Privacy Policy

Information to customers

This information is given to customers, whether they are natural persons or natural persons who operate in the name and on behalf of clients legal entities, of CAPITOL SRL, pursuant to art. 13 d. lgs. June 30, 2003 No. 196 – “Code regarding the protection of personal data” and art. 13 GDPR 679/2016 – “European regulation on the protection of personal data”.
Identity of the Owner
The Data Controller of the data of natural persons clients, or of the natural persons operating in the name and on behalf of clients, legal entities, is CAPITOL SRL based in VIALE MONZA, 355 – 20126 MILANO (MI).
The DPO has not been designated.
Data source
The personal data processed are those provided by the interested party on the occasion of:
– visits to the offices;
– interactions through the website;
– requests for information, including by e-mail;
– previous transactions.
Purpose of the treatment
Tax compliance, organizational management and bureaucratic fulfillment of the requested services. Management of negotiations and pre-contractual and post-contractual relationships.
Finally, all personal data of the aforementioned interested parties will be included in the Data Controller’s archives and used (having regard to Article 130 paragraph 4 of Legislative Decree 196/2003 and also considering the General Provision of the Guarantor GU 1 July 2008 No. 188 / C, formulation 6, points a, b, c) for sending communications concerning products, services, news and promotions.
Legal basis
The legal basis consists of the execution of a contract of which the person concerned is a party or of the implementation of pre-contractual measures taken at the request of the person concerned. Some treatments are carried out for the legitimate interest of the owner (promotion of their commercial activities and pursuit of the statutory purposes).
Recipients of the data
The personal data processed by the Data Controller will not be disclosed, or will not be disclosed to indeterminate subjects, in any possible form, including that of their availability or simple consultation. Instead, they may be communicated to workers who work for the Data Controller and to some external subjects who collaborate with them. They can also be communicated, to the extent strictly necessary, to persons who for the purpose of evasion of purchases or other requests or services related to the transaction or the contractual relationship with the Owner, must provide goods and / or perform services or services. Finally, it may be communicated to the persons entitled to access it under the provisions of the law, regulations, and community regulations. In particular, based on the roles and tasks performed, some workers have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given to them by the Owner.
Data transfer
The Data Controller does not transfer personal data to third countries or to international organizations. However, it reserves the right to use cloud services; in which case, the service providers will be selected among those who provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Data Controller retains and processes personal data for the time necessary to fulfill the purposes indicated. Subsequently, personal data will be stored, and not further processed, for the time established by the current provisions on civil and fiscal matters.
Rights of the interested party
With reference to art. 7 of Legislative Decree 196/2003 and Articles 15 – right of access, 16 – right of rectification, 17 – right to cancellation, 18 – right to limitation of treatment, 20 – right to portability, 21 – right of opposition, 22 right to oppose the automated decision-making process of GDPR 679 / 16, the interested party exercises his rights by writing to the Data Controller at the address above, or by email, specifying the subject of his request, the right that he intends to exercise and attaching a photocopy of an identity document attesting the legitimacy of the request.
Withdrawal of consent
With reference to art. 23 of Legislative Decree no. 196/2003 and art. 6 of GDPR 679/16, the interested party can revoke any consent given at any time. However, the processing subject of this information is lawful and permitted, even without consent, as necessary for the execution of a contract of which the interested party is part (the supply relationship) or to the evasion of his requests.
Complaint proposal
The data subject has the right to lodge a complaint with the supervisory authority of the state of residence.
Refusal to provide data
Clients who are natural persons can not refuse to give the Data Controller the personal data necessary to comply with the laws that regulate commercial transactions and taxation. The provision of further personal data may be necessary to improve the quality and efficiency of the transaction. Therefore, the refusal to provide the data required by law will prevent the fulfillment of orders; while the provision of additional data may compromise all or part of the processing of other requests and the quality and efficiency of the transaction.
