The document herein describes the regulatory principles of the data processing performed by Dondi S.p.a. (with registered office in Ospedalicchio (PG), Viale Europa 94/102, hereinafter also the “Company”), in the capacity of data controller.
The data acquired by Dondi S.p.a. for the purposes of performing the services provided, are processed in compliance with the provisions of Regulation (EU) no. 679/2016, “relating to the protection of natural persons, with regard to the processing of personal data, and the free movement of personal data, repealing Directive 95/46/EC” (hereinafter the “Regulation” or “GDPR”).
The Data Controller is:
Dondi S.p.a., Viale Europa 94/102, Ospedalicchio (PG), Italy
In order to exercise your rights, as specified in the document herein, you can contact Dondi S.p.a. by sending an email to [email protected] at any time.
The Data Controller appointed a Data Protection Officer who, having specialist knowledge of the legislation and practices in relation to data protection, is able to perform the tasks referred to in art. 39 of the Reg. (EU) 679/2016 and may be contacted at the following e-mail address [email protected]
1) Data undergoing processing
Processing operations may involve:
- personal data (name, surname, address, date and place of birth, cv)
- contact data (e-mail and telephone number)
- customer data, supplier data, employee data, candidate data, business data acquired in performing business activities
- personal data collected through registration on the website, or at trade fairs and events, used for marketing purposes only upon express prior consent of the data subject.
2) Purposes of the processing for which the data are intended (art. 24 letter a, b, c Privacy Code and art. 6 letter b, e GDPR)
Data shall be processed for the purposes specified – from time to time – in the appropriate disclosure provided before access to any service.
Specifically, the personal data (Data) collected may be processed for the following purposes:
a) to execute a specific request from the user, supplier or customer by providing the requested service;
b) to allow the Company to carry out surveys aimed at improving the quality of the products and services provided, by virtue of the legitimate interest of the Company (“Customer Satisfaction”);
c) with the prior consent of the data subject, to send commercial and/or promotional communications on the Company’s products and services, as well as to carry out market research (“Marketing”);
d) to improve the experience of the user on the Company’s websites.
The Data may be processed using paper-based, automated or electronic methods and, in particular, by surface mail or email, telephone, fax and any other IT channel
3) Methods of data processing (art. 4 of the Privacy Code and art. 5 GDPR)
Personal data shall be processed, also with the aid of IT tools, in compliance with the methods laid down in the GDPR which, among other things, envisages that said data are:
- processed according to the principles of lawfulness, transparency and fairness;
- collected for specified, explicit and legitimate purposes (“purpose limitation”);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
- accurate and kept up to date (“accuracy”);
- stored for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (“integrity and confidentiality”).
Personal data are retained for the time necessary for the agreed contractual obligations and, in any case, for the purposes of keeping accounting records and in order to defend against any disputes arising.
When data are processed for marketing purposes, Dondi S.p.a. shall process the personal data for no longer than 36 months from consent to the processing, and such consent may be withdrawn at any time without prejudice to the lawfulness of the processing carried out before such withdrawal.
4) Legal basis
The legal basis of the processing performed is the fulfilment of contractual obligations, pre-contractual and legal measures for the purposes of managing the contract agreed with the customer to implement the specific project.
5) Transfer and/or disclosure of data
The processed data may be disclosed to other companies of the group.
In the context of the Company’s contractual relations, the Data may be transferred outside the European Economic Area (EEA), also by being included in databases managed by third-party companies operating on behalf of the Company. The management of the databases and the processing of the Data are restricted to the purposes for which they were collected and are carried out in strict compliance with the applicable law on the protection of personal data.
Whenever the Data should be transferred outside the EEA, the Company shall take all appropriate contractual measures necessary to guarantee an adequate level of data protection.
6) Rights of the data subject (art. 7 of the Privacy Code and art. 15 – 21 GDPR)
For each service provided, the following rights can be exercised:
- right to access personal data, and to request that such data are made available in an intelligible form, and to know the purposes on which the processing is based (pursuant to art. 15);
- right to obtain rectification (pursuant to art. 16) or erasure (pursuant to art. 17) of such data or restriction of processing (pursuant to art. 18);
- right to obtain data portability (pursuant to art. 20);
- right to object to the processing of data (pursuant to art. 21);
- right to lodge a complaint with the competent supervisory authority.
The aforementioned rights can be claimed by sending requests to the following e-mail address [email protected]
In this respect, we point out that the Data Protection Officer (DPO) appointed by the Company can be contacted at the following e-mail address [email protected]
7) Nature of the provision of data and consequences of any failure to communicate data
The provision of data is necessary for the exact performance of contractual and pre-contractual obligations borne by the Company and any failure to provide them will make it impossible to conclude the maritime freight contract and to exactly fulfil the legal obligations and those arising from the public interest in the protection of safety and security at ports.