Administration Office.

The Data Processor and the Data Controller undertake to guarantee that the data of the data subjects will be processed solely for the purpose declared and only for the part strictly necessary. They also undertake, to the extent reasonably possible, to edit and correct any data that subsequently differ from the data originally provided, to keep data updated and delete any data that are not required for the processing operations declared.

LAWFULNESS CRITERIA OF THE PROCESSING  

With the exception of processing for “Newsletters and Direct Marketing”, for which the specific consent of the data subject is required, the other processing operations referred to in this disclosure are carried out in order to:

– comply with contractual obligations;

– comply with legal obligations, i.e. any obligations deriving from the law, EU regulations, orders and dispositions of the competent authorities, with particular reference to obligations of an administrative, accounting and fiscal nature, and any other measures necessary to carry out the necessary advertising formalities regarding the means processed by the Data Controller on the Registers and before the competent authorities;

– a prevailing legitimate interest of the data controller, pursuant to art. 6, comma 1. letter f), i.e. any processing necessary to pursue the legitimate interest of the data controller or of third parties, provided that the interests or rights and fundamental liberties of the data subject that require the protection of personal data do not prevail, in particular if the data subject is under 18. In the specific case, the reference is to the interest of the Data Controller in dealing with any complaints, disputes, credit recovery and, more generally to the interest of the Data Controller in defending his rights in court.

CATEGORIES OF RECIPIENTS:

The data referred to herein will not be made public, but may be communicated, solely for the purposes listed above, to the following categories of subjects:

– Consultants and self-employed professionals, individually or collectively, who provide consulting services to the company (legal, accounting, fiscal assistance, etc.);

– Banks and credit and/or insurance institutes;

– Institutional bodies (Professional Registers, Courts, etc,);

– Public Entities

– Subjects that manage SaaS services;

– Other Clients/Suppliers/their contact persons.

The data in question may be processed by employees and collaborators of the company specifically entrusted with processing for the purposes set forth n this disclosure. The complete list of Data Processors and External Data Managers is available at the registered office of the Data Controller.

SPECIAL CATEGORIES OF DATA (PURSUANT TO ART. 9 OF THE GDPR)

No processing of special categories of data as indicated in art. 9 of the GDPR is contemplated.

DURATION OF PROCESSING 

The processing of data for the purposes set forth in this disclosure will be carried out for the time strictly necessary to respond to the user’s request.

In any case, the Personal Data collected for processing for the “Management of Relations with Clients and Suppliers” will be stored for a period of ten years from the end of the relationship, in order to allow the Data Controller to comply with any legal, fiscal and accounting obligations that may continue subsequent to the end of the relationship.

It is understood that in such cases, the Data Controller will retain only the data necessary to comply with said obligations.

PROFILING

No automated processes or processing for profiling purposes is contemplated.

TRANSFER OF DATA:

Your data will not be transferred to countries outside the EU.

DATA CONTROLLER

The Data Controller is Gorent S.p.a., with offices in Florence, Via F. Fanfani 111/a, Tax identification/VAT number: 08605630014. The Data Controller may be contacted at: eco@gorent.it.

RIGHTS OF DATA SUBJECTS

You may exercise the following rights at any time:

– access to personal data

– obtain the rectification or deletion of your data or restrictions on the processing regarding them;

– object to their processing

– data portability

– withdrawal of consent, where provided for: withdrawal of consent has no impact on the lawfulness of processing based on the consent given prior to withdrawal;

– file claims with the supervisory body (Italian Data Protection Authority, Piazza di Monte Citorio, 121 00186 Rome).

Gorent S.p.a.