January 2021

BSERVICE-ENG SRL believe that protecting the security and privacy of your personal data is important.

This Privacy Notice explains how we collect, store, use, disclose and transfer (hereinafter “process”) your personal data. The personal data that we collect about you depends on the context of your interactions with us, the products. services and features that you use, your location, and applicable law.

1. Processing of personal data related to your use of our websites, applications and online services

Categories of personal data processed, purpose of the processing 

When visiting our websites or using our applications, or online services (each an “Online Offering”), we process information which you have actively and voluntarily provided about yourself, or which has been generated by us in connection with your use of the Online Offerings, and includes the following categories of personal data:

  • Your contact information, including name, e-mail address, telephone number;
  • Further personal data that you provide by filling in forms in our Online Offerings;
  • Information submitted as part of a support request, survey or comment or forum post;
  • Information on your interaction with the Online Offering, including your device and user identifier, information on your operating system, sites and services accessed during your visit, the date and time of each visitor request.

We process your personal data for the following purposes:

  • To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings;
  • To bill your use of the Online Offering;
  • To verify your identity;
  • To answer and fulfill your requests or instructions;
  • To process your order or to provide you with access to specific information or offers;
  • To contact you with information and offers concerning our products and services, to send you further marketing information or to contact you in the context of customer satisfaction surveys as explained in Section 3;
  • As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems.

 

Online Offerings provided by your organization

Our Online Offerings may be provided to you for your use by the organization to which you belong, such as our enterprise customers. If your organization provides you with access to an Online Offering, our processing of personal data provided by or collected from you or your organization in connection with the Online Offering’s content is performed under the direction of your organization and is subject to a data processing agreement between your organization and us. In such instance, your organization is responsible for any personal data contained in such content and you should direct any questions about how personal data contained in such content is used to your organization.

 

Links to other websites

This Privacy Notice applies only to Online Offerings that link to this Privacy Notice and not to other websites or applications of our affiliates that have their own Privacy Notice or which are operated by third parties. This Privacy Notice also does not apply in situations where we only process information on behalf of our Business Partners, e.g., when we act as a web hosting or cloud provider.  We may provide links to other websites and applications which we believe may be of interest to you. We are not responsible for the privacy practices of such other websites or applications.

2. Processing of Personal data related to your business relationship with us

Categories of personal data processed and purpose of the processing 

In the context of the business relationship with us, we may process the following categories of personal data of consumers and contact persons at (prospective) customers, suppliers, vendors and partners (each a “Business Partner”):

  • Contact information, such as full name, job position, work address, work telephone number, work mobile phone number, work fax number and work email address;
  • Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
  • Further information necessarily processed in a project or contractual relationship with us or voluntarily provided by the Business Partner, such as personal data relating to orders placed, payments made, requests, and project milestones;
  • Personal data collected from publicly available resources, integrity data bases and credit agencies; and
  • If legally required for Business Partner compliance screenings: date of birth, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings against Business Partners.

We may process the personal data for the following purposes:

  • Communicating with Business Partners about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about purchased products;
  • Planning, performing and managing the (contractual) relationship with Business Partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
  • Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events;
  • Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 3;
  • Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
  • Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards;
  • Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.

3. Processing of personal data for customer satisfaction surveys and for direct marketing

Where and as permitted under applicable law, we may process your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys, in each case also by e-mail. You may object to the processing of your contact data for these  purposes at any time by writing to info@bservice-eng.it or by using the opt-out mechanism provided in the respective communication you received.

4. Transfer and disclosure of personal data

We may transfer your personal data to:
  • other affiliated companies or third parties – e.g. sales partners or suppliers – in connection with your use of the Online Offerings or our business relationship with you;
  • third parties which provide IT services to us and which process such data only for the purpose of such services (e.g., hosting or IT maintenance and support services);
  • third parties in connection with complying with legal obligations or establishing, exercising or defending rights or claims (e.g., for court and arbitration proceedings, to law enforcement authorities and regulators, to attorneys and consultants).

Personal data published by you on Online Offerings (such as chat rooms or forums) may be globally accessible to other registered user of the respective Online Offering.

5. Retention Periods

Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary (i) for the purposes for which they were collected or otherwise processed, or (ii) to comply with legal obligations (such as retention obligations under tax or commercial laws).

6. Your rights

The data protection laws in the jurisdiction in which you reside may entitle you to specific rights in relation to your personal data.