Persons working in the name and on behalf of clients, legal entities may refuse to give the Data Controller their personal data. The provision of personal data is however necessary for a correct and efficient management of the contractual relationship. Therefore, any refusal to provide the data may compromise the contractual relationship in whole or in part.
Automated decision-making processes
The Data Controller does not carry out processing that consists of automated decision-making processes on the data of natural persons clients, or of natural persons acting in the name and on behalf of clients, legal entities.
Supplier information
This information is given to natural persons who work in the name and on behalf of the suppliers of the company CAPITOL SRL pursuant to art. 13 d. lgs. June 30, 2003 No. 196 – “Code regarding the protection of personal data” and art. 13 GDPR 679/16 – “European regulation on the protection of personal data”.
Identity of the Owner
The Data Controller of the data of natural persons clients, or of the natural persons operating in the name and on behalf of clients, legal entities, is CAPITOL SRL based in VIALE MONZA, 355 – 20126 MILANO (MI).
The DPO has not been designated.
Data source
The personal data processed are those provided by the interested party on the occasion of:
• visits or phone calls;
• direct contacts for participation in exhibitions, exhibitions, etc .;
• proposition of offers;
• transmissions and transactions subsequent to the order.
Purpose of the treatment
Personal data of natural persons working in the name and on behalf of suppliers are processed for:
• forwarding communications of various kinds and with different means of communication (telephone, mobile phone, text message, e-mail, fax, paper mail);
• make requests or process requests received;
• exchange information aimed at the execution of the contractual relationship, including pre and post contractual activities.
Legal basis
Processing is necessary for the performance of a contract for which each supplier is a party or for the execution of pre-contractual measures taken at the request of the supplier.
Recipients of the data
The personal data processed by the Data Controller will not be disclosed, or will not be disclosed to indeterminate subjects, in any possible form, including that of their availability or simple consultation. Instead, they may be communicated to the Workers of the Owner and to some external subjects who collaborate with them. They may also be communicated, to the extent strictly necessary, to parties who for the purpose of issuing our orders or requests for information and quotes must provide goods and / or perform services or services on our behalf. Finally, it may be communicated to the persons entitled to access it under
the provisions of the law, regulations, and community regulations. In particular, based on the roles and tasks performed, some workers have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given to them by the Owner.
Data transfer
The Data Controller does not transfer personal data to third countries or to international organizations. However, it reserves the right to use cloud services; in which case, the service providers will be selected among those who provide adequate guarantees, as required by art. 46 GDPR 679/16.
Data retention
The Data Controller retains and processes personal data for the time necessary to fulfill the purposes indicated. Subsequently, personal data will be stored, and not further processed, for the time established by the current provisions on civil and fiscal matters.
Rights of the interested party
With reference to art. 7 of Legislative Decree 196/2003 and Articles 15 – right of access, 16 – right of rectification, 17 – right of cancellation, 18 – right to limitation of treatment, 20 – right to portability, 21 – right of opposition, 22 – right to oppose the automated decision-making process of GDPR 679 / 16, the interested party exercises his rights by writing to the Data Controller at the address above, or by email, specifying the subject of his request, the right that he intends to exercise and attaching a photocopy of an identity document attesting the legitimacy of the request.
Withdrawal of consent
With reference to art. 23 of Legislative Decree no. 196/2003 and art. 6 of GDPR 679/16, the interested party can revoke any consent given at any time.
However, the processing of this information is lawful and permissible, even without consent, as it is necessary for the execution of a contract of which the data subject is part (the supply relationship of products and services).
Complaint proposal
The data subject has the right to lodge a complaint with the supervisory authority of the receiving State
Refusal to provide data
The interested party can refuse to give the owner his personal data.
The provision of personal data is however necessary for a correct and efficient management of the contractual relationship. Therefore, any refusal to provide the data may compromise the contractual relationship in whole or in part.
Automated decision-making processes
The Data Controller does not process treatments consisting of automated decision-making processes