PRIVACY INFORMATION FOR CUSTOMERS AND SUPPLIERS DATA CONTROLLER

Step Cosmetici Srl
Via Fratelli Bandiera, 48/b 29015 Castel San Giovanni
Privacy information draw up pursuant to:
European Privacy Law
EU. REG 2016/679
GDPR, ART.13

GENERAL INFORMATION
We inform Customers and Suppliers (below also data subject ex. Art. 4, para. 1 of the GDPR) of the following general profiles, which are valid for all areas of the processing:
• All data are processed in compliance with current Privacy laws (EU Reg. 2016/679 and D.Lgs. 196/2003, as modified and integrated by D.Lgs .101/2018);
• all data are processed in a lawful, correct and transparent manner in relation to the data subject, in compliance with the general principles established by Art. 5 of the GDPR;
• specific security measures are implemented to prevent data loss, illicit or improper use, and unauthorized access (GDPR, Art.32).

DATA CONTROLLER AND ITS CONTACTS:
the Data Controller is the undersigned Company (in the person of its pro-tempore legal representative) who can be contacted for any request regarding Privacy or to exercise the rights listed below, at the following phone number or email address:

Contact details
Step Cosmetici Srl
Phone: 0523-882276 – Email: info@stepcosmetici.com

DATA SUBJECT’S RIGHTS
• Right to request the presence and access to personal data concerning him (Art.15 “Right of access”)
• Right to obtein the correction/integration of inaccurate or incomplete data (Art.16 “Right to rectification”)
• Right to obtain, if justified reasons exist, the cancellation of data (Art.17 “Right of erasure”)
• Right to obtain the limitation of treatment (Art.18 “Right to restriction of processing”)
• Right to receive data concerning him in a structured format (Art.20 “Right of Data Portability”)
• Right to object to processing and automated decision-making, including profiling (Art.21, 22)
• Right to revoke a previously given consent;
• Right to file a complaint with the Data Protection Authority in the event of non-response

OBJECT OF THE PROCESSING
Step Cosmetici Srl processes personal identifying data of customers / suppliers (for example, name, surname, company name, personal/fiscal data, address, telephone no., e-mail, bank references and payment details) and of their eventual operational contact persons (name, surname and contact details) acquired and used in the context of the supply of the products/services provided.

PURPOSE AND LEGAL BASIS OF THE PROCESSING
Data are processed for:
• concluding contractual/professional relationships and provision of services;
• fulfilling the pre-contractual, contractual and fiscal obligations deriving from existing relations, as well as managing the necessary communications associated with them;
• fulfilling the obligations envisaged by the law, by a regulation, by Community legislation, or by an order of the Authorities;
• exercising legitimate interests and rights of the Data Controller (for example: the right to defence in court, the protection of credit positions; ordinary internal needs of operational, managerial and accounting natures).
Failure to provide the aforementioned data will make it impossible to establish relations with the Data Controller. The aforementioned purposes, pursuant to Art. 6, paragraphs b, c, and f, represent suitable legal bases for the lawfulness of the processing. In the event that it is intended to process data for other purposes (for example marketing communications, photo/ video content production etc.), a specific consent will be requested to the data subject.

METHODS OF PROCESSING AND STORAGE TIME
The processing of personal data is carried out by means of the operations indicated in Art. 4 para. 2) GDPR, more precisely: the collection, recording, organizing, storage, consultation, processing, modification, selection, retrieval, comparison, use, interconnection, blocking, dissemination, cancellation and destruction of the data. Personal data are subjected to both paper and electronic and/or automated processing. The Data Controller shall process the personal data for the time necessary to fulfil the purposes for which they were collected and for any related legal obligations.

SCOPE OF PROCESSING
The data are processed by internal subjects who are properly authorized and trained in accordance with Art. 29 of the GDPR. It is also possible to request the scope of communication of personal data, obtaining precise indications regarding any external subjects operating in the capacity of independent processing Managers or Controllers (consultants, technicians, banks, hauliers, etc.). The data may be transferred outside the EU in the context of the management of international orders, in compliance with the conditions set out in chapter V of the GDPR, aimed at ensuring that the level of protection of the data subject it’s not prejudiced ( “Art.45 transfer on the basis of an adequacy decision, Art.46 Transfer subject to adequate guarantees, Art. 47 Binding corporate rules, Art.49 specific exceptions”). The data are not subject to automated processes that produce significant consequences for the data subject.