In particular, and subject to the legal requirements, you may be entitled to

  • Obtain from us confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;
  • Obtain from us the correction of inaccurate personal data concerning you;
  • Obtain from us the erasure of your personal data;
  • Obtain from us restriction of processing regarding your personal data;
  • Data portability concerning personal data, which you actively provided;
  • Object, on grounds relating to your particular situation, to further processing of personal data concerning you.

7. Security

To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical and organizational security measures.

8. Data Privacy Contact

Our Data Privacy Organization provides support with any data privacy related questions, comments, concerns or complaints or in case you wish to exercise any of your data privacy related rights. The Data Privacy Organization may be contacted at: info@bservice-eng.it.

The Data Privacy Organization will always use reasonable efforts to address and settle any requests or complaints you bring to its attention. Besides contacting the Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint.

9. Privacy Policy Statement pursuant to Art. 13 of EU Regulation 679/2016

Dear Users,

we hereby inform you about the methods with which the personal data supplied by you to BSERVICE-ENG S.R.L. (hereinafter also referred to as, “the Company” or “the Data Controller”) and also those concerning your employees/collaborators etc., and/or acquired by third parties will be processed pursuant to EU Regulation 679/2016 (hereinafter also referred to as the “GDPR”), which provide for the protection of persons and other parties in relation to the processing of their personal data[1] (including special categories of personal data pursuant to Art. 9 of the GDPR, including personal data related to criminal convictions or offences pursuant to Art. 10 of GDPR).

On the basis of the applicable regulation, such processing will be based on the principles of correctness, lawfulness, transparency and the protection of your privacy and rights.

Contact details of the Data Controller

The Data Controller is BSERVICE-ENG S.R.L. with registered office in Consorzio il sole/Viale Impero 80038 – Pomigliano D’arco (NA), in the person of its Legal Representative

VAT number:  IT08476861219

Telephone number: +39 08118214570

E- Mail: info@bservice-eng.it

Purposes and methods of processing

The access and processing of your personal data will be granted by the Data Controller to employees who work as Data Processors and any third parties appointed as Data Processors, pursuant to Art. 28 of the GDPR, as described below, under the direct authority and responsibility of the Data Controller, and in any case belonging to the categories referred to in the paragraph “Categories of recipients of personal data” of this statement.

The processing of the data will be carried out to allow the performance of the activities related to the establishment and management of the contractual relationship with the undersigned BSERVICE-ENG S.R.L.

Your personal data will also be used for the purposes related to the fulfilment of contractual and legal obligations related to civil, fiscal and accounting, administrative and accounting management regulations of the relationship.

All the above data will be processed in a lawful manner, according to fairness and with the utmost confidentiality, using electronic and computer instruments, stored and managed in either electronic or paper format, in compliance with the security measures pursuant to Art. 32 of the GDPR.

Furthermore, according to the principle of data minimization, pursuant to Art. 25 of the GDPR, only the data which is adequate, relevant and limited to the minimum necessary for the purposes for which they are processed will be collected.

Existence of an automated decision-making process, including profiling

The Data Controller does not adopt any automated decision-making process, including profiling, pursuant to Art. 22, paragraphs 1 and 4 of the GDPR.

Legal basis for processing

Your personal data may be processed:

  • without your consent, (Articles 6 and 9 of the GDPR) for the following purposes:
  • to fulfil the pre-contractual and contractual obligations resulting from the assignment of any contract, in order to guarantee the correct management of the contractual relationship between you and BSERVICE-ENG S.R.L.;
  • comply with the provisions of laws and regulations (national or EU), or execute an order of judicial authorities or supervisory bodies to which the Data Controller is subject;
  • exercise the legitimate interest of the Data Controller, as well as the related rights such as, for example, that of defence in court;
  • assess your offer and, in particular:
  • assess the suitability of the offer (in technical/economic/financial terms), as well as verifying the existence of all the requirements concerning you identified by the applicable law for the assignment of the Contract;
  • to guarantee the correct management of any contract, where assigned, and the fulfilment of the relative legal obligations;
  • with your consent (Article 7 of the GDPR), for the purposes in relation to which none of the conditions laid down in Articles 6 [lett. from b) to f)] and 9 [lett. from b) to j)] of the GDPR.

It is possible to request any clarification regarding the specific legal basis of each processing using the contact details indicated in the “Contact Details of the Data Controller”.

Categories of personal data processed

In the context of the purposes of the processing highlighted in the previous paragraphs, only personal data relating to, for example, name and surname, Tax ID Code, VAT number, residence, domicile, place of work, email or Certified email address, telephone number and fax, [if applicable] employer company, role and/or company position, etc. shall be processed.

Categories of recipients of personal data

During the processing activities, to pursue the purposes referred to in the previous paragraphs, your personal data may be accessible to:

  • employees and collaborators of the Data Controller, in their capacity as authorised personnel for the processing of data (or “Data Processors”), specially trained on the methods and purposes of the processing;
  • third parties who carry out outsourced activities on behalf of the Data Controller, in their capacity as Data Processors;
  • judicial or supervisory authorities, administrations, public bodies and organizations (national and foreign);
  • other legal entities of the Group, national and international, of which the Data Controller is part.

In particular, among the aforementioned categories of recipients, the following may include, but are not limited to:

  1. public bodies (INPS – National Social Welfare Institute, INAIL – National Insurance Institute for accidents at work, Provincial Labour Office, Tax Offices, etc…);
  2. consultancy companies that collaborate with the Data Controller to fulfil the obligations regarding occupational hygiene and safety;
  3. professionals and/or service companies for the management of suppliers;
  4. business organisations to which the Data Controller adheres;
  5. professionals or service companies for business administration and management who operate on behalf of our company;
  6. professionals or companies that collaborate with the Data Controller for the management of IT services;
  7. professionals or companies that collaborate with the Data Controller for the management of compliance with obligations related to the management of contractual relationships;
  8. other companies of the Group, for administrative reasons and related to the management of the contract/relationship;
  9. insurance companies responsible for the settlement of claims;
  10. companies specializing in debt collection.

It should be noted that the Data Controller will ensure that the communication of your data to the aforementioned figures relates only to the data necessary to achieve the specific purposes for which they are intended.

Furthermore, as part of the execution of company activities, for some of the purposes described above, your data may be subject to transfer abroad, even in non-EU countries. The transfer shall take place in accordance with the provisions of Chapter V, GDPR (Articles 45 – 50) and will not, however, be the subject of communication and dissemination without your express consent, with the exception of communications necessary to comply, for example, with legal obligations, as well as to ensure the correct execution of a contract of which the Data Subject is a party or the execution of pre-contractual measures adopted at the request of the same.

Archiving methods

Your data will be stored both in electronic and paper format, according to the rules of ordinary diligence, implementing the necessary security measures pursuant to Art. 32 of the GDPR, in order to minimize the risk of unauthorized access.

According to the principle of data minimization, pursuant to Art. 25 of the GDPR, the data, if no longer strictly necessary to pursue the purposes for which they were collected, will be duly canceled; in addition, the Data Controller may be required to retain them for a longer period in compliance with a legal obligation and/or by order of a Judicial Authority.

Rights of the Data Subject

 We remind you that you may exercise your rights at any time, pursuant to Articles 7, from 15 to 21 of the GDPR. In particular, you may request:

  • Right of access – To obtain confirmation of whether or not your personal data are being processed and, if so, to receive information regarding, among others: the purpose of the processing, the categories of personal data processed and the retention period, recipients to whom these may be communicated (Article 15 of the GDPR);
  • Right of rectification – To obtain, without undue delay, the correction of inaccurate personal data concerning you, as well as the integration of incomplete personal data (Article 16 of the GDPR);
  • Right to erasure – To obtain, without undue delay, the erasure of personal data concerning you, in the cases provided for by the GDPR (Article 17 of the GDPR);
  • Right to the restriction of processing – To obtain the restriction of processing, in the cases provided for by the GDPR (Article 18 of the GDPR);
  • Right to data portability – To receive the personal data concerning you in a structured format, in common use and readable by an automatic device, and to have the data transferred to another Data Controller without hindrance, in the cases provided for by the GDPR (Article 20 of the GDPR);
  • Right to object – To object to the processing of personal data concerning you, unless there are legitimate reasons for continuing the processing (Article 21 of the GDPR);
  • Right to file a complaint to the competent supervisory authority – To file a complaint to the Data Protection Authority, Piazza di Montecitorio no. 121, 00186, Rome (RM);
  • Right to withdraw consent – To withdraw your consent to processing at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal (Article 7 of the GDPR).

The Data Subject may exercise these rights by sending a request to the following address info@bservice-eng.it

Mandatory nature of data provision and the consequences of refusal

The data requested are strictly necessary for the execution of the contract and the failure to communicate one or more data could compromise the execution and correct management of the relative contractual relationship.

[1] Art. 4, no. 1 of the GDPR: «personal data»: any information relating to an identified or identifiable natural person («Data Subject»); an identifiable natural person is an individual who can be identified, directly or indirectly, through an identifier such as a name, an identification number, location data, an online identifier or through one or more characteristic features of his or her physical, physiological, genetic, psychic, economic, cultural or social identity